Monday, 10 June 2013

Digital-by-default, an open letter to the House of Commons Science and Technology Committee (updated)

Open letter

By email

10 June 2013

Dr Stephen McGinness
Committee Clerk
Science and Technology Committee
6th Floor
14 Tothill Street
House of Commons
London SW1H 9NB


Dear Dr McGinness
Digital by default
I refer to the Committee’s oral evidence session held on 5 June 2013.

1.    May I bring to the Committee’s attention in case they haven’t seen it the draft report written by Professors Brown, McDermid, Sommerville and Witty. In A Perspective on the Government Digital Strategy (GDS): Balancing agility and efficiency inUK Government IT delivery the four professors cast serious doubt on the prospects for digital-by-default being delivered. The Major Projects Authority (MPA) use a red-amber-green traffic light scoring method to represent their verdicts on major projects. The Committee will note that the professors’ verdict on digital-by-default looks like an amber/red or possibly a simple red. Selected quotations from the report are included at the end of this letter.

2.    Digital-by-default is a major project. The MPA haven’t published their verdict on it. May I suggest that if they haven’t done so already the Committee seek out the MPA’s verdict in addition to that of the four professors.

3.    By 18 April 2013 56 MPs had signed an early day motion to debate the fate, under digital-by-default, of people who can’t use the web. Testimony was given at the evidence session suggesting that there are about 16 million such people who risk being excluded by default. Digital-by-default is the responsibility of the Government Digital Service (GDS). On 28 July 2011 GDS launched their assisted digital project to try to resolve this problem: “It is about taking a more proactive approach to getting people online and thereby sharing the benefits available from being online”. 665 days later on 23 May 2013 GDS published Starting the conversation about providing assisted digital support. The Committee may be expected by at least 56 MPs to investigate just how long this proactive conversation is likely to take and what happens to 16 million excluded people in the meantime.

4.    Dr Martyn Thomas gave it as his opinion that the phrase “anonymised research data” is an oxymoron: if data about a person is released and there is enough of that data to be useful, then the person can be identified; if the person can’t be identified, then the data won’t be any use. Mr William Heath gave it as his opinion that users of Mydex could release their data in such a way as to prove some entitlement of theirs without giving away their identity. They can’t both be right. Which of them, if either, is right? May I draw this question to the Committee’s attention.

5.    Dr Thomas gave it as his opinion that the danger of using so-called “identity providers” is that users lose control of their data. Mr Heath gave it as his opinion that the purpose of Mydex (one of the UK’s appointed “identity providers”) is precisely to allow users to keep control of their data. Again, they can’t both be right. May I draw the Committee’s attention to the question which of them is right, if either.

6.    Dr Thomas gave it as his opinion that the way to maintain standards in digital-by-default is to make the “identity providers” and others pay compensation when the system fails. Mr Heath gave it as his opinion that Mydex’s liability is mitigated as the users hold the keys to their Mydex personal data stores themselves. That argument is specious. Lockheed Martin and QinetiQ hold the keys to their data stores but that hasn’t stopped allegedly Chinese hackers from stealing their intellectual property including the designs for fighter jets and remote-controlled bomb disposal robots. Google, Facebook and Yahoo! accountholders hold their own keys but that hasn’t stopped the US National Security Agency (NSA) from obtaining their personal details, allegedly, if the Guardianare to be believed. The Committee took the point that liability causes the retail banks to maintain standards. May I draw the Committee’s attention to the question whether Dr Thomas or Mr Heath is right about the connection between compensation and standards, or neither of them.

7.    When the Committee asked the witnesses why eight “identity providers” are being proposed for the UK instead of the government doing their job Mr Heath gave an answer referring to the rich panoply of data which people use to run their personal lives. The remit of digital-by-default is set out in Martha Lane Fox’s 14 October 2010 letter to Francis Maude, Cabinet Office Minister. Directgov 2010 and beyond: revolution not evolution concerns improvements to the way that public services are delivered. May I draw the Committee’s attention to the question whether advising people how they should run their lives is beyond the scope of digital-by-default. If it isn’t beyond the scope of digital-by-default then the Committee’s enquiry may have to include Dr Stephan Shakespeare’s national data strategyas well, including the work of Professor Nigel Shadbolt at the Open Data Institute (ODI). Professor Shadbolt is not only the chairman of the ODI but also the chairman of the midata programme (para.21) – the distinction between open public sector data (“big data”) and personal information is in danger of being of being lost.

8.    Dr Thomas gave it as his opinion that the Committee could not be told in open session how effective the UK’s cybersecurity measures are. May I draw the Committee’s attention to the question how responsible it is in that case for the administration to lure people into recording every detail about their lives in personal data stores held on the web, in the cloud. That is the idea behind Mydex, and behind the Department for Business Innovation and Skills (BIS) initiative, midata.

9.    Mydex and the Post Office are two of the UK’s eight appointed “identity providers” and were both represented at the evidence session. The other six include Verizon, which allegedly makes the “metadata” of millions of its customers’ mobile phone calls available to the NSA. The Committee may consider it important to take evidence from Verizon at a subsequent session.

10.           Deploying digital-by-default, as noted, is the job of GDS. They intend to use the single government domain, GOV.UK, to register everyone who uses public services and to manage their cases. GOV.UK is to be hosted in the cloud by a £1,000 company, Skyscape Cloud Services Ltd, under the control of one man, Mr Jeremy Robin Sanders, via another company, Virtual Infrastructure Group Ltd. Skyscape is accredited by the government cloud programme (G-Cloud) to sell its products to central and local government through its on-line shop, CloudStore. Skyscape barely existed a year ago. It now has contracts with GDS, HMRC, the MODand the Home Office. Which means that long-established SMEs with a measurable track record don’t have those contracts. May I draw the Committee’s attention to the question how scientific it is for digital-by-default to be entrusted to an organisation with no track record.

11.           The OECDhave warned against cloud computing: “cloud computing creates security problems in the form of loss of confidentiality if authentication is not robust and loss of service if internet connectivity is unavailable or the supplier is in financial difficulties ...”. So have ENISA, the EU’s Network and Information Security Agency: “[re cloud computing] its adoption should be limited to non-sensitive or non-critical applications and in the context of a defined strategy for cloud adoption which should include a clear exit strategy ...”. Cloud computing is a special case of outsourcing. Any organisation risks losing control of its business when it is outsourced. Are the staff of the contractor and its sub-contractors properly vetted before recruitment? Are proper procedures in place and are they enforced? With cloud computing, the dangers of loss of control are magnified. Data can quickly move to any country in the world, beyond the jurisdiction of English law. May I draw the Committee’s attention to the question how responsible it is of the administration to entrust digital-by-default or any other important national asset to the cloud, where it will be out of control by the authorities and liable to cyberattack and/or to unwarranted scrutiny by foreign strangers via the NSA, the Chinese and others.

12.           GDS have taken on the responsibility for G-Cloud since 1 June 2013. Long before that, 1 March 2012, they claimed responsibility for the Identity Assurance Programme (IDAP). A notice was placed in the Official Journal of the European Union (OJEU) specifying that identity assurance services would be “fully operational” from “spring 2013” for the 21 million claimants who rely on the Department for Work and Pensions (DWP). On 16 January 2013 the IDAP contract was published, repeating the point, this time saying that the service would be “fully operational” by “March 2013”. It wasn’t fully operational then and it still isn’t. IDAP still doesn’t exist. The witnesses at the evidence session were unanimous about identity assurance being essential to digital-by-default. May I draw the Committee’s attention to the question whether there is something wrong with GDS’s software engineering processes which allows an important deadline for 21 million people to be missed without apology or explanation or even acknowledgement.

13.           Dr Thomas gave it as his opinion that it is impossible to measure the quality of most computerised systems and that that will remain the case until systems developers use formalised languages. For background, each statement in a formalised language is a theorem which gives rise to a proof obligation, that obligation is disbursed if a valid argument can be logically constructed to prove the truth of the theorem, in which case development of the system can continue, otherwise it can’t. Martha Lane Fox called for “revolution”. (This emotive language may be forgivable in a salesman but innocent people get injured in revolutions and it is preferable to use the term “innovative”.) Far from being innovative, GDS are using the same so-called “agile” systems development methods as millions of others – methods which require what Dr Thomas called “heroic” amounts of testing and yet you still don’t know at the end whether the system works. May I draw the Committee’s attention to the question whether, instead of conforming to fashion, GDS should be genuinely innovative and start to use formalised languages.

14.           The Committee didn’t elicit much information from the witnesses about the Government Gateway. For over ten years now the Government Gateway has allowed people and businesses to communicate with the government on-line, submitting VAT returns, and so on. It seems to work. It seems to be adequately secure. Users need a different ID for each Gateway service they subscribe to and they may have a different password for each service, too. That is inconvenient. “Identity providers”, according to a DWP press release, “will be required to offer a simplified registration process, minimise the number of usernames and passwords a customer will need to remember and reduce the costs incurred across Government for the management of Identity Assurance”. It is arguable that the adequate security of the Government Gateway is earned by its being inconvenient and that if you take away the inconvenience, then you lose the security, too. May I draw the Committee’s attention to the question whether, if GDS’s replacement for the Government Gateway is made more convenient in this way, it will at the same time lose its adequate security, it will block on-line communication between people, businesses and the government, and it will threaten the administration’s ability to raise revenue and to control state pension payments and welfare.

15.           Also on the subject of the Government Gateway, it has been reportedthat “In the [IDAP] model, the government provides a number of ‘federation hubs’, which provide the data-matching, anonymisation and audit services to support interaction between a market of identity providers (IDPs) and the government departments that will consume identity information”. May I draw the Committee’s attention to the question whether, if the hubs support anonymous use, transactions really can be audited. Contrarywise, if the hubs can be audited, how can users remain anonymous?

16.           The scope of digital-by-default extends to the compilation of the new electoral register which will be used for the 2015 general election. GOV.UKtells us that: “The Electoral Registration and Administration Act has received Royal Assent. The Act allows Individual Electoral Registration to be introduced in 2014 to help tackle electoral fraud and paves the way for online registration from 2014, which will make it more easier [sic] and more convenient for individuals to ensure they are registered to vote”. It is intended that that register should in turn form the basis in future for the national census. GDS have undertaken some of the cross-referencing (para.2.3) between the electoral register and other databases such as the National Insurance Number database designed to ensure that the register is complete and accurate. May I draw the Committee’s attention to the question what connection there is between the new electoral register and IDAP.

Most of these questions have been raised with the Cabinet Office, GDS, the G-Cloud team, BIS, Mydex and others over the past 18 months (e.g. GOV.UK/digital by default – 17 questions for Mr Maude) and remain for the most part unanswered. (HMRC is an honourable exception.) The House of Commons Science and Technology Committee will surely fare better in holding the administration to account.

Extracts from the four professors’ report on the Government Digital Strategy:

... it is not clear how realistic this ideal is ... brevity cannot be an excuse for lack of detail, explanation, and precision ... It is impossible with the detail provided to form any reasonable view of how this key activity will be performed ... there is an urgent need for standards to be developed and agreed ... he had no practical understanding of how to use this strategy to have positive impact on his team’s work; We suspect he is not alone in this view ... The GDS shows no evidence that it is aware or has taken account of the impact of such thinking ... The GDS must avoid falling into the trap of an overly-simplistic response ... Open source solutions are neither free to administer and support, nor are they the most cost-effective answer in all situations ... rapidly changing services will deter the takeup of digital services, not encourage it ... The GDS is remarkably (perhaps alarmingly) silent on the issue of how to coordinate SMEs in project delivery ... We see little discussion of a concrete and practical change management process to support the “digital by default” strategy in the current GDS. We view this as a potentially fatal omission ... the principles on which the current GDS is based centre on too narrow a view of how to attain those benefits, and lack focus on the major adjustment in culture, processes, and technologies that must underpin ... this view is much too simplistic and highly risky ... there is very little detail about how such goals will be achieved, or the broader cultural impact those changes represent ... a lack of consistency in interpretation of how to enact the GDS ... It is not clearly stated in the GDS who is managing the execution process across the 18 UK Government departments to coordinate and assess progress.
Yours sincerely
David Moss

----------

Updated 16:38
Para.7, "Dr Stephan Shakespeare" should be "Mr Stephan Shakespeare", see He's all heart, Shakespeare.

Digital-by-default, an open letter to the House of Commons Science and Technology Committee (updated)

Open letter

By email

10 June 2013

Dr Stephen McGinness
Committee Clerk
Science and Technology Committee
6th Floor
14 Tothill Street
House of Commons
London SW1H 9NB


Dear Dr McGinness
Digital by default
I refer to the Committee’s oral evidence session held on 5 June 2013.

Thursday, 6 June 2013

3 questions about GDS's bailiwick

The Major Projects Authority (MPA) has, as noted, delivered its public verdict on G-Cloud – amber/red.

G-Cloud is the major project designed to reduce government IT costs by outsourcing to cloud service suppliers (Skyscape et al) who currently charge less than the usual suspects, the systems integrators (CapGemini et al).

It's a worrying verdict. This is the MPA's definition of amber/red:
Successful delivery of the project is in doubt, with major risks or issues apparent in a number of key areas. Urgent action is needed to ensure these are addressed, and whether resolution is feasible.
G-Cloud was until 1 June 2013 the responsibility of the G-Cloud team, half a dozen individuals or less, plus the Government Procurement Service.

"Urgent action" was needed, according to the MPA, and urgent action was taken – from that date onwards, responsibility for G-Cloud has moved to the Government Digital Service (GDS).

GDS is responsible for several other major projects, which come under the general heading "digital by default".

We know the verdict of four professors on the chances of digital-by-default being delivered – it is beyond GDS's competence. Amber/red. Or just plain red. When they write "GDS" in the following quotations, the professors mean "government digital strategy", which is written by the Government Digital Service:
... it is not clear how realistic this ideal is ... brevity cannot be an excuse for lack of detail, explanation, and precision ... It is impossible with the detail provided to form any reasonable view of how this key activity will be performed ... there is an urgent need for standards to be developed and agreed ... he had no practical understanding of how to use this strategy to have positive impact on his team’s work; We suspect he is not alone in this view ... The GDS shows no evidence that it is aware or has taken account of the impact of such thinking ... The GDS must avoid falling into the trap of an overly-simplistic response ... Open source solutions are neither free to administer and support, nor are they the most cost-effective answer in all situations ... rapidly changing services will deter the takeup of digital services, not encourage it ... The GDS is remarkably (perhaps alarmingly) silent on the issue of how to coordinate SMEs in project delivery ... We see little discussion of a concrete and practical change management process to support the “digital by default” strategy in the current GDS. We view this as a potentially fatal omission ... the principles on which the current GDS is based centre on too narrow a view of how to attain those benefits, and lack focus on the major adjustment in culture, processes, and technologies that must underpin ... this view is much too simplistic and highly risky ... there is very little detail about how such goals will be achieved, or the broader cultural impact those changes represent ... a lack of consistency in interpretation of how to enact the GDS ... It is not clearly stated in the GDS who is managing the execution process across the 18 UK Government departments to coordinate and assess progress.
But what is the MPA's verdict? Again as noted, we don't know – it hasn't been published.

Which is odd. GDS is part of the Cabinet Office and the Cabinet Office is the custodian of the Coalition government's transparency programme, please see clause 16 in the Coalition programme for government:
16. GOVERNMENT TRANSPARENCY
The Government believes that we need to throw open the doors of public bodies, to enable the public to hold politicians and public bodies to account. We also recognise that this will help to deliver better value for money in public spending, and help us achieve our aim of cutting the record deficit.
GDS's doors remain locked shut.

It doesn't help that the MPA was plucked from the Treasury (where it used to be the Office for Government Commerce) and re-sited in the Cabinet Office.

Three questions:
  • Now that G-Cloud is in GDS's ever-expanding bailiwick, will that be used as an excuse to stop publishing MPA verdicts on it?
  • Would that be an unintended consequence of G-Cloud's move to GDS?
  • Or is it the unstated purpose of the move?

3 questions about GDS's bailiwick

The Major Projects Authority (MPA) has, as noted, delivered its public verdict on G-Cloud – amber/red.

G-Cloud is the major project designed to reduce government IT costs by outsourcing to cloud service suppliers (Skyscape et al) who currently charge less than the usual suspects, the systems integrators (CapGemini et al).

It's a worrying verdict. This is the MPA's definition of amber/red:
Successful delivery of the project is in doubt, with major risks or issues apparent in a number of key areas. Urgent action is needed to ensure these are addressed, and whether resolution is feasible.

Tuesday, 4 June 2013

He's all heart, Shakespeare

Forecasting future benefits is also hard to predict
(Shakespeare)

Stephan Shakespeare, writing in An Independent Review of Public Sector Information, devotes one section to the question who owns public sector information.

In the opening paragraph of the section entitled Ownership (pp.28-33) Shakespeare says: "I think the time is now right to reflect on how the current models of ownership apply in the current context" (p.28).

We know from an earlier post the current result of his current reflections – please see Shakespeare's take on property. He wants to give all public sector information (PSI) to "businesses, especially SMEs". For free. Without charge.

What we're looking for in this section of his review is the reason for Shakespeare's recommended largesse. We're dealing with ownership here. Property law. And we're entitled to some more or less scholarly argument.

----- o O o -----

Shakespeare begins by discussing the data managed by Companies House, the Land Registry, the Met Office and Ordnance Survey. These four together are apparently known as the "Public Data Group" or "PDG" for short.

Take Companies House as an example.

As everyone knows but Shakespeare doesn't mention, at the moment:
  • You pay to set up a new company or you buy an existing company off the shelf.
  • You pay to run the company.
  • You pay to prepare the accounts, following the rules laid down by Companies House, HMRC, the Companies Act and any number of national and international accountancy standards organisations including the OECD.
  • You may pay to have the accounts audited. The auditors are highly trained, regulated by several accountants' institutes and they pay for hugely expensive professional indemnity cover.
  • Or, if you are conversant with section 477 of the Companies Act 2006 and it applies, you pay to hold a general meeting of the members of the company and you try to agree with them to dispense with the audit.
  • You learn how to use iXBRL and you submit your accounts to HMRC and pay your corporation tax, if any, being wary of the GAAR, and you submit them to Companies House and you pay the Companies House fee for making an annual return.
  • You can be fined for making a late return, you can be forced to re-submit your accounts if you make a mistake, you can be fined or banned from being a director if you misbehave and your auditors can be fined or struck off if they misbehave.
By the time your company accounts poke their head through the mist and into the public gaze – anyone can see them if they only pay Companies House £1 for the privilege – they contain a lot of personal information and a lot of people have made a lot of effort and taken a lot of risks and paid a lot of money to get them there. There are a lot of barriers to entry.

Once they are public sector information on the Companies House website, who do the accounts belong to?

Companies House? HMRC? The company? The members/shareholders? The auditors? The accounting institutes? The professional indemnity insurers?

Shakespeare doesn't tell us. We learn nothing from him about ownership.

He makes vague allusions to them belonging to "citizens".

What he is clear about is that this data should belong to "businesses, especially SMEs" who know nothing about the company, have taken no risk, have made no effort and will make no payment for the data even if they could afford to because that would constitute a barrier to entry.

Why does he want to give them the data?

Because, according to Shakespeare, some good may come of it. What good?

Suppose that the PDG charged nothing for public sector information (PSI), Shakespeare says. Then:
As government would no longer need to purchase the PSI itself, the direct loss to the Exchequer on an annual basis is in the order of £143 million ... It seems a straightforward decision to invest £143m to make Trading Fund data widely available is a relatively small price to pay to leverage wider economic benefits far exceeding this by orders of magnitude. (p.30)
He wants to deprive the Exchequer of £143 million p.a. and expropriate the citizens' data in order to "leverage wider economic benefits far exceeding this by orders of magnitude". What "wider economic benefits"? No idea. How many "orders of magnitude"? No idea. When? No idea.

And yet he calls it a "straightforward decision". It's not a decision at all, is it. It's a straightforward hunch. A mere guess. An unsupported hypothesis. Feckless optimism.
The reforms that I have suggested should not result in an unjustifiably high cost to Government but putting a price on that is for Government to do. (p.30)
That may be how they do things at YouGov, Shakespeare's company.

Someone proposes an investment, Shakespeare asks the finance director if YouGov can afford it, the finance director says, "yes, we should be able to" and that's considered an adequate answer. Governments can't be quite so cavalier. They're dealing with public money.

And what's all this about "putting a price on that is for Government to do"? Isn't it for Shakespeare to do? Isn't that why he's been asked to perform his review? If he can't "put a price on that", how can he make his case? He can't.

He even tells us why he can't do his review job:
Forecasting future benefits is also hard to predict. How businesses and individuals might use datasets in the future to generate new products and services and by implication impact economic growth, is equally unknown. (p.30)
It's too difficult to do his job of forecasting. The uses to which "businesses, especially SMEs" might put public sector information are necessarily unknown. What "new products and services"? No idea. How will they "impact economic growth"? No idea.

But in that case, what justification is there for Shakespeare stating that the impact will exceed £143 million "by orders of magnitude"? None. 143 million times, none.

Shakespeare wants to change the "funding model" of the Public Data Group.

Why?
The data revolution is moving rapidly, and faster than government structures are reacting to that change. (p.29)
What data revolution? He doesn't tell us. Apart from Shakespeare, who says that "government structures are reacting to that change" too slowly? Why is it the right reaction to abandon agreed custom and give public sector information away for free?

The questions go on and on and never once does Shakespeare have an answer.
My conclusion is that to quantify the costs and benefits precisely from outside Government is difficult due to the many complexities, however, I think there is sufficient evidence to support the theory that the benefits far outweigh the costs to releasing, firstly data from the Trading Funds and secondly, PSI across the public sector.
The Shakespeare review provides "sufficient evidence" because Shakespeare thinks it provides sufficient evidence. This is the world of make-believe, not the world of public administration.

You may or may not agree. Tell us what you think. Please complete the poll at the top right of this web page. (Poll now closed. Results here.)

----- o O o -----

Shakespeare defines "public sector information"/"open data"/"big data" on p.8. We know what he's talking about:
PSI covers the wide range of information that public sector bodies collect, produce, reproduce and disseminate in many areas of activity while accomplishing their public tasks.
On p.31 he starts talking about something quite different – private sector data:
Almost all of my review is focused on increasing the availability of PSI, but there are also opportunities from opening up private sector data.
Then he stops again:
It also opened up discussions on who actually owns the data but I won’t go into that further now.
"I won't go into that now"? What's going on? If he doesn't want to go into the matter, why does he raise it in the first place? If he wants to talk about "who actually owns the data", what better place than the section on ownership in his review?

The answer is that he's warning everyone that his plans do not stop at public sector information. He wants his National Data Strategy to include private sector information as well. Including your personal data. He says:
There have been real transformational benefits from initiatives such as Midata where consumers now have access to their own information collected on them by retailers and others. That is a huge step in really empowering consumers to take decisions based on data that they themselves have generated. I'm sure that Tesco didn't design their loyalty card scheme with open data in mind but this has been a truly groundbreaking step in access to private sector collected information.
We know that that's false.

Long before midata was thought of by the Department for Business Innovation and Skills (BIS) or, possibly, the Government Digital Service (GDS), banks gave us bank statements, telephone companies gave us itemised bills, retailers gave us invoices, etc ...

midata is a false prospectus.

Like Shakespeare and his PSI, midata promises great benefits without ever being able to explain what they are – it's the South Sea Bubble all over again.

And like Shakespeare and his PSI, the man in charge at midata is Professor Nigel Shadbolt, please see midata – a machine for turning personal data into open data.

The PSI people have an unfounded belief that they know how to grow the economy. And the midata people have a megalomaniac belief in addition that they know how to run your life better than you do.

You have been warned. By Shakespeare. The revolution is coming.

----- o O o -----

Innocent people get badly hurt in revolutions. It is conventional to apologise for that. Some contrition is normally expressed for all the eggs that had to be broken to make the omelette.

But not old Shakespeare:
Those currently deterred by charges would benefit from reforms and conversely, organisations who are at an advantage in using their own proprietary information for commercial advantage, might find their competitive advantage diluted if more PSI is released. But in dynamic markets this happens all the time and is a stimulus for innovation and so business should embrace the change. (p.31)
Embrace the change.

His message to the 40,000+ public servants who will be laid off if GDS ever manage to get digital-by-default up and running? Embrace the change.

British steel plants shut down? Embrace the change.

Coal mines shut down? Embrace the change.

Upper Clyde shipbuilding shut down? Embrace the change.

He's all heart, Shakespeare.

----------

Updated 5.6.13 14:24
Rather pleasingly, the real Shakespeare – William, not Stephan – is now following DMossEsq on Twitter. He reminds us all of a relevant passage from As You Like It:
CELIA ... not a word?
ROSALIND Not one to throw at a dog.
CELIA No, thy words are too precious to be cast away upon
curs; throw some of them at me; come, lame me with reasons ...
Come, Stephan, lame the lot of us with some reasons to believe that it's worth giving PSI away for free.


Updated 18.12.15


It's 2½ years since the post above was written. What progress? How goes the revolution? What changes are there to embrace? Where is Professor Sir Nigel Shadbolt's explosion of innovation? Thanks to Stephan Shakespeare, is it Christmas for the UK economy every day?

Let's take a look at Companies House, one of the four members of the Public Data Group, please see above.

And let's take a look specifically at the Find company information facility on the Companies House website.

Companies House have decided to stop charging anyone to see the returns filed by companies. It should be quick and easy to make that change, shouldn't it. You just cut out the charging processes in the computer system. But that's not how Companies House have tackled the job.

No, too quick and easy, instead they have created a new test/beta website, on which you can see these returns for nothing, unlike their current/old/live website, where you have to pay £1 to see each return.

Why did they do that? Why did they choose the harder option? This way, they have to maintain two websites instead of one. The new website lags behind the old one, it's still trying to catch up with the facilities already available in the old one. What's the point?

The answer seems to be, on inspection, that the new website includes facilities to investigate people. You can investigate companies on the new website, just as you can on the old one, but now it's much easier to see, for example, what other companies Stephan Shakespeare is a director of:
Stephan SHAKESPEARE - Personal Appointments (free information from Companies House) page #1 of 5
What innovative ideas have resulted from this revolutionary progress? None, so far as is known. Benefit to the economy? Ditto. "It's early days", you may say. But if not now, then when do we see the benefits? Never?

The effect of Companies House introducing their new website is slightly intrusive. Their response is to remove the day of the month from Mr Shakespeare's birthday which is given in the example above as April 1957.

"Well done, Companies House", you may say, "how courteous and sensitive". Your admiration is misplaced. Take a look at the YouGov annual return to 31 July 2014, for example, which you can do quickly and for free, and there's his full birthday. And several other peoples'.

The new website is more intrusive but at least the data is free. Except that it's not. Obviously taxpayers are having to pay Companies House to create this new website as well as maintain the old one. But that's not all. Here's a page from the YouGov filing history on the new website:

YOUGOV PLC - Filing history (free information from Companies House)

Companies House want you to pay £3 for that resolution to remove pre-emption rights. And you have to ring them for the privilege. Whereas, oddly enough, you can get it for £1 without making a telephone call, digital by default, from the old website:

"Forecasting future benefits is also hard to predict", as Mr Shakespeare so rightly says.


Updated 22.1.16

Companies House understand that they have made a mistake by publishing so much personal information for free on their proposed new website. That's why Our register: advice on protecting your personal information appeared on their blog yesterday. Anyone reading it will realise that it doesn't correct the mistake.

The following comment has been submitted. Let's see if it is published and if it elicits any sense from Companies House:
David Moss
Your comment is awaiting moderation.
Suppressing the day of the date of birth of any specified officer of a company on the new appointments query is the flimsiest of fig leaves – the full birthday is readily available for free in the annual return.
How does that fig leaf protect anyone's personal information? It doesn't.
The home addresses of the officers of a company may be hidden in future, but earlier returns are still there on the web, often complete with home addresses.
There was some protection for personal information when people had to pay £1 for each document and when it took some time to download and read them. That protection has been weakened considerably now that the results are available instantly and for free.
The reason for this change seems to be that making everything open and removing any barriers to entry will promote innovation and expand the economy. There is no sign of any such innovation.
As a matter of interest, are you the Ian Gronland at 97 Andersons, Stanford-Le-Hope, Essex, United Kingdom, SS17 7JD or the one at 23 Highfield Gardens, Grays, Essex, RM16 2NT or the one at 9 Riverview Flats, London Road, Purfleet, Essex, RM19 1SL?
Link to this comment
Updated 25.1.16

The comment immediately above hasn't been published on the Companies House website and there has been no response.

You may think that it shouldn't be published. It includes the postal addresses of one, two or three Ian Gronlands. Those should not be published free for all to see without the owners' permission.

But that isn't an argument Companies House can use. They are the ones publishing the Ian Gronland addresses and the addresses of hundreds of thousands of other directors and company secretaries. If it's wrong to publish the DMossEsq comment, it's wrong pari passu to publish the free-for-all-to-see beta version of the Companies House website without Gronland permission.

You may alternatively think that the DMossEsq comment hasn't been published because, in the event, there has been no avalanche of innovation inspired by the new Companies House website.

If opening up all this personal information hasn't allowed the UK to "leverage wider economic benefits far exceeding [£143 million] by orders of magnitude" as promised by Shakespeare, please see above, then creating this new Companies House website is a waste of time and money.


Updated 27.1.16

The eccentrics at Companies House
consider that fines
don't deter inconsiderate parking

Companies House have now published the comment above and responded as follows:
Esme Turner
Companies House does not consider that information is more readily available as the result of the removal of the £1 fee to access it. We do not consider that a fee of £1 would deter anyone who wants to access a piece of information. The decision to redact day of birth information from our data systems and to alter the design of forms so that for filings made after 10 October 2015 is deemed to be a proportional response to the threat of identity fraud. Given that this information is already in the public domain, even the removal of it from Companies House systems would not prevent third parties from using it.
We have not published the final sentence of your comment. Companies House does not confirm the addresses of our staff and we will not publish blog posts that may contain this information.
Link to this commentReply
They don't answer all the questions raised and the answers they do provide raise more questions. A further comment has been submitted:
David Moss
Your comment is awaiting moderation.
Thank you for your 25.1.16 response.
Companies House consider that removing the fee doesn't make personal information more readily available and that paying the fee wouldn't deter "anyone" from accessing the personal information recorded by Companies House. This is an eccentric position to adopt. Most people accept that penalties deter inconsiderate parking, for example. Companies House may care to consider the tweet sent to them last June by a blogger/journalist who claims to have scored a success using the new website and says explicitly "if I'd had to pay £1/document, I wouldn't have found the info".
It's not just removal of the fee that increases "the threat of identity fraud" which you mention but also the speed and convenience with which personal information can be collected on the new website. Users no longer have to select documents laboriously, as we did on the old website, log in, enter our payment details, wait for the documents to be marshalled, read them, go back and start again, ... Those disincentives have been removed and, instead, bingo, there it all quickly is, all the personal information you could want and more.
Companies House clearly recognise that they have put people's personal information at risk. Why else publish your blog post, 'Our register: advice on protecting your personal information'? Three people have submitted comments on your blog post airing their qualms. Omitting the day of people's birthdays from some documents but not others is only a "proportional" response if Companies House is once again being eccentric.
The claim that personal information is available elsewhere does not justify Companies House's making it available so conveniently. Some people are unrealistic, for example. Should Companies House follow their example?
Why are Companies House seeking to change the status quo with the new website they're testing? You don't unfortunately answer that question in your response. Many people have advanced the hypothesis that making information available to everyone will inspire innovation and cause the UK economy to expand.
Here it is being tested by Companies House. The hypothesis, that is. Has it worked? Has it inspired a lot of innovation? Has it caused the economy to expand? If not yet, then when? So far, in this case at least, it looks as though the hypothesis is wrong. In which case, why proceed as though it is right? Is it time to abandon the new test Companies House website?
Did Companies House perform a privacy impact assessment before spending time and money on a new website? If so, what were the findings? And if not, in view of the concerns expressed by commentators and by Companies House themselves, isn't it about time to assess the privacy impact?
Link to this commentReply

Updated 6.3.16

Where there should be a coherent argument,
there's just a hole.

As noted above, Shakespeare wants to make all the data stored by Companies House, the Land Registry, the Met Office and Ordnance Survey freely available to anyone who wants it. The effect would be, he says, for innovation to be inspired and for the UK economy to expand by "orders of magnitude".

Also noted above, Shakespeare offers not a single cogent reason to believe him.

Companies House have nevertheless wasted their time and our money on developing a new website which makes it quick and free to gather reams of personal information about the directors and shareholders of limited companies.

They realise there's a problem, which is why they published Our register: advice on protecting your personal information. Their advice is utterly ineffectual, but Companies House will pursue the Shakespeare strategy anyway.

Why?

No explosion of innovation has been detected since Companies House started giving away millions of people's personal information for free. The economy has not noticeably expanded as a result.

Where there should be a coherent argument, there's just a hole.

Far away from Companies House, the Land Registry and the others, the Government Digital Service are promoting their new identity assurance scheme, GOV.UK Verify (RIP). That scheme relies on appointed "identity providers" verifying who we are and issuing us with an identity so that we can access public services on-line.

How do the "identity providers" do that? How do they satisfy themselves on-line that we are who we say we are?

One of them, Safran Morpho, tells us:
1.3 How does Morpho collect your personal data
...
Personal data that Morpho may check, include:
- Your Credit Record History
- Your Electoral Roll History
- Your financial court orders records (CCJ, IVA, DRO, Bankruptcy)
- Your record in the Land Registry ...
- Your Directors Register record

We might in certain circumstances verify if you are active on social networks.

Morpho may collect personal data about you because Morpho is required or authorised by law to collect it.
Does that fill the hole?

In the absence of any other, is that perhaps the explanation for Shakespeare's and Companies House's delinquency?


He's all heart, Shakespeare

Forecasting future benefits is also hard to predict
(Shakespeare)

Stephan Shakespeare, writing in An Independent Review of Public Sector Information, devotes one section to the question who owns public sector information.

In the opening paragraph of the section entitled Ownership (pp.28-33) Shakespeare says: "I think the time is now right to reflect on how the current models of ownership apply in the current context" (p.28).

We know from an earlier post the current result of his current reflections – please see Shakespeare's take on property. He wants to give all public sector information (PSI) to "businesses, especially SMEs". For free. Without charge.

What we're looking for in this section of his review is the reason for Shakespeare's recommended largesse. We're dealing with ownership here. Property law. And we're entitled to some more or less scholarly argument.

----- o O o -----

Saturday, 1 June 2013

Shakespeare gives evidence

After five posts on Stephan Shakespeare's An Independent Review of Public Sector Information you might think we'd finished.

Not a bit of it.

We've only just got to the Introduction (pp.19-20).

"The review", he tells us there, ...
... will consider the current and anticipated future needs for Government given the current policy objectives across departments and wider public sector bodies as well as the opportunities and challenges presented by rapidly developing technology in the area.
That's false.

Nowhere in its 71 pages does the review tell us what the opportunities are, as noted, and nowhere do we discover what this "rapidly developing technology" is.

It's been a busy old time for Shakespeare. He's been talking to the citizens and to the experts:
There have been breakfast seminars, larger events with big businesses, SMEs [small and medium-sized enterprises] and start-ups. I have also interviewed individual experts, activists and practitioners.
All those full English breakfasts. Also small and medium-sized English breakfasts. And more – tireless pollster that he is, Shakespeare, the founder of YouGov, tells us that ...
... my own evidence has come from the two waves of surveys, each with simple, defined multi-option questions, with every question accompanied by an open comment box. The first wave was exploratory, helping to develop ideas; the second wave, confirmatory, seeking support for my broad recommendations ...
What do these two-wave surveys reveal?

We find out in the Evidence section of his review (pp.21-7):
70% ... of total respondents think that we should make public all that we can about our health care system ...
Too bad on the other 30%, you may say, the majority has spoken and the majority wants everyone's medical records to be made available for research.

Not so fast.

Your confidence may be partially deflated when you learn that Shakespeare's surveys were conducted on two groups of people. In one of them, 18% of respondents said they were "highly informed" on data issues and in the other group that figure was 4%. The survey finding above could legitimately be re-stated as follows:
Between 82% and 96% of people asked said they didn't know what they were talking about but nevertheless 70% of them think that we should make public all that we can about our health care system so we should.
And that, citizens, is Shakespeare's contribution to the review of PSI, public sector information.

Shakespeare gives evidence

After five posts on Stephan Shakespeare's An Independent Review of Public Sector Information you might think we'd finished.

Not a bit of it.

We've only just got to the Introduction (pp.19-20).

"The review", he tells us there, ...
... will consider the current and anticipated future needs for Government given the current policy objectives across departments and wider public sector bodies as well as the opportunities and challenges presented by rapidly developing technology in the area.
That's false.

Friday, 31 May 2013

Dematerialised ID

Ten years (and one day) ago, someone posted a policy proposal to the Home Secretary. Ditch ID cards, the proposal said, they're guaranteed to fail, take a look at mobile phones and digital certificates instead – try dematerialised ID.

Cut a long story short, dematerialised ID hasn't exactly taken off.

Someone sees politicians and civil servants in a very different light ten years later.

But not the mobile phone. The mobile phone still looks singularly important. There's before the mobile phone. Then there's an energetic wrench in history and there's after the mobile phone.

"Any organisation which issues any voucher conferring any entitlement on the bearer could become a certificate authority and issue digital certificates instead of material vouchers" – that's the catchy theme of dematerialised ID placed bang in the middle of p.20 where the Home Secretary couldn't miss it.

He's not the only one to miss it.

Does your gym issue you with a digital certificate as proof of membership? Or your trade union? No. You still get a card to vouch for your entitlement to use the cross-trainer. Or your entitlement to pensions advice.

You still swipe a card to cross the border and get into your office building and your cinema ticket is still a piece of material paper, not a dematerialised digital certificate. As is your degree certificate.

You have a material passport and driving licence. They could both be digital certificates stored on your mobile and managed by passport and driving licence apps. Ditto your credit and debit cards.

At which point a lot of the vouchers that say to a stranger that you're you would be dematerialised. Thus dematerialised ID.

Clearly none of the instances of dematerialisation that someone was touting ten years ago was attractive enough.

Ten years of failure probably means it's a dead end. But just in case, don't forget, dematerialised ID – check back in 2023.

----------

Updated 29.3.16

Forget the passport, just bring a phone, says the Times newspaper today, only 4,687 days after someone posted his proposal to the Home Office. We live in such a fast-moving globalised world, sometimes it's hard to keep up with the pace of innovation.

Dematerialised ID

Ten years (and one day) ago, someone posted a policy proposal to the Home Secretary. Ditch ID cards, the proposal said, they're guaranteed to fail, take a look at mobile phones and digital certificates instead – try dematerialised ID.

Cut a long story short, dematerialised ID hasn't exactly taken off.