DMossEsq

Friday 26 July 2013

Biometrics – Hollywood v. Kingston upon Thames

Exclusive: sometimes there is a difference between fiction and reality.

Steve Hewlett is presenting a report at the moment on BBC Radio 4, Privacy Under Pressure. Three episodes, Episode 2 was on Monday 22 July 2013, last episode next Monday, don't miss it, 9 a.m.

Everyone remembers Minority Report, the Tom Cruise film where people are identified by the patterns of their irises. As they walk around the shopping mall, personally tailored advertisements invite them to enjoy special offers in the shop they're just passing.

Politicians may believe that this technology already works and is available today. It isn't. Senior civil servants and journalists may believe it but they're wrong, too.

What is available, is a technology claiming to recognise your face – not your irises. Steve Hewlett interviewed James Orwell, a face recognition expert at Kingston University.

How well does face recognition work in a shopping mall today? Hundreds of times better than it used to, said Dr Orwell, but still not well enough. If we had one million people's faces on file and we searched for a match using an image caught by an overhead CCTV today, we'd probably be able to narrow it down to the nearest 5 percent.

That is, we'd know that the person who's just been filmed isn't among these 950,000, he or she is one of the remaining 50,000 people on file. Probably.

Useless. And here he is, saying it.

Minority Report-style biometrics may work in Hollywood. They don't work in Kingston.

Biometrics – Hollywood v. Kingston upon Thames

Exclusive: sometimes there is a difference between fiction and reality.

more ►

Thursday 25 July 2013

"Identity providers" – GDS issue the black spot

One UK citizen said:”I pay the government to identify and verify me when I am born (birth certificate), when I marry (marriage certificate), when I die (death certificate) and when I travel (passport and driving licence). Why should I then have to pay an outside private organisation to verify who I am when I transact with the government online, when I've already paid the government? Let the government – possibly the passport service that is also the national records office – be my identity provider of choice.”

The UK is the proud possessor of not just one "identity provider", not two, but no less than eight of them. Digidentity and Verizon. The Post Office and Experian. Mydex and Ingeus. Cassidian and PayPal.

It's been hard for them. Initially, the Department for Work and Pensions (DWP) offered the "identity providers" £240 million to get the Identity Assurance Programme (IDAP) up and running in the UK. Then ex-Guardian man Mike Bracken stepped in and cut the offer to £30 million. By the time contracts were awarded, that figure was down to £25 million.

The idea was to have IDAP "fully operational" for DWP by March 2013. Four months ago. It wasn't operational then, and it still isn't.

Has IDAP been shelved? Or cancelled? No. Digital by Default News tell us that HMRC will be the first public body to use IDAP.

(It may help to explain that Digital by Default News "is one of a new portfolio of Contentive websites providing critical, real-time intelligence in a wide range of niche industry verticals".)

So things are looking up for the "identity providers"? All those years of hard work negotiating the terms of IDAP and now, at last, it's paid off and they're going to get their hands on the identities of tens of millions of individual and corporate taxpayers' identities?

No.

Take another look at that Digital by Default News article, Citizens would prefer government-owned identity provider. Yes, it spends a bit of time saying that "the scheme will be run by eight private sector organisations which will hold digital ‘passports’ for enrolled UK citizens, enabling them to access online government services".

But the bulk of the article is about how no-one wants private sector "identity providers", what we really want, apparently, we "citizens", is for the old Identity & Passport Service (IPS) to be our one and only "identity provider". "Identity providers", it is saying, "we don't need you, we don't want you, we can do better without you, your presence has delighted us long enough, do not stand upon the order of your going".

The Senior Responsible Owner for IDAP is ex-Guardian man Mike Bracken, see above. He is also the chief executive of the Government Digital Service (GDS), responsible for making public services digital by default, and he's probably the de facto publisher of Digital by Default News N [please see comments below].

What is he up to? He's alienated DWP, the UK's biggest-spending department of state, he's alienated the eight "identity providers" on whom IDAP depends and now he's got no-one left to turn to – the whole point about IPS is that it failed.

He's promising to provide HMRC with identity assurance, having promised and then failed to provide it to DWP last March.

Failing with DWP is one thing. But HMRC is different. The state relies on HMRC raising about £600 billion of tax every year. Failure is unthinkable. No tax, no state.

The question was, what is he up to, and the answer is, who knows, ex-Guardian man Mike Bracken's tactics are incomprehensible, the only point that is clear is that this is the end of IDAP, the end of digital-by-default, which can't work without identity assurance, the end of GDS, the end of midata and Individual Electoral Registration and maybe the end of G-Cloud, too – on 1 June 2013 GDS took over responsibility for G-Cloud.

IDAP never was going to work. Its failure could nevertheless have been long and drawn-out, and expensive. Thanks to this latest slap in the face of the "identity providers", we taxpayers may be lucky – quicker and cheaper failure.

Who do we thank?

Step forward Neil Fisher. Mr Fisher is vice president of Global Security Solutions at Unisys Corporation. He is responsible for the opinion poll results on which the Digital by Default News article is based. They fell for it hook, line and sinker.

He is also, of course, the Cassandra who told ex-Guardian man Mike Bracken and Francis Maude that any project with the word "identity" in its name is doomed.

Thank you.

"Identity providers" – GDS issue the black spot

One UK citizen said:”I pay the government to identify and verify me when I am born (birth certificate), when I marry (marriage certificate), when I die (death certificate) and when I travel (passport and driving licence). Why should I then have to pay an outside private organisation to verify who I am when I transact with the government online, when I've already paid the government? Let the government – possibly the passport service that is also the national records office – be my identity provider of choice.”

more ►

Wednesday 24 July 2013

The rise of the captive cloud

• PASC should rescue the good idea of SME competition

from the clutches of G-Cloud

• PASC should look carefully at the way competition is being operated

in G-Cloud

Whitehall misfeasance
The Public Administration Select Committee (PASC) published its report on Government Procurement on 16 July 2013:

The public sector spends £227 billion each year buying a range of goods, services and works, £45 billion of which is spent by Whitehall Departments. The Ministry of Defence alone spends £20 billion a year. By improving the efficiency and effectiveness of procurement, the Government has an opportunity not only to save the taxpayer significant sums of money, but also to drive economic growth. (p.1)

PASC say that the public is getting poor value for money and that:

There are clear shortcomings in the ability of the Civil Service to run effective and efficient procurement. The Civil Service shows a consistent lack of understanding about how to gather requirements, evaluate supplier capabilities, develop relationships or specify outcomes. (p.3)

This record of misfeasance in public office goes back at least 30 years and shows few signs of improvement:

Whilst we welcome the Government’s initiatives to centralise procurement, we note that progress so far has been painfully slow and sporadic. It is clear from our evidence that this is because, despite the centralising mandate given to the Cabinet Office by a Cabinet Committee, inter-departmental cooperation is poor. (p.4)

At worst, this soap opera is about suppliers charging the biggest number they can think of for poor quality service and about incompetent satraps paying them.

SMEs
What hope is there for the taxpayer that his or her money will stop being wasted?

One source of hope is the plan to give more government contracts to small and medium-sized enterprises (SMEs). They are more innovative than the behemoths who normally have government contracts let to them, and more competition might reduce prices and improve quality:

To help achieve this aspiration, the Cabinet Office has introduced a number of measures to remove barriers facing SMEs seeking to win government contracts. These include a policy to remove “pre-qualification questionnaires from lower value contracts, except where security is a consideration” and “the introduction of Contracts Finder” to allow “unprecedented transparency to the range of opportunities available”. (p.13)

That hope expires one page later.

Duty of care

The G Cloud/Cloudstore Framework

The G Cloud/Cloudstore framework provides an online catalogue of ICT services for the UK public sector managed centrally by the Government Procurement Service ...

The Government expects that CloudStore will help small and medium-sized businesses to contract directly with the public sector, as it has simplified the requirements for joining this framework. (p.14)

Two ideas are being conflated and PASC have, arguably, fallen for it.

Giving SMEs the chance to win government contracts is one idea. Cloud computing is a separate idea. SMEs being allowed to compete is quite independent of the introduction of cloud computing. And cloud computing is quite independent of SMEs competing – there are huge, non-SME cloud computing service suppliers like Apple and Google and Amazon and Microsoft.

"Cloud computing" means losing control of your data. It is a bad idea. It is an abdication of Whitehall's duty of care.

PASC should rescue the good idea of SME competition from the clutches of G-Cloud.

Competition
And PASC should look carefully at the way competition is being operated in G-Cloud, specifically by the Government Procurement Service and the Government Digital Service, which took over responsibility for G-Cloud on 1 June 2013.

Everyone is or should be conversant with the concept of the captive insurance company. Whitehall have created their own equivalent, in the form of the captive cloud company.

There are 458 suppliers accredited to G-Cloud according to PASC (p.14), many of them long-established SMEs with a track record that bears inspection.

So how did Skyscape, a company only incorporated on 3 May 2011, manage to be accredited by the Government Procurement Service? And how did it win four G-Cloud contracts – with HMRC, the MoD, the Home Office and the Government Digital Service – against the competition of long-established SMEs?

It looks as if Whitehall have created in Skyscape a captive cloud company. Skyscape recruited as its Commercial Director one Nicky Stewart, previously G-Cloud Head of ICT Strategy Delivery at the Cabinet Office, and Whitehall started filling this shell with valuable contracts. That looks like a distortion of the market and the opposite of the proper operation of competition.

Only separate
If Whitehall are allowed by PASC to confuse SME competition with cloud computing, the danger is that public administration will become dependent on the large cloud computing suppliers. Once dependent on them prices will go up, and a new oligopoly of contractors will exert power. Competition will be snuffed out by a cartel and we taxpayers will be back where we started, being fleeced, while the satraps look on with impunity.

The rise of the captive cloud

• PASC should rescue the good idea of SME competition

from the clutches of G-Cloud

• PASC should look carefully at the way competition is being operated

in G-Cloud

Whitehall misfeasance
The Public Administration Select Committee (PASC) published its report on Government Procurement on 16 July 2013:

The public sector spends £227 billion each year buying a range of goods, services and works, £45 billion of which is spent by Whitehall Departments. The Ministry of Defence alone spends £20 billion a year. By improving the efficiency and effectiveness of procurement, the Government has an opportunity not only to save the taxpayer significant sums of money, but also to drive economic growth. (p.1)

PASC say that the public is getting poor value for money and that:

There are clear shortcomings in the ability of the Civil Service to run effective and efficient procurement. The Civil Service shows a consistent lack of understanding about how to gather requirements, evaluate supplier capabilities, develop relationships or specify outcomes. (p.3)

This record of misfeasance in public office goes back at least 30 years and shows few signs of improvement:

Whilst we welcome the Government’s initiatives to centralise procurement, we note that progress so far has been painfully slow and sporadic. It is clear from our evidence that this is because, despite the centralising mandate given to the Cabinet Office by a Cabinet Committee, inter-departmental cooperation is poor. (p.4)

At worst, this soap opera is about suppliers charging the biggest number they can think of for poor quality service and about incompetent satraps paying them.

more ►

Sunday 21 July 2013

The old concept of HMRC is worn out

You see Trade's plan is for every person in Ruritania to maintain a personal data store, managed by state-appointed trusted identity providers. That includes both types of person, natural persons and legal persons, i.e. corporations, trusts, and so on. Once these personal data stores are populated, where is the need for the Revenue? A tax farmer app can simply calculate the amount of tax due and make life more convenient for everyone by filing their tax returns for them and direct debiting the money from their bank accounts. It would be naïve of anyone not to see that that is the purpose of a personal data store and that that is also why the Revenue as currently constituted serves no purpose in the digital-by-default new world.

That's what DMossEsq said in his China Syndrome play. Ridiculous of course.

Except that the excellent Dave Birch promptly reported a meeting hosted by Intellect to discuss the possibility of a mobile phone app to make charitable donations and account for Gift Aid at the same time, please see You can take a gift horse to water, but you can’t make it fill out an HMRC declaration.

Certain people are looking for a knockdown argument in favour of personal data stores (PDSs).

"Holding out against PDSs condemns African children to starvation" sounds like a good candidate. Until you examine it.

Compare and contrast Stephan Shakespeare and the European Commission's plans for Public Sector Information (PSI) – "standing in the way of PSI means there will never be a cure for cancer".

Beware.

----------

Updated 20.3.14

Daily Telegraph:

Did you spot this? Budget gives HMRC power to raid your bank account – like Wonga

... At the back of the Budget book, there’s this chilling paragraph: “The Government will modernise and strengthen HMRC’s debt collection powers to recover financial assets from the bank accounts of debtors who owe over £1,000 of tax” ...

One step further along the road to Estonia.

Updated 10.5.14

Guardian

HMRC to sell taxpayers' financial data
The personal financial data of millions of taxpayers could be sold to private firms under laws being drawn up by HM Revenue & Customs in a move branded "dangerous" by tax professionals and "borderline insane" by a senior Conservative MP.

Telegraph

David Cameron: Taxes will rise unless we can raid bank accounts
Taxes will have to rise unless officials are given new powers to raid people's bank accounts, David Cameron has said.

The Treasury select committee warned that allowing HM Revenue and Customs to remove cash from bank accounts without court orders is "very concerning" because of its history of mistakes.

The old concept of HMRC is worn out

You see Trade's plan is for every person in Ruritania to maintain a personal data store, managed by state-appointed trusted identity providers. That includes both types of person, natural persons and legal persons, i.e. corporations, trusts, and so on. Once these personal data stores are populated, where is the need for the Revenue? A tax farmer app can simply calculate the amount of tax due and make life more convenient for everyone by filing their tax returns for them and direct debiting the money from their bank accounts. It would be naïve of anyone not to see that that is the purpose of a personal data store and that that is also why the Revenue as currently constituted serves no purpose in the digital-by-default new world.

more ►

Is gravity old-fashioned now?

Many people are saying the same thing but none, perhaps, as eminent as Professor Sir John Beddington CMG, FRS, Chief Scientific Adviser to HM Government and Head of the Government Office for Science:

Blurring of public and private identities:
People are now more willing to place personal information into public domains, such as on the internet, and attitudes towards privacy are changing, especially among younger people. These changes are blurring the boundaries between social and work identities. The advent of widespread mobile technology and email enables more people to remain connected to their work out of hours. At the same time, posting mobile phone photographs and videos online has led to a cultural shift where many people broadcast their daily lives and experiences, ceding control over some aspects of identity to others with potentially serious consequences for later life. (p.2)

Sir John doesn't say that the concept of privacy itself is changing.

But other people do, see for example The changing definition of privacy, 'Like' it or not, privacy has changed in the Facebook age, Privacy in a changing society, Facebook's Mark Zuckerberg says privacy is no longer a 'social norm' and The concept of privacy is now impossible to sustain.

Which is odd because, think about it, when first balloons and then aeroplanes started to fly, no-one said that the concept of gravity had changed.

Beware salesmen telling you that the concept of privacy has changed and you're past your sell-by date if you don't know it, these days anything goes. They're wrong. The concept of privacy is staying right where it's always been and its strictures still apply.

What the Chief Scientific Adviser is saying is that the attitude to privacy is changing. He's wrong, too. As those who give up their privacy will find when the old-fashioned concept of regret overtakes them.

Is gravity old-fashioned now?

Many people are saying the same thing but none, perhaps, as eminent as Professor Sir John Beddington CMG, FRS, Chief Scientific Adviser to HM Government and Head of the Government Office for Science:

Blurring of public and private identities:
People are now more willing to place personal information into public domains, such as on the internet, and attitudes towards privacy are changing, especially among younger people. These changes are blurring the boundaries between social and work identities. The advent of widespread mobile technology and email enables more people to remain connected to their work out of hours. At the same time, posting mobile phone photographs and videos online has led to a cultural shift where many people broadcast their daily lives and experiences, ceding control over some aspects of identity to others with potentially serious consequences for later life. (p.2)

more ►