Sunday 9 March 2014

Something for the weekend, Sir?

"We wanted to try something new", said GDS four Saturdays ago, 15 February 2014, "sharing the things we've liked over the past week in a blog post".

That was followed by links to stories about the National Archives, ways to write clearly, "an unlikely cause for squeaky brakes" and other matters.

You get the idea. GDS are proposing a frothy Saturday magazine features series. Nothing too serious. A touch of humour. The emphasis is on good news for a change. Which is fine. Utterly harmless. If you're a frothy Saturday magazine.

But they're not. They're the Government Digital Service. This Weekend Links series appears on the GDS blog. And GDS's job is, to quote them, "to be the unequivocal owner of high quality user experience between people and government by being the architect and the engine room of government digital service provision".

What are GDS doing, highlighting flood defences, as they did on 22 February 2014? That's not their job. It's DEFRA's job.

How do the MOD feel about GDS promoting a DEFRA initiative rather than one of theirs?

By 1 March 2014, they'd moved onto the Oscars. They didn't win one. And yesterday, 8 March 2014, they were "celebrating International Women's Day". What's that got to do with GDS?

The accompanying paraphernalia of lions, unicorns and crowns means that, on their blog in the GOV.UK domain, GDS speak with the authority of the government. The selection of which things to share with us, the choice of which things they have liked over the past week, becomes official. Political. Religious even – dieu et mon droit.

These are editorial decisions. Can you imagine GDS choosing to promote DWP's Removal of Spare Room Subsidy?

If not, there's a bias creeping in. And GDS have no business exercising their personal bias at taxpayers' expense. Let them start their own blogs in their own time if that's what they want to do.

"Simpler, clearer, faster". That's the motto of GOV.UK and when it comes to Weekend Links – to put it simply, clearly and fast – don't. It's a mistake.

Is that a bit puritanical? A bit killjoy? Suppose GDS have something useful to say in their weekend links, something that will add to the education and entertainment of the nation. Then it might be less of a mistake. But they don't.

Yesterday's Weekend Links included this: "GDS’s Head of Content Design, Sarah Richards, shares her thoughts on women in technology":



Ms Richards would like to see more women working in technology. Why? Because she would like to see more women working in technology.

And last week, Ms Richards shared her thoughts with us on clear technical writing.

She wants to ban ampersands (480,000 instances on www.gov.uk). Why? "The reason is that 'and' is easier to read and easier to skim. Some people with lower literacy levels also find ampersands harder to understand ...".

The life expectancy of the hyphen is now similarly short. She gives the example "This information relates to 2013-14" and asks: "What does that mean to you?" It would be better to write "tax year 2013 to 2014", she says.

That takes us back to GDS's war against the word "submit". We have already noted their attempt to help HMRC by re-writing every occurrence of "submit a VAT return" as "send a VAT return", the latter being shorter and less "formal" than the former. But GDS's style guide is not followed consistently. There are 16,900 occurrences of "submit" on GOV.UK which they don't object to.

Ms Richards finishes her thoughts with a question about questions. Specifically FAQs – frequently asked questions. GDS don't approve of FAQs. So they've come up with FAQs without the questions. Which obviously tickles them.

"Did it make any difference to your understanding of the page because there’s no actual questions?", she asks. Because? Despite the fact that? There's? There are? That's an unfortunate sample sentence to be penned by someone intent on telling people how to write English.

If GDS want to promote clear English, would they please stop their fashionable talk about "learnings" when they mean "lessons", e.g. "We’ve worked together to co-ordinate research and procurement requirements and to share learnings on commissioned studies".

Also, it's Lent, would GDS please give up "behaviours", e.g. "linking this narrative to the explicit development of our behaviours as leaders, managers, partners and as Public Health England itself".

As long as GDS continue to talk about "learnings" and "behaviours" they are in no position to advise anyone else about style.

They should also learn to embrace the numbered list. They published a paper on privacy some time back and asked for comments. It is easiest to comment on this crucial matter if the paper has numbered paragraphs. They were asked to number them and they agreed to look into the matter.

That was in June 2013. Nothing has happened in the nine months since. GDS seem to be more interested in preserving their chosen unnumbered style than in creating an on-line transactional system that preserves privacy.

GDS have really got only one job to do and that's to get identity assurance working. Without that, everything they do is pointless.

They have failed so far and they should now concentrate all their efforts on IDA.

There is no excuse for "the engine room of government digital service provision" to be publishing Weekend Links.

Something for the weekend, Sir?

"We wanted to try something new", said GDS four Saturdays ago, 15 February 2014, "sharing the things we've liked over the past week in a blog post".

That was followed by links to stories about the National Archives, ways to write clearly, "an unlikely cause for squeaky brakes" and other matters.

You get the idea. GDS are proposing a frothy Saturday magazine features series. Nothing too serious. A touch of humour. The emphasis is on good news for a change. Which is fine. Utterly harmless. If you're a frothy Saturday magazine.

But they're not. They're the Government Digital Service. This Weekend Links series appears on the GDS blog. And GDS's job is, to quote them, "to be the unequivocal owner of high quality user experience between people and government by being the architect and the engine room of government digital service provision".

Tuesday 4 March 2014

RIP IDA – The Road to Estonia


Come off it, Sten.

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

Has it sunk in yet just how important Estonia is to all of us here in the UK?

According to Google there are 45 instances of the word "estonia" on the DMossEsq blog, stretching all the way from Anonymous demonstration of foolproof Cabinet Office plans back in April 2012 and Francis Maude seeks future in Estonia in May 2012, via the Government Digital Service (GDS) "fantasy strategy" series later that year, all the way through to November 2013 and GDS and international relations.

Then in January this year Public Servant of the year ex-Guardian man Mike Bracken CBE, executive director of GDS and senior responsible owner of the pan-government identity assurance programme (IDA), emitted this tweet:


That's the penny that needs to drop: "Estonia is a model for all of us".

RIP IDA – The Road to Estonia


Come off it, Sten.

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

Has it sunk in yet just how important Estonia is to all of us here in the UK?

According to Google there are 45 instances of the word "estonia" on the DMossEsq blog, stretching all the way from Anonymous demonstration of foolproof Cabinet Office plans back in April 2012 and Francis Maude seeks future in Estonia in May 2012, via the Government Digital Service (GDS) "fantasy strategy" series later that year, all the way through to November 2013 and GDS and international relations.

Then in January this year Public Servant of the year ex-Guardian man Mike Bracken CBE, executive director of GDS and senior responsible owner of the pan-government identity assurance programme (IDA), emitted this tweet:


That's the penny that needs to drop: "Estonia is a model for all of us".

That's what Martha-now-Lady Lane Fox's digital-by-default revolution is about – the UK should become more like Estonia.

That's what the UK government signed up to when they allowed GDS to make a presentation to the Cabinet on 29 October 2013.

And that's their manifesto sorted out for the 2015 general election – a vote for us is a vote for Estonia coming to the Home Counties.

The article linked to in the tweet above is Lessons from the World's Most Tech-Savvy Government – An Estonian shares his country's strategy for navigating the digital world. The Estonian in question is Sten Tamkivi, an "entrepreneur in residence" at the venture capital company Andreessen Horowitz. And it's uncanny – in just under 1,500 words Sten mirrors just about every theme in DMossesq.

Sten: The first building block of e-government is telling citizens apart. Estonia has a working identity management system (according to Sten). The UK doesn't and, judging by the progress to date on IDA – none – it's not going to.

Sten: For these identified citizens to transact with each other, Estonia passed the Digital Signatures Act in 2000. Beware. Digital signatures are irrevocable. That's the point of them. At the moment in the UK, as things stand, if you are the victim of identity theft, ... you're not. There's no such crime on the statute book. The bank is the victim of fraud. It's up to them to try to recover the money and, in the meantime, they have to reimburse you whatever is missing from your account. Change that by introducing digital signatures, and you must have agreed to the fraudulent transaction. It becomes your problem, not the bank's.

Sten: Every person over 15 is required to have an ID card, and there are now over 1.2 million active cards. That’s close to 100-percent penetration of the population ... As mobile adoption in Estonia rapidly approached the current 144 percent (the third-highest in Europe), digital signatures adapted too. Instead of carrying a smartcard reader with their computer, Estonians can now get a Mobile ID-enabled SIM card from their telecommunications operator ...

... in other words, Francis Maude can deny that IDA is anything to do with ID cards until he's blue in the face but he's wrong. It's just that, if IDA is ever to work in the UK, the credentials will be digital certificates stored on PCs/tablets/mobiles instead of the material ID cards required by the now repealed UK Identity Cards Act 2006.

Sten: Besides the now-daily usage of this technology for commercial contracts and bank transactions, the most high-profile use case has been elections ... During parliamentary elections in 2011, online voting accounted for 24 percent of all votes. (Citizens voted from 105 countries in total; I submitted my vote from California.). C.f. the clumsy pretence in the UK that Individual Electoral Registration is about individual electoral registration and the Electoral Commission's give-away indication that it wants to introduce photo-ID for voting. That appeal to nineteenth century technology will surely amuse the eFolks back in Tallinn.

Sten: Public and private players can access the same data-exchange system (dubbed X-Road), enabling truly integrated e-services. We have the Government Gateway in the UK, rather than a crossroad, but GDS want to replace it with an "ID hub", which still hasn't been seen or certified three-and-a-half years after the starting pistol was fired on 20 September 2010.

Sten: A prime example is the income-tax declarations Estonians 'fill' out. Quote marks are appropriate here, because when an average Estonian opens the submission form once a year, it usually looks more like a review wizard: 'next -> next -> next -> submit.' This is because data has been moving throughout the year. When employers report employment taxes every month, their data entries are linked to people’s tax records too. Charitable donations reported by non-profits are recorded as deductions for the giver in the same fashion. Tax deductions on mortgages are registered from data interchange with commercial banks. And so forth. Not only is the income-tax rate in the country a flat 21 percent, but Estonians get tax overpayments put back on their bank accounts (digitally transferred, of course) within two days of submitting their forms ...

... which takes us back to 21 July 2013 and The old concept of HMRC is worn out. The Estonian authorities have enough information on their parishioners – even down to their charitable donations – to make a fist of completing their tax returns for them and to take payments/make repayments automatically. They do. Here in the UK, HMRC don't.

Sten: This liquid movement of data between systems relies on a fundamental principle to protect people’s privacy: Without question, it is always the citizen who owns his or her data and retains the right to control access to that data. For example, in the case of fully digital health records and prescriptions, people can granularly assign access rights to the general practitioners and specialized doctors of their choosing ...

... as opposed to here in the UK where we all woke up on Monday 3 March 2014 to find out that HSCIC had paid PA Consulting to put all our hospital records up in Google's cloud, having woken up the week before to be told that HSCIC were going to delay the expropriation of our GP records by six months because they'd just noticed that neither the doctors nor the patients nor the house of Commons Health Select Committee trust them.

Sten: Moving everything online does generate security risks on not just a personal level, but also a systematic and national level. Estonia, for instance, was the target of The Cyberwar of 2007, when well-coordinated botnet attacks following some political street riots targeted government, media, and financial sites and effectively cut the country off from Internet connections with the rest of the world for several hours ...

... you probably wondered whether Sten was going to mention that embarrassing episode, Estonia hit by 'Moscow cyber war'.

No real soldiers needed
to bring Estonia to its knees,
just "botnets".
Once you've become digital by default, all Russia has to do is deploy a division of "botnets" and the country grinds to a halt. You don't have to wake up a single sailor in your Black Sea fleet and ask him to put on his balaclava, amble over to the Crimea and surround all the military bases. The "botnets" do all the work for you.

That looks like a knockdown reason not to become digital by default.

But Sten disagrees.

Sten: Since then, however, Estonia has become the home of NATO Cooperative Cyber Defence Centre of Excellence and Estonian President Toomas Hendrik Ilves has become one of the most vocal cybersecurity advocates on the world stage.

So what? How does that help?

You're going to love the answer.

Sten: There is also a flip-side to the fully digitized nature of the Republic of Estonia: having the bureaucratic machine of a country humming in the cloud increases the economic cost of a potential physical assault on the state. Rather than ceasing to operating in the event of an invasion, the government could boot up a backup replica of the digital state and host it in some other friendly European territory. Government officials would be quickly re-elected, important decisions made, documents issued, business and property records maintained, births and deaths registered, and even taxes filed by those citizens who still had access to the Internet.

Come off it, Sten. And Toomas.

Think about it.

If you spin up a new Estonian eGovernment somewhere else in the cloud, the "botnets" just attack that one, too. Progress? Nil.

And you try finding a supplier in a "friendly European territory" cloud prepared to host the digital Estonia for you in the first place. Once Vladimir gets his secretary to ring up and threaten them with cutting off the gas and oil supplies, you can forget about any euroTovariches getting involved.

Would Amazon host you? Do you think that's in their financial interests?

Suppose Google agree. Or Microsoft. Or cuddly old Apple. Or any of GDS's friends. It's easy to spin up a new instance of Estonia anywhere in the cloud, anywhere in the world, instantly. That's the kind of thing it says in the sales literature. But is it true? Or does it take three weeks? By which time, Estonia has starved and frozen to death.

Suppose Russia doesn't play ball and fight the next war the same way they fought the last one. No "botnets" this time, they might try something a bit subtler. Nobble one or two certification authorities and they could sell all of Estonia's assets to the V. Putin family trust for 100 Swiss Francs. Digitally signed, the transaction would be irrevocable and from that moment on the whole country would become a tenant owing monthly rent to their next door neighbour.

That is no model for the UK. Digital-by-default is a strategic error.

Nor can we be sure that Sten is right about everything working smoothly in today's Estonia. We have just one man's word for it. And that man is a self-confessed entrepreneur in residence at a venture capital company. Utterly charming no doubt, like Lady Lane Fox, with a vivid imagination but a salesman for all that, used to spinning plausible yarns.

Sten says of today's Estonians, with a straight face, in scenarios where they can’t legally block the state from seeing their information, as with Estonian e-policemen using real-time terminals, they at least get a record of who accessed their data and when.

ePolicemen? We've got the law made by an eGovernment in the cloud for eCitizens on a register being enforced by ePolicemen? What could possibly go wrong?

As the gap between the electronic records and the reality they are meant to reflect inevitably widens, the ordinary man or woman in the street must begin to feel like a mutant. That's one thing that could possibly go wrong.

Let's reserve judgement until we hear from other Estonians how well this eState functions before assuming that Sten's picture is accurate.

Luckily, we are a long way from Estonia's sad fate here in the UK.

We don't even have the "first building block of e-government" prescribed by Sten, a national identity management system.

Nor do our officials suffer from the obsession with security that afflicts Estonia – Public Servant of the year ex-Guardian man Mike Bracken CBE expressly forswears it.

No strategic errors for us. No "humming in the cloud".

Where the security on our Parliament.UK website must look buffoonish to the average Estonian schoolboy, to us it just looks charmingly British and human.




Updated 18.3.14

The Times has a story at the moment, PM orders Gove to lay off Old Etonians. That's what it says. But what someone read was "PM orders Gove to lay off Old Estonians".

Updated 12.5.14
PRESS CONFERENCE 12th May 2014 11:00am – Hotel Metropol, Tallinn

International Team of Independent Election Observers to deliver report on Estonian Internet Voting System

...

Their analysis has identified serious flaws in the systems and processes used in Estonian internet voting.
See also the video put together by the University of Michigan, the Open Rights Group and others.

The implication is that you will never know whether the result of an Internet vote was determined by the voters or by someone with enough nous to defeat the security of the voting system. "Even" in Estonia.

This seems to be a speciality of the University of Michigan. Long-term readers will remember the effortless undermining of a Washington DC Internet voting system back in October 2010, please see Hacker infiltration ends D.C. online voting trial.


Updated 1.4.16

Estonia launches Country as a Service.

Friday 28 February 2014

midata, mimegalomania



"Ernst Stavro Blofeld is a fictional character and a supervillain from the James Bond series of novels and films, who was created by Ian Fleming and Kevin McClory. An evil genius with aspirations of world domination, he is the archenemy of the British Secret Service agent James Bond. Blofeld is head of the global criminal organisation SPECTRE and is commonly referred to as Number 1 ..."

Thank you, Wikipedia, that's quite enough of that.

Bond, Blofeld and SPECTRE are all in another dimension. Fantasy. Let's get back to terror firmer ...

... terror firmer, and midata, the realistic and meticulously planned initiative thoroughly thought through by the Department for Business Innovation and Skills (BIS) to empower the consumer, to nudge everyone into a better lifestyle and to make the UK economy grow.

How will midata empower the consumer?

By inverting the customer relationship management (CRM) whereby major suppliers currently sit at the centre of a web and manipulate us consumers and creating instead a world where the consumer sits at the centre, stroking his or her cat, and using vendor relationship management (VRM) to manipulate the suppliers. Each consumer's data will be under his or her own control, the suppliers will only see what the consumers allow them to see. That – according to BIS, or at least according to BIS's advisors Ctrl-Shift and Mydex – is the route to consumer empowerment.

If you can't make head nor tail of it, it's all explained better in a new post on the Mydex blog, Do people care about personal data? – yes, if they can get it easily!: "The business of living is easier if you are in a position to receive, without effort, the telemetry of your life" – says it all.

Maybe a picture will help. This one, for example, from the Mydex CEO's talk given last November:

David Alexander Mydex CIC CEO talk at BCS Nov 2013 Trust online (11'14")
There's the user, you see, manipulating various branches of government – HMRC, DWP, DVLA, ... – and puppetmastering huge suppliers – banks, phone companies, energy suppliers, ... – completely in control, empowered, right at the very centre of his or her own web.

Can you see that?

Or do you see ... Mydex, and a Cheshire cat's grin at the centre?

midata, mimegalomania



"Ernst Stavro Blofeld is a fictional character and a supervillain from the James Bond series of novels and films, who was created by Ian Fleming and Kevin McClory. An evil genius with aspirations of world domination, he is the archenemy of the British Secret Service agent James Bond. Blofeld is head of the global criminal organisation SPECTRE and is commonly referred to as Number 1 ..."

Thank you, Wikipedia, that's quite enough of that.

Bond, Blofeld and SPECTRE are all in another dimension. Fantasy. Let's get back to terror firmer ...

... terror firmer, and midata, the realistic and meticulously planned initiative thoroughly thought through by the Department for Business Innovation and Skills (BIS) to empower the consumer, to nudge everyone into a better lifestyle and to make the UK economy grow.

How will midata empower the consumer?

RIP IDA – care.data

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

The care.data initiative is marketed on the basis that it would support medical research. As long as you only look at that aspect of HSCIC's initiative, it looks unimpeachable.

There are other points of view:
  • The Health and Social Care Information Centre are said by some to want to make money out of selling our previously confidential GP medical records. Is the objective health? Or wealth?
  • The claim that these records can be anonymised or pseudonymised is false. Why are HSCIC pretending that we can't be identified by our medical records when, in fact, we can?
The picture becomes more complicated. Our automatic trust in HSCIC begins to be undermined. MPs on the House of Commons Health Select Committee said on Tuesday 25 February 2014 that they didn't want their medical records to be bought and sold like a commodity and that they didn't trust HSCIC, so much so that they had already opted out of care.data.

Can you opt out? There is some doubt, identified by the tireless Professor Ross Anderson. HSCIC may still take your records from your GP even if you have opted out. They will pseudonymise the records before filing them. But that doesn't work. See above. You can still be identified.

At which point you start to ask yourself why there is this rapacious desire for our medical records. Is it just the research? There's already lots of research going on. Do we need more? Why wasn't care.data a priority ten years ago? Why now?

Is it perhaps that identification is the point of care.data? You don't know – but DMossEsq knows – that he over-produces calcium, great lumps of the stuff gather in his joints and occasionally make movement difficult. "Which mineral chosen from the following three do you over-produce ..." would be a good question to help to verify DMossEsq's identity. Only he knows the answer. At least until a few minutes ago. Now millions of people do.

care.data is something to do with the Government Digital Service's Identity Assurance Programme (IDA)?

There have been hints that that is the case.

In midata's marketing campaign for cretins, for example:

midata Innovation Lab (1'58")
midata would like your medical records (that's the nurse in the blue uniform, bottom right) and your travel records and your educational history to help to identify you. In addition to your banking records, of course, your mobile phone data and your utilities usage. All in your personal data store (PDS).

And there was a hint in the talk given in November 2013 by the CEO of Mydex. Mydex is a purveyor of PDSs. To midata. And to IDA, where it is one of the UK's five designated "identity providers". More than a hint – a detailed diagram:

David Alexander Mydex CIC CEO
talk at BCS Nov 2013 Trust online (13'29")
The blue cylinder at the top is HSCIC and the green lozenge underneath is DWP. The yellow, green and pink blobs to the right of DWP are your GP medical records, which fly all over the place via the "Government Citizen Identity Assurance Hub (when available)" in "seamless customer journeys" across the "open market for personal applications" with "innovation driven by market and NHS" – new apps to help you make the right lifestyle choices.

The whole structure is supported on Mydex (the purple bit) and its PDSs.

And there supporting Mydex is the trusty shield of tScheme, which "Gives you Confidence by independently Assuring that the Trust Services you are using meet rigorous Quality Standards". Even though Mydex isn't on the list of tScheme approved services or a registered applicant.

That's where your medical records are headed. Into the trusted "Integrated Customer Services Platform" (the great big blue lozenge to the left of DWP) of IDA.

RIP IDA – care.data

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

The care.data initiative is marketed on the basis that it would support medical research. As long as you only look at that aspect of HSCIC's initiative, it looks unimpeachable.

There are other points of view:
  • The Health and Social Care Information Centre are said by some to want to make money out of selling our previously confidential GP medical records. Is the objective health? Or wealth?
  • The claim that these records can be anonymised or pseudonymised is false. Why are HSCIC pretending that we can't be identified by our medical records when, in fact, we can?
The picture becomes more complicated. Our automatic trust in HSCIC begins to be undermined. MPs on the House of Commons Health Select Committee said on Tuesday 25 February 2014 that they didn't want their medical records to be bought and sold like a commodity and that they didn't trust HSCIC, so much so that they had already opted out of care.data.

Can you opt out? There is some doubt, identified by the tireless Professor Ross Anderson. HSCIC may still take your records from your GP even if you have opted out. They will pseudonymise the records before filing them. But that doesn't work. See above. You can still be identified.

At which point you start to ask yourself why there is this rapacious desire for our medical records. Is it just the research? There's already lots of research going on. Do we need more? Why wasn't care.data a priority ten years ago? Why now?

Monday 24 February 2014

care.data, midata & PSI/open data


Whitehall's Misfeasance in Public Office (MiPo) Express hurtles on.


Once again the UK's NHS (National Health Service) is in the news, this time as a result of its care.data initiative.

care.data is a threat to medical confidentiality. The campaign to protect medical confidentiality has been conducted by medConfidential, among others. The other day they were able to celebrate one battle won – the introduction of care.data has now been delayed for six months:


Congratulations to medConfidential. And also to the BMA (the British Medical Association) and to NHS England:
Tim Kelsey, national director for patients and information at NHS England, said:

“NHS England exists for patients and we are determined to listen to what they tell us. We have been told very clearly that patients need more time to learn about the benefits of sharing information and their right to object to their information being shared. That is why we are extending the public awareness campaign by an extra six months.”
The NHS already has access to patients' hospital records, which can be used to measure the performance of hospitals. That data is also an invaluable resource for medical research. The idea of care.data is for the first time to add patients' GP records to the hospital data to make an even greater resource for audit and for research.

An Englishman's relationship with his or her family GP (General Practitioner) is very personal and the thought of scores of strangers sifting through all our currently confidential records is bringing a lot of us out in spots. Few of us can make the case for the prosecution cogently. So let's hand that job over to Ben Goldacre, a doctor, the author of Bad Science, a journalist and public speaker, and an enthusiastic advocate of care.data.

Writing in the Guardian the other day, The NHS plan to share our medical data can save lives – but must be done right, he said that care.data ...
... is being put at risk, by the bungled implementation of the care.data project. It was supposed to link all NHS data about all patients together into one giant database, like the one we already have for hospital episodes; instead it has been put on hold for six months, in the face of plummeting public support. It should have been a breeze. But we have seen arrogant paternalism, crass boasts about commercial profits, a lack of clear governance, and a failure to communicate basic science properly.
"Bungled implementation"? "Plummeting public support"? "Arrogant paternalism"? "Crass boasts about commercial profits"? "A lack of clear governance"? "A failure to communicate basic science properly"? He doesn't seem to be very impressed with NHS England, does he.

Nor with Tim Kelsey:
Tim Kelsey is the man running the show: an ex-journalist, passionate and engaging, he has drunk more open-data Kool-Aid than anyone I've ever met. He has evangelised the commercial benefits of sharing NHS data – perhaps because he made millions from setting up a hospital-ranking website with Dr Foster Intelligence – but he is also admirably evangelical about the power of data and transparency to spot problems and drive up standards. Unfortunately, he gets carried away, stepping up and announcing boldly that no identifiable patient data will leave the Health and Social Care Information Centre. Others supporting the scheme have done the same.
The claim that patient records can be anonymised is false. DMossEsq readers know that – Professor Martyn Thomas told us last June. And Ben Goldacre agrees. He takes himself as an example and demonstrates in his Guardian article how he could be identified in a few simple steps even if his name, address and date of birth are not included in his medical records.

DMossEsq readers will also recognise this syndrome of evangelising "the commercial benefits of sharing NHS data" or any other Public Sector Information (PSI). We have come across someone else who's over-indulged in the Kool-Aid, in the form of Stephan Shakespeare.

"Forecasting future benefits is also hard to predict", he told us, and yet he felt confident that "it seems a straightforward decision to invest £143m to make Trading Fund data widely available is a relatively small price to pay to leverage wider economic benefits far exceeding this by orders of magnitude". Which is it? "Hard to predict"? Or "a straightforward decision"? It can't be both.

There's a lot of it about. Professor Sir Nigel Shadbolt's midata project is another example: "A data-enabled online market place will create new services that will take your data and do some really interesting things with it". What "really interesting things"? Once it was put to the test in the midata Innovation Lab, the answer turned out to be none – no really interesting things, not one.

So much for the bold claim made for midata by Ctrl-Shift, the consultancy advising the Department for Business Innovation and Skills (BIS): "Access to such data represents a ‘holy grail’ data to companies because it explains why people do what they do and predicts what they are going to do next". Not only would midata allow BIS to know the future but, conveniently enough, "Ctrl-Shift’s research finds that the market for these new streams of information could grow to be worth £20bn in the UK over the next ten years" (p.14).

Deceitful promises to be able to predict the future are familiar enough throughout history. The only innovation here is how small the Kool-Aid budget is at only £2 billion p.a.

As Ben Goldacre says:
Trust, of course, is key here, and that's currently in short supply. The NSA leaks showed us that governments were casually helping themselves to our private data. They also showed us that leaks are hard to control, because the National Security Agency of the wealthiest country in the world was unable to stop one young contractor stealing thousands of its most highly sensitive and embarrassing documents.
Trust has been punctured by the "crass boasts about commercial profits" and by the false claims as to anonymisation. As for the security of our centralised personal medical records, it's not just the behaviour of GCHQ and the NSA which raises doubts. Ben Goldacre is wrong there.

It's also the daily occurrence of breaches of security on the web. There is no such thing as a secure website. They don't exist. Any more than unicorns.

And where does NHS England's Health and Social Care Information Centre want to put our care.data? In the cloud – just take a look at the extract below from G-Cloud's sales figures as at November 2013. In the cloud where, as DMossEsq readers know, they are guaranteed to lose control of it:


Customer: Health and Social Care Information Centre





Supplier
For Month
Product / Service Description
Total Charge £(Ex VAT)
EMERGN LTD
Jul-13
Agile Coaching
9,900.00
Info-Assure
Nov-13
IT Security
8,820.00
INTECHNOLOGY PLC
Aug-13
IaaS
9,500.00
INTECHNOLOGY PLC
Aug-13
IaaS
9,300.00
INTECHNOLOGY PLC
Sep-13
IaaS
9,300.00
INTECHNOLOGY PLC
Sep-13
IaaS
9,500.00
INTECHNOLOGY PLC
Sep-13
IaaS
52,618.00
INTECHNOLOGY PLC
Sep-13
IaaS
49,560.00
INTECHNOLOGY PLC
Oct-13
Compute
9,300.00
INTECHNOLOGY PLC
Oct-13
Compute
900.00
INTECHNOLOGY PLC
Oct-13
Compute
9,300.00
INTECHNOLOGY PLC
Oct-13
Compute
9,500.00
INTECHNOLOGY PLC
Oct-13
Compute
10,440.00
INTECHNOLOGY PLC
Nov-13
IaaS
9,500.00
INTECHNOLOGY PLC
Nov-13
IaaS
9,500.00
INTECHNOLOGY PLC
Nov-13
IaaS
9,500.00
INTECHNOLOGY PLC
Nov-13
IaaS
9,500.00
INTECHNOLOGY PLC
Nov-13
IaaS
9,500.00
Mastek UK Ltd
Oct-13
Agile Development for Identity and Access Management
73,458.64
Mastek UK Ltd
Oct-13
Agile Development for Identity and Access Management
75,433.74
Mastek UK Ltd
Oct-13
Agile Development for Identity and Access Management
42,236.82
Mastek UK Ltd
Oct-13
Agile Development for Identity and Access Management
24,308.96
Valtech Ltd
Aug-13
Spine 2 Agile development service: initial 10 week term to complete the supplier evaluation
100,000.00







560,876.16

The case he makes against care.data is so convincing that, understandably, as a supporter, Dr Goldacre gets a bit hysterical towards the end of his article ...
... we need stiff penalties for infringing medical privacy, on a grand and sadistic scale. Fines are useless, like parking tickets, for individuals and companies: anyone leaking or misusing personal medical data needs a prison sentence, as does their CEO. Their company – and all subsidiaries – should be banned from accessing medical data for a decade. Rush some test cases through, and hang the bodies in the town square.
"Just what the doctor ordered", you may say, "hang the bodies in the town square".

But no. There's no need for hangings. No need for grand sadism, as he puts it. NHS England have already irrevocably forfeited the trust of patients and GPs and a six-month delay isn't going to put Humpty Dumpty back together again.

Dr Goldacre's faith in the transcendent virtue of care.data may be misplaced:
  • Knowledge of all their parishioners' personal data doesn't always help an agency to do good – it didn't stop the Child Support Agency spreading misery all around.
  • Auditing the hospitals didn't stop the atrocities of Stafford Hospital.
  • Nor did the best regulatory efforts of the Treasury, the FSA (RIP) and the Bank of England prevent the credit crunch of 2008.
  • There is no reason to believe that care.data would root out under-performing GPs any more reliably than the systems the NHS already has.
  • As to the benefits of research, the NHS already has masses of raw data to investigate, as Dr Goldacre tells us.
No more hysteria, please:
We have a golden opportunity in the UK, with 60 million people cared for in one glorious NHS ... the government ... have a good chance of saving a vital data project, and permitting medical research that saves lives on a biblical scale to continue.
And no more "arrogant paternalism" either. "Trust me, I'm a doctor"? Pace Dr Goldacre, we mere laymen are not too stupid to know what's good for us:
Opt-outs would destroy the data, and the growing calls for an opt-in system would be worse: opt-in killed people by holding back organ donation, and more than that, it would exacerbate social inequality around data, because the poorest patients, those most likely to be unwell, are also the least engaged with services, the least likely to opt in. They would become invisible.
The best of luck to medConfidential in the further battles to come over the next six months.

----------

Updated 26.2.14

Whitehall's Misfeasance in Public Office (MiPo) Express hurtles on.

On 23 February 2014 the Telegraph published Hospital records of all NHS patients sold to insurers:
... a report by a major UK insurance society discloses that it was able to obtain 13 years of hospital data – covering 47 million patients – in order to help companies “refine” their premiums ...

... “uniquely” they were able to combine these details with information from credit ratings agencies, such as Experian, which record the lifestyle habits of milllions of consumers.

The calculations were used to advise companies how to refine their premiums, resulting in increased premiums for most customers below the age of 50 ...
There was a helpful follow-up the next day –  Patient records should not have been sold, NHS admits. The records shouldn't have been sold. But they were. What is there to stop that happening again? Nothing, as Ben Goldacre had told us in his Guardian article, the HSCIC haven't worked out their procedures yet ...

... a subject which arose at yesterday's evidence session held by the House of Commons Health Select Committee. Three hours of unmissable TV during which officials refused to answer MPs' questions and MPs stated that they had already opted out of care.data because they don't trust HSCIC:



The Twittersphere distinguished itself during the course of the hearing. For example:



For those of you who don't have time to watch the proceedings or to plough through the tweets, some kind soul has summarised the matter in 3'50" flat, see Tim Kelsey discovers that care.data is in trouble:


What applies to the NHS's care.data applies equally to Professor Sir Nigel Shadbolt's Open Data Institute (ODI). And to Stephan Shakespeare's related National Data Strategy for Public Sector Information (PSI).

And to the Department for Business Innovation and Skills's midata initiative.

And to the Government Digital Service's identity assurance programme, IDA (RIP) – and, thereby, to the whole business of transacting with government via GOV.UK. And to G-Cloud – if people (and companies and partnerships and trusts and charities and ...) can be inveigled into putting all their data in the cloud, they will voluntarily have lost control of it. Instantly.

They're all on the same express. The MiPO Express.