DMossEsq

Friday 11 April 2014

Digital government – the market in contempt

Dotted around central government and local government there are thousands of experienced and responsible buyers, among them people who buy IT hardware, software and services. They've been doing it for decades. They know what they're doing. They're not idiots.

It is sensible to collect their experience together. That way standards can be raised and mistakes avoided. It is sensible to share their experience. That cuts out wasteful, repetitive work – there's not much point 100 branches of government assessing the same product 100 times. It is sensible to create centralised "digital marketplaces" like the Digital Services framework, where suppliers will be made to compete on price and quality openly, in full view of the buying public.

In connection with which, please see Designing the Digital Marketplace, which was posted a few days ago on the Government Digital Service's digital marketplace blog and which discusses "some of the exciting new features and improvements we’re bringing to the Digital Marketplace":

... a major design goal is to reassure buyers that they’re buying the right thing, and to make sure buyers are supported throughout the buying process ...

A problem with the current CloudStore is that it’s tricky to find the same search result twice, because the search results are randomised. We’re working on making it easier to find the service you need by improving browsing and searching.

One way we’re doing that is by looking at language. The acronyms SaaS, PaaS, and IaaS mean something to those who know, but to those who are new to cloud services they are confusing. To help users understand the phrasing and categorisation, we’re looking at including a full phrase, an explanation of what it means, and some examples (the most popular) of what these services actually are (see screenshot below). But even with the full phrase, do our users know what “software as a service” means? (For those interested, Ivanka’s written previously about the importance of language.) ...

"... a major design goal is to reassure buyers that they’re buying the right thing"? Do GDS really believe that their colleagues in government who are professional buyers would buy something when they're not sure what it is?

"The acronyms SaaS, PaaS, and IaaS mean something to those who know, but to those who are new to cloud services they are confusing"? Do GDS really believe that their colleagues in government who are professional buyers are out there buying acronyms without knowing what they stand for?

"... even with the full phrase, do our users know what “software as a service” means? (For those interested, Ivanka’s written previously about the importance of language.)"? If someone doesn't know what "software as a service" means, what on earth are they doing buying SaaS? And do we really need Ivanka to tell us that language is important?

It is the thoughts expressed by language which are important. GDS, whose own record is not unblemished, might do well to rein in this thought that they're dealing with idiots when it comes to government buyers. And to the rest of us.

Digital government – the market in contempt

more ►

Tuesday 8 April 2014

RIP IDA – where is it?

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

The Government Digital Service (GDS) are trying to transform government by making it digital by default. They have chosen 25 public services as exemplars. Exemplar no.9 is a service for DVLA – the Driver and Vehicle Licensing Agency – and is described as follows:

If you are a driver you will be able to view information from your record, including what vehicles you can drive and any penalty points and disqualifications. Drivers' data will be made available via a new DVLA enquiry platform built to handle high-volume enquiries

That's point #1.

Point #2 – GDS have been trying for some time to get identity assurance working. On 11 February 2014 they told us that IDA was finally being tested behind the scenes, and that testing on exemplar no.9 would start to use IDA in public in March:

Initially we will be adding more services and users quite gradually, as we continue to get the service ready for wider use. Other services will begin to use identity assurance from March onwards, starting with DVLA’s view driving record service. The DVLA will start trialling identity assurance for some users, aiming to use it exclusively once the identity assurance service is in public beta.

Point #3, on 1 April 2014 DVLA announced that:

Yesterday, at just after midday, we launched the public beta of View Driving Record on GOV.UK.

"... after 15 months of hard work this was it", they said, "we had delivered the first part of what we had set out to achieve ...".

Can you now see "what vehicles you can drive and any penalty points and disqualifications" on-line? Yes.

And can you see IDA in action? No.

After 15 months of work, what we get is the screen form above with just four fields to fill in and when you press the button you get two database lookups – the vehicles you can drive and any points on your licence. Maybe it's harder than it looks but it doesn't look as though that should take 15 months. Not if you're using "agile" software engineering methods.

Leave a space in your National Insurance number or in your post code when you enter it, and GDS tell you "Sorry, due to a technical problem we can't display your details right now. Please try again later" – an obtuse way to tell users to remove the spaces, and a surprising approach for an organisation that prides itself on designing user interfaces.

Are you really the user of this service? The objective is to make life easier for DVLA and for the car hire companies – this service is one step along the path to dispensing with the paper counterpart driving licences we all lose. The objective is also to make it easier for car insurance companies to check that we're telling the truth on our proposals.

This heavy reliance on National Insurance numbers to identify us is likely, we are told, to underpin the individual electoral registration service due to be released in June 2014. Does it provide adequate assurance?

All of these matters and more we can debate. But, point #4, that debate is set against the background of the continued glaring absence of IDA. Where are the so-called "identity providers"? Where are the personal data stores? Where is the secure identity hub?

----------

Updated 7.10.14

"From today, [DVLA, the UK's Driver and Vehicle Licensing Agency] has launched a new digital service. Now you can view your driving licence information online." That's what the Government Digital Service (GDS) said today in a Tweet. And they provided a link to a post on the GDS blog, A new way to view your driving licence info online.

You might take that at face value.

If you were born yesterday.

But as the rest of us know, if only from the 8 April 2014 post above, the service was launched at least six months ago.

No-one knows why it was launched then.

It's of no use to drivers.

And no-one knows why it's being re-launched now. It's still of no use to drivers. And it still operates without the benefit of the long-promised identity assurance.

From today, @dvlagovuk has launched a new digital service. Now you can view your driving licence information online. http://t.co/TMS7YfX78C
— GDS (@gdsteam) October 7, 2014

RIP IDA – where is it?

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

The Government Digital Service (GDS) are trying to transform government by making it digital by default. They have chosen 25 public services as exemplars. Exemplar no.9 is a service for DVLA – the Driver and Vehicle Licensing Agency – and is described as follows:

If you are a driver you will be able to view information from your record, including what vehicles you can drive and any penalty points and disqualifications. Drivers' data will be made available via a new DVLA enquiry platform built to handle high-volume enquiries

Initially we will be adding more services and users quite gradually, as we continue to get the service ready for wider use. Other services will begin to use identity assurance from March onwards, starting with DVLA’s view driving record service. The DVLA will start trialling identity assurance for some users, aiming to use it exclusively once the identity assurance service is in public beta.

Point #3, on 1 April 2014 DVLA announced that:

Yesterday, at just after midday, we launched the public beta of View Driving Record on GOV.UK.

more ►

Monday 7 April 2014

RIP IDA – long odds

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

Last Friday the Government Digital Service (GDS) announced that they would be issuing a new invitation to tender for identity assurance work (IDA), please see Identity assurance, procurement 2.

As noted, it looks as though enrolment into IDA would cost 35 times more than GDS previously told us. £30 million was meant to pay for 21 million putative registrations. In the event, it will cover only 600,000 putative registrations.

In a typically clear-headed assessment published in Computer Weekly magazine, Toby Stevens describes the difficulties GDS face with IDA. He also examines the position of suppliers considering a bid. Should they try to become "identity providers" (IDPs)? He has this to say:

... an IDP would need to run a population of 250,000 users in the first year just to have a chance of breaking even. That's going to be a problem for stretched Sales Directors who are evaluating bid risks and trying to determine where to focus their sales resources. Why bid the high-risk job with the deferred payback, when they could go for safer projects with up-front payment ...

I think I’d rather put my money on a 5-horse accumulator than an IDP bid team.

No board is going to sanction betting on the horses as a business development strategy. The equity analysts wouldn't wear it. Neither would the shareholders. The directors could kiss goodbye to their careers.

Nevertheless, the salesmen will probably turn up to the 28 April 2014 "event for interested organisations". That's what salesmen do. Quite rightly. It promises to be a re-run of the 20 September 2010 meeting, please see Identity assurance. Only the future is certain – doom 1.

GDS didn't exist then, back in September 2010. They do now. But it remains the case nevertheless that investing in IDA is akin to betting on the horses. Toby Stevens says: "GDS has a track record of delivering 'impossible' projects". He is a kinder man than DMossEsq. "Impossible" means impossible. RIP.

RIP IDA – long odds

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

Last Friday the Government Digital Service (GDS) announced that they would be issuing a new invitation to tender for identity assurance work (IDA), please see Identity assurance, procurement 2.

As noted, it looks as though enrolment into IDA would cost 35 times more than GDS previously told us. £30 million was meant to pay for 21 million putative registrations. In the event, it will cover only 600,000 putative registrations.

In a typically clear-headed assessment published in Computer Weekly magazine, Toby Stevens describes the difficulties GDS face with IDA. He also examines the position of suppliers considering a bid. Should they try to become "identity providers" (IDPs)? He has this to say:

... an IDP would need to run a population of 250,000 users in the first year just to have a chance of breaking even. That's going to be a problem for stretched Sales Directors who are evaluating bid risks and trying to determine where to focus their sales resources. Why bid the high-risk job with the deferred payback, when they could go for safer projects with up-front payment ...

I think I’d rather put my money on a 5-horse accumulator than an IDP bid team.

more ►

Friday 4 April 2014

RIP IDA – registration just became 35 times more expensive

No need to say it, it goes without saying, it should be obvious to all but, just in case it isn't obvious to all, IDA is dead.

IDA is the Cabinet Office Identity Assurance programme. And it's dead.

----------

It seems like only yesterday but actually it was 1 March 2012 when Public Servant of the year ex-Guardian man Mike Bracken MBE published Identity: One small step for all of Government.

At that stage, the Cabinet office had "built a new team and delivery plan and a working governance structure to implement Identity Assurance solutions strategically across government", he told us. The team was starting the "exciting challenge" – progress to date unknown – of "creating a trust infrastructure", whatever that is.

The Department for Work and Pensions (DWP) were going to be the "vehicle" for delivering identity assurance (IDA). Get it right for DWP and IDA could be "cut" (copied?) and pasted across the whole of Her Majesty's Government (HMG) to support its digital-by-default policy. That's what he said.

"In the first instance, IDA digital services will be used to support Universal Credit and the Personal Independence Payment, which from 2013 will replace DWP’s current benefit system". Some details were set out in a notice published in the Official Journal of the European Union (OJEU): "The initial DWP services will be required to provide identity assurance for approximately 21 000 000 claimants".

And how much was this all going to cost? Thanks to the Government Digital Service (GDS), the cost of IDA had been cut from DWP's £240 million estimate to just £30 million (= £25 million + VAT).

In the event, two years later, there is still effectively no Universal Credit and there are no "IDA digital services".

But there is a new post on the IDA blog written by Janet Hughes and David Rennie, and there's going to be a new OJEU notice, please see Identity assurance, procurement 2.

We are reminded that "last year we signed contracts with 5 identity providers. These are companies that will verify that users are who they say they are ...".

"Identity providers"? Have you grown accustomed yet to this 21st century science fiction in the British Constitution? Probably not. No-one in the UK has been provided with an identity yet by any of these five companies and there is no sign that anyone ever will be.

Today's IDA post goes on to say that "identity providers are paid each time a user registers with them. The initial contracts cover the first 600,000 registrations. We’re expecting to use all of these this year ...".

Just a minute.

The "initial contracts" were meant to cover 21 million DWP claimants. That's what the OJEU said. Where has this 600,000 figure come from? The goalposts have moved.

The DMossEsq slide rule suggests that value for money, IDAwise, has just plummeted by a factor of 35. At this rate, registering 21 million claimants would cost just over a billion pounds, making DWP's £240 million estimate seem modest by comparison.

GDS now have to plug an enormous hole in their "trust infrastructure". If there ever are any registrations in GDS's non-existent IDA programme, those registrations are going to cost 35 times more than we were first told. And in another two years' time? What will we be asked to believe then?

RIP IDA – registration just became 35 times more expensive

more ►

Thursday 3 April 2014

Estonia – are we nearly there?

This morning's Computer Weekly headline speaks for itself: "Parliamentary computers crash 90 minutes after IT assurances".

There was a "major incident" nine days ago on 25 March 2014 when parliamentarians and their staff had trouble with email and internet access. Joan Miller, Director of Parliamentary IT, emailed her users at 12:28 to say that the problem had been fixed. 89 minutes later at 13:57 it happened all over again, major incident #2.

That's a resilience problem. Like the Government Digital Service's CloudStore being unavailable for several days. Twice. In October and November 2013.

Then there's the security problem. Even when Parliament's IT is up and running smoothly, you will remember, Ms Miller suffers from the Government Digital Service's problem – security isn't important, usability is what matters, please see The Tragedy of the Commons.

Parliament seems to be in danger of enjoying neither resilience nor security.

"Would that work here?", BBC Radio 4 asked last night. In Estonia they seem to have iDemocracy, as recommended by Douglas Carswell. How far along the road to Estonia is the UK? Without resilience, security and identity assurance, not very.