Friday 26 June 2015

Spread the verb

Good services are verbs, bad services are nouns

[What's that supposed to mean? Services aren't verbs or nouns (grammatical objects). They're services. Try finding a National Verb Service dentist.]

verbs poster
To a user, a service is simple [Unless it's complicated]. It’s something that helps them to do something - like learn to drive, buy a house, or become a childminder. It’s an activity that needs to be done. A verb that comes naturally from a given situation that cuts across transactions, call centre menus and around advisors towards its goal. [Has any user in the research lab or anywhere else actually said that? Evidence, please.]
But this isn’t how government sees a service. [Phew.]
For government, services [nouns] are discrete transactions that need to be completed in a particular way. Because of this, they need to be easily identifiable so that the people who are operating them can become familiar with them and assist a user to complete the task. So we’ve given these transactions names, nouns, ["name" and "noun" are not synonymous, "red" is the name of a colour in that it denotes that colour but it's not a noun, it's an adjective, and "apply" denotes an action but it's a verb, not a noun, let's not confuse grammar with metaphysics ...] that help to keep track of them. Things like 'Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 (RIDDOR)' or 'Statutory Off Road Vehicle Notification (SORN)'.
859A1796 (1)img_9426_10279745015_o
'SORNing' a vehicle in order to stop paying tax on it [That's important. We have no trouble in English switching between nouns and verbs and adjectives to achieve the same purpose. That tells us that the grammatical part of speech is independent of the action. Is a gerund a good service?]
The trouble with names like these are [is] that you need to be introduced to them before you can use them, meaning that part of ‘doing a thing’ means learning what government calls the thing you’re trying to do [that's not true, is it, you can paraphrase, you can ask in a foreign language, you can do a Google search, ... is this post itself an example of an applicant seeking a service they can't quite name?].
Imagine walking into [a] crowded room and trying to find a doctor, and only once you’ve learned her name can you ask her to help you. That’s how using a lot of government services works [no, it isn't, the analogy fails].
This confusion drives millions of users to call government call centres for help, or worse [GDS needs to overcome its horror of people], attempt to use a ‘service’ in the wrong way or in the wrong order leading to failure for the user, and vast amounts of unnecessary work for government.
In the past, we used advertising to ‘educate users’ in our nouns, [no, in our services]. Forcing the kind of brand familiarity that came naturally to well used objects like Sellotape, Hoovers or Biros [neither Sellotape nor Hoovers nor Biros is naturally occurring, the analogy fails].
The Directgov advertising scheme that taught the UK to ‘go directgov’ in order to tax a car. [That's marvellous. And what an eye-opener. Almost as if the UK had digital services before GDS existed. "directgov" (naturally occurring?) remains a noun, though – does that make it a bad service?]
But in reality most government services are used only once or infrequently at best [that may be true in reality but in the UK HMRC undertakes 1.24 billion transactions p.a.], so brand familiarity really isn’t very useful [that doesn't follow, you may only rarely use AK47s but it's still useful to know that they're dangerous].
That means people who’ve done it before need to fill in the gap and provide our service for us. For those with the means, that’s a lawyer, accountant, or professional ‘government translator’, for everyone else it’s probably a friend or a family member - whose advice may or may not be right [there's that GDS horror of people again and there's that assisted digital project that keeps on starting].
Quite simply, our services are designed for expert operation, which worked perfectly well when services were provided by trained expert humans, but means that these services don’t work unassisted on the internet [where do all these people go to get training to become expert at using pornography services verbs?].
These noun services [?] aren't helpful. We need to turn them into verb services [?].

Turning nouns into verbs

The first step to fixing this [the problem hasn't been defined yet, it's too early to offer a solution] is [to] find out what your users are actually trying to do when they’re using your service [good idea, who knew?].
Choosing the right verb is difficult [except when it's simple], and will mean that you need to do user research to find out what your users are trying to achieve and how your service fits in with that [good idea, see above].
After several rounds of user testing, the Home Office changed the name of ‘Immigration Health Surcharge’ to ‘check if you need to pay towards your health care in the UK’ ["health", "care" and "UK" are all nouns, not verbs, and what about the possessive adjective "your"? That's not a verb either.] - a service [verb] that allows visitors to the UK to pay for the cost of healthcare [light is dawning – the suggestion is that sometimes a how-to approach to documentation can be helpful, but this is hardly a new suggestion].

Not all verbs are equal [true, but then nobody said they are]

What Verb/s [verbs?] work for users will depend on what your user wants to achieve, but [and] also on how much they know about what government might be able to do for them [and myriad other factors].Copy of Services and service standards - 05-05-2015 (1) [What the government needs the user to do is to apply for a Wildlife Licence, just as much a mixture of nouns and verbs and prepositions and articles as "convert a barn"]

Where your service [verb] starts
Often a user’s perception of what government might be able to do for them is so low that they will skip straight to the noun that they think applies to them [How often? If it's the right noun, that's not a problem].
Our job is to intercept that process. [GDS wants to ban skipping as well as nouns?]
Equally [?] there are things that a user will not presume [then the user will usually be correct] to exist as a single service [verb].
Our job is to understand how that overall task breaks down into smaller tasks a user identifies as something they need help with [hard job].
To add to this, there will be many different users, with many different tasks that will run through a service [verb] that serves many different needs [people are difficult, computers are a lot easier, ...] - like a licence - so a service [verb] might have many different starting points as a user becomes more experienced or their needs become more specific [... they just won't stand still].

Verbs will change the way your service [verb] works [isn't there a bit more to changing services than that?]

In a world of easily shared government as a platform [so not in the UK], services [verbs] will be cheaper and easier to make. When that happens there will be more services [verbs], more closely targeted at user needs.
Service [verb] failure, and the calls and casework associated with it, will remain one of the biggest costs in government [how big?] - and for users - unless we change the way that we work to reflect the needs and language of users.
This isn’t going to be easy. It will mean massive changes to the way that our services [verbs] work as the verb/s [verbs?] we choose to describe them gradually affect what it is they do, but without it we will continue to provide services [verbs] made for a world that no longer exists [dentists are no longer needed?].
We've uploaded the poster shown in the picture above as a PDF. Feel free to download it and spread the word.

Spread the verb

Good services are verbs, bad services are nouns

[What's that supposed to mean? Services aren't verbs or nouns (grammatical objects). They're services. Try finding a National Verb Service dentist.]

verbs poster
To a user, a service is simple [Unless it's complicated]. It’s something that helps them to do something - like learn to drive, buy a house, or become a childminder. It’s an activity that needs to be done. A verb that comes naturally from a given situation that cuts across transactions, call centre menus and around advisors towards its goal. [Has any user in the research lab or anywhere else actually said that? Evidence, please.]
But this isn’t how government sees a service. [Phew.]
For government, services [nouns] are discrete transactions that need to be completed in a particular way. Because of this, they need to be easily identifiable so that the people who are operating them can become familiar with them and assist a user to complete the task. So we’ve given these transactions names, nouns, ["name" and "noun" are not synonymous, "red" is the name of a colour in that it denotes that colour but it's not a noun, it's an adjective, and "apply" denotes an action but it's a verb, not a noun, let's not confuse grammar with metaphysics ...] that help to keep track of them. Things like 'Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 (RIDDOR)' or 'Statutory Off Road Vehicle Notification (SORN)'.
859A1796 (1)img_9426_10279745015_o
'SORNing' a vehicle in order to stop paying tax on it [That's important. We have no trouble in English switching between nouns and verbs and adjectives to achieve the same purpose. That tells us that the grammatical part of speech is independent of the action. Is a gerund a good service?]
The trouble with names like these are [is] that you need to be introduced to them before you can use them, meaning that part of ‘doing a thing’ means learning what government calls the thing you’re trying to do [that's not true, is it, you can paraphrase, you can ask in a foreign language, you can do a Google search, ... is this post itself an example of an applicant seeking a service they can't quite name?].
Imagine walking into [a] crowded room and trying to find a doctor, and only once you’ve learned her name can you ask her to help you. That’s how using a lot of government services works [no, it isn't, the analogy fails].
This confusion drives millions of users to call government call centres for help, or worse [GDS needs to overcome its horror of people], attempt to use a ‘service’ in the wrong way or in the wrong order leading to failure for the user, and vast amounts of unnecessary work for government.
In the past, we used advertising to ‘educate users’ in our nouns, [no, in our services]. Forcing the kind of brand familiarity that came naturally to well used objects like Sellotape, Hoovers or Biros [neither Sellotape nor Hoovers nor Biros is naturally occurring, the analogy fails].
The Directgov advertising scheme that taught the UK to ‘go directgov’ in order to tax a car. [That's marvellous. And what an eye-opener. Almost as if the UK had digital services before GDS existed. "directgov" (naturally occurring?) remains a noun, though – does that make it a bad service?]
But in reality most government services are used only once or infrequently at best [that may be true in reality but in the UK HMRC undertakes 1.24 billion transactions p.a.], so brand familiarity really isn’t very useful [that doesn't follow, you may only rarely use AK47s but it's still useful to know that they're dangerous].
That means people who’ve done it before need to fill in the gap and provide our service for us. For those with the means, that’s a lawyer, accountant, or professional ‘government translator’, for everyone else it’s probably a friend or a family member - whose advice may or may not be right [there's that GDS horror of people again and there's that assisted digital project that keeps on starting].
Quite simply, our services are designed for expert operation, which worked perfectly well when services were provided by trained expert humans, but means that these services don’t work unassisted on the internet [where do all these people go to get training to become expert at using pornography services verbs?].
These noun services [?] aren't helpful. We need to turn them into verb services [?].

Turning nouns into verbs

The first step to fixing this [the problem hasn't been defined yet, it's too early to offer a solution] is [to] find out what your users are actually trying to do when they’re using your service [good idea, who knew?].
Choosing the right verb is difficult [except when it's simple], and will mean that you need to do user research to find out what your users are trying to achieve and how your service fits in with that [good idea, see above].
After several rounds of user testing, the Home Office changed the name of ‘Immigration Health Surcharge’ to ‘check if you need to pay towards your health care in the UK’ ["health", "care" and "UK" are all nouns, not verbs, and what about the possessive adjective "your"? That's not a verb either.] - a service [verb] that allows visitors to the UK to pay for the cost of healthcare [light is dawning – the suggestion is that sometimes a how-to approach to documentation can be helpful, but this is hardly a new suggestion].

Not all verbs are equal [true, but then nobody said they are]

What Verb/s [verbs?] work for users will depend on what your user wants to achieve, but [and] also on how much they know about what government might be able to do for them [and myriad other factors].Copy of Services and service standards - 05-05-2015 (1) [What the government needs the user to do is to apply for a Wildlife Licence, just as much a mixture of nouns and verbs and prepositions and articles as "convert a barn"]

Where your service [verb] starts
Often a user’s perception of what government might be able to do for them is so low that they will skip straight to the noun that they think applies to them [How often? If it's the right noun, that's not a problem].
Our job is to intercept that process. [GDS wants to ban skipping as well as nouns?]
Equally [?] there are things that a user will not presume [then the user will usually be correct] to exist as a single service [verb].
Our job is to understand how that overall task breaks down into smaller tasks a user identifies as something they need help with [hard job].
To add to this, there will be many different users, with many different tasks that will run through a service [verb] that serves many different needs [people are difficult, computers are a lot easier, ...] - like a licence - so a service [verb] might have many different starting points as a user becomes more experienced or their needs become more specific [... they just won't stand still].

Verbs will change the way your service [verb] works [isn't there a bit more to changing services than that?]

In a world of easily shared government as a platform [so not in the UK], services [verbs] will be cheaper and easier to make. When that happens there will be more services [verbs], more closely targeted at user needs.
Service [verb] failure, and the calls and casework associated with it, will remain one of the biggest costs in government [how big?] - and for users - unless we change the way that we work to reflect the needs and language of users.
This isn’t going to be easy. It will mean massive changes to the way that our services [verbs] work as the verb/s [verbs?] we choose to describe them gradually affect what it is they do, but without it we will continue to provide services [verbs] made for a world that no longer exists [dentists are no longer needed?].
We've uploaded the poster shown in the picture above as a PDF. Feel free to download it and spread the word.

Tuesday 23 June 2015

RIP IDA – who knows what they're talking about?

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

22 June 2015, and Janet Hughes says:
GOV.UK Verify (RIP) offers people a convenient, secure way to prove their identity when accessing digital government services. It does not have any other connection with or ability to monitor people or their data.
Funny thing to say.

Why did she say that?

And why did she go on to say:
GOV.UK Verify (RIP) protects users' privacy. It has been designed to meet the principles developed by our privacy and consumer advisory group [PCAG]. GOV.UK Verify (RIP) does not allow for mass surveillance.
The answer is, she had to.

Because four academics published a paper saying that GOV.UK Verify (RIP) is not secure and that it fails to implement the PCAG privacy principles and that it could provide a platform for mass surveillance.

Remember, if there's an impossible job to do, the Government Digital Service (GDS) call for Janet Hughes. This may be her most impossible job yet.

Oi, UK.gov, your Verify system looks like a MASS SPY NETWORK, as ElReg demurely put it. Government Digital Service insists Verify safe despite claims of vulnerabilities, according to Computer Weekly. Or as Government Computing would have it, Government rejects ID assurance study’s security fears.

The academics are Messrs Luís T. A. N. Brandão and Nicolas Christin of Carnegie Mellon University, George Danezis of University College London and someone called Anonymous, apparently also known as 06ac01f8898481dd 2acdaacbe7cea1fd 5cdec8e65fe87db5 8605e865b1860f8e. It is unknown which university 06ac01f8898481dd works at, if any.

Their paper, Toward Mending Two Nation-Scale Brokered Identification Systems, is published in Proceedings on Privacy Enhancing Technologies 2015. Note that:
  • It's not just GOV.UK Verify (RIP) that they criticise but also the US equivalent, the Federal Cloud Credential Exchange (FCCX), recently rebranded as Connect.GOV.
  • They don't just criticise, they also make recommendations how to overcome the failings of both systems.
"We welcome the paper, and its contribution to the developing pool of knowledge and ideas about digital identity assurance", says Ms Hughes, "we are working with the author of the paper to clarify this aspect and provide assurance on the issues raised. We have invited one of the authors, Dr Danezis, to join our privacy and consumer advisory group (and we are pleased he has accepted the invitation), so that we can continue to consult a range of experts and privacy and consumer groups on our approach to these important issues".

Pure Mandarin. GDS must be furious and may feel threatened by this particular pool developing. RIP IDA and all that. They wouldn't have responded to the ElReg article so very quickly otherwise.

What the academics say, in a nutshell, is (p.8) ...
... or to put it more technically, everything GDS have told us about their identity hub is a pack of lies, GOV.UK Verify (RIP) isn't secure and it doesn't protect our privacy.

Ms Hughes disagrees. She asserts the opposite. That's her job.

Which of them knows what they're talking about? Who's right?

----------

Updated 29.6.15

The nuts and dolts of security

It's a week now since the four academics' paper came to light alleging that there are gaping holes in the security and the privacy of GDS's identity hub. Maybe they're right. Maybe they're not, we still don't know. GDS have denied the allegations but, without adducing any evidence in support of their denial, that doesn't amount to much.

Paul George Danezis, one of the academics who criticises the design of the identity hub, says "in 2015, it is very strange that this is considered acceptable. If this system had been peer reviewed it would not have been passed even 15 years ago", and is recorded as suggesting that GDS are simply incompetent, not up to the job: "Perhaps GDS did not have the expertise, or appreciate the need for expertise to deal with this".

And then there's Kevin Curran.

The cricketer?

No. "Kevin Curran is a Reader in Computer Science and group leader for the Ambient Intelligence Research Group. Dr Curran has made significant contributions to advancing the knowledge of computer networking evidenced by over 800 published works. He is a regular contributor to BBC radio & TV news in the UK and is an IEEE Technical Expert for Security and a member of the EPSRC Peer Review College."

That Kevin Curran.

He was interviewed by SC Magazine UK, "the magazine for IT security professionals", who say "he described the plan to provide a UK-wide decryption hub as 'nuts. Not because it cannot be done technically but because it is quite simply nuts', he warned".

We get one more "nuts" in the Curran interview, then a "dumb" followed by an "un-implementable", before "Curran said that there are issues that most of the 'UK government numbskulls are unaware of ... it is pretty obvious that they have completely ignored the advice that any security expert would have given them' ...".

It is not known whether GDS welcome Dr Curran's comments as much as Paul George Danezis's.

The reputations of nine "identity providers" depend on the identity hub being secure, as promised by GDS, impossibly, and on its respecting everyone's personal privacy.

Experian, Digidentity, the Post Office, Verizon et al may now all be having second thoughts. They can probably live with a university lecturer calling them nuts. They can't withstand their shareholders following suit.

They lose control of their reputations once they depend on GDS's identity hub. Why take the risk?

There's nothing we doltish members of the proletariat can do to force GDS's hand. Their suppliers, though, the "identity providers", have leverage.

Expect an announcement soon, clarifying GDS's stance on the design of their identity hub.

And don't be at all surprised if the date changes in GDS's promise to have GOV.UK Verify (RIP) up and running nationwide by March 2016.


Updated 1.7.15

GDS continue to market GOV.UK Verify (RIP) as secure. Or safe.

That comes as a surprise to many of us, who weren't born yesterday, and who are faced with the daily diet of cybersecurity breaches served by the media, take for example yesterday's Audit finds new flaw at US Office of Personnel Management: "TEN MILLION people now counted as victims of original GovSec SNAFU".

The gormless promise of security must come as even more of a surprise to those working in the cybersecurity industry with, let's say, 14 years experience up at the sharp end, one of whom kindly sent DMossEsq a link to Secure Web Hosting for Client X, 4 May 2001 – and May 4th be with him.

Client X asked their security advisor to provide a 100% secure web server. CESG certified, the advisor made two proposals, as you will see in the link.

The first proposal involves ten steps which gradually reveal the enormity of the problem.

The second is shorter: "Don't implement a Web Server until you have a clue".

Nothing has changed in the intervening 14 years cybersecuritywise.

When will GDS stop making fools of themselves by making promises which everyone by now knows or should know that they can't keep?


Updated 7.7.15

"Tirez sur l'autre, il y en a des cloches attachées"

It's over a fortnight now since GDS told us that "GOV.UK Verify (RIP) offers people a convenient, secure way to prove their identity when accessing digital government services". Do GDS know what they're talking about?

Four academics disagree with GDS and argue that the GOV.UK Verify (RIP) identity hub is full of security holes. Do these academics know what they're talking about?

We don't know. We can't be sure. We have the benefit of the advice of the engaging security expert Peter Bance. In his opinion, if you want your server to be secure/safe, you shouldn't let anyone update the data on it and you shouldn't connect it to any networks and certainly not to the internet. But does Mr Bance know what he's talking about?

We all remember QinetiQ winning a contract to advise the Pentagon on how to counter cyberespionage. This upset HBGary, a small rival of QinetiQ's who pointed out that QinetiQ had themselves been hacked. But then HBGary were hacked, too.

Actually some of you may not remember about QinetiQ and HBGary being hacked. Not to mention Bloomberg and the New York Times. And Lockheed Martin. But a bell may have rung when you read the Guardian newspaper yesterday, Hacking Team hacked: firm sold spying tools to repressive regimes, documents claim. Or maybe you read ElReg, Security world chuckles at Hacking Team’s 'virus torrent' squeals.

Either way, an Italian cybersecurity company, Hacking Team, was itself hacked and had 400 gigabytes of its records published including the alleged records of dodgy dealings with repressive regimes using Hacking Team's products, it is said, to repress people. And journalists.

Just like Gamma International, perhaps, the company that sold FinFisher, a surveillance software product. They were hacked last August.

And so it goes. On. And on and on and on until you're bored stiff reading DMossEsq.

Well that's the point. It's endless. It just goes on. It hits the good guys and it hits the bad guys. They all get hacked. There's no defence. Even if you're an expert. Connect a server to a network, and bang – you're hacked. Just ask the US Office of Personnel Management. Or ask their ten million parishioners, whose personal information has been hacked for months. Or years. No-one knows how long it's been going on.

Boring, yes. Unsurprising. Inevitable, even. But in that case who do GDS think they're kidding/confusing/misleading when they claim that GOV.UK Verify (RIP) is secure? Not you, obviously. "Tirez sur l'autre", you may be tempted to say, "il y en a des cloches attachées".


Updated 10.7.15

As reported in The Register:
5 June 2015Hackers steal files on 4 million US govt workers
30 June 2015TEN MILLION people now counted as victims of original GovSec SNAFU
9 July 2015US govt now says 21.5 million people exposed by OPM hack – here's what you need to know ("... and by the way, that's in addition to the four million people whose records OPM had earlier admitted to letting slip into hackers' hands")
...?
That series may not have finished yet.

From what you've seen of GOV.UK Verify (RIP), what reason is there to suppose that it will not one day embark on the same progression? What will you do then?


Updated 27.3.16

The Government Digital Service (GDS) told us the other day How we work with experts to make GOV.UK Verify [RIP] better: "We take the protection of GOV.UK Verify [RIP] and the security of our users and their data very seriously ... The privacy of our users comes first in everything we do ... Working with - and learning from - a wide variety of experts helps us make GOV.UK Verify [RIP] better for users".

GDS are responding here to the paper published by George Danezis and others describing security vulnerabilities in the identity hub for GOV.UK Verify (RIP). They are confident that they are doing the best they can.

The National Health Service disagree, Gov.uk Verify [RIP] not secure enough for NHS, says HSCIC: "The government’s Verify identity verification platform isn’t secure enough for the NHS, so Liverpool Clinical Commissioning Group and HSCIC are working to add extra levels of security".

Who knows what they're talking about?


Updated 27.1.17

Take a look at the tweets alongside. One Andy Pearce taps a slow serve over the net at the Government Digital Service (GDS): "... if an identity is hacked does that not open up more vulnerabilities"?

All they have to do is return the ball and see what Mr Pearce does with it. Instead of which, GDS lose the point in the most embarrassing way possible: "GOV.UK Verify [RIP] is built so that there’s no single point of weakness/failure".

What about the identity hub that GDS are so proud of building? Isn't that a single point weakness/failure?

Yes it is, please see above.

What GDS said in answer to Mr Pearce is blatantly false. It relies on what the Trump administration refers to as an "alternative fact". North Korea, maybe, but we don't expect this behaviour in Whitehall.


RIP IDA – who knows what they're talking about?

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

22 June 2015, and Janet Hughes says:
GOV.UK Verify (RIP) offers people a convenient, secure way to prove their identity when accessing digital government services. It does not have any other connection with or ability to monitor people or their data.
Funny thing to say.

Why did she say that?

And why did she go on to say:
GOV.UK Verify (RIP) protects users' privacy. It has been designed to meet the principles developed by our privacy and consumer advisory group [PCAG]. GOV.UK Verify (RIP) does not allow for mass surveillance.
The answer is, she had to.

Wednesday 17 June 2015

RIP IDA – "we've make a mistake"

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.



Can GOV.UK Verify (RIP) Win an Emmy?
30 June 2014, only a year ago, saw the historic release of Identity Assurance Demonstration. Children have all lived in delicious fear of the sinister "identity providers" ever since:




GOV.UK Verify (RIP) Breaks Credit Ratings Record
The catchphrases caught on worldwide. "I had my identity initially verified by Experian", one fan would say knowingly to another. "Me, I'm a Digidentity girl", another would say, while others still would attend GOV.UK Verify (RIP) festivals dressed only in the colours of the Post Office.

Hysteria reached fever pitch when the fourth "identity provider" was due to be revealed to the world. Who would Mooncalf Productions cast in the rôle of Mydex?

And then, a PR disaster. William Heath's agent couldn't agree terms with Aviation House, the West Hollywood studio.

Or was it?

Was it a disaster?

Perhaps the marketing experts know what they're doing after all because, instead of Mydex, 24 March 2015 saw the long-awaited release of GOV.UK Terrify and introduced the spine-chillingest "identity provider" of them all, Verizon:




GOV.UK Verify (RIP) Gets Third Season
The fever reached hysteria pitch now. We were promised five more screen monsters to frighten the children with:
  • Barclays (the bank).
  • GB Group (no-one's sure but probably nearly as evil as a bank).
  • Royal Male (seriously).
  • PayPal (yes PayPal, seriously, the ones who flounced off the set once before).
That's four. And the fifth one – Morpho.

Inspired.

Borrowed from The Matrix, the "identity provider" who turns your eyes into a template and mashes them with your fingertips, the bi-modal biometrics alien from outer space, or at least from France.


GOV.UK Verify (RIP), the Videogame
With febrile hysteria now pitching, Mooncalf finally made an announcement yesterday:


GOV.UK Verify is the new way to prove your identity when accessing digital government services. Here's how it works identityassurance.blog.gov.uk/?p=855


How GOV.UK Verify works - a film

Story thumbnailHere's a short film demonstrating how a certified company verifies your identity the first time you use GOV.UK Verify.If you're interested to know more about how GOV.UK Verify works you can


At last. The third series. All that expectant tension could be released.

No, it couldn't.

The link in the Tweet only led back to GOV.UK Terrify, the March 2015 film.


Some sort of a joke?
The fans weren't amused:



Mooncalf weren't exactly repentant


What feedback?

Then they seemed to see sense, although they had some trouble expressing it:


We've make a mistake
"We've make a mistake"? They sure have, because today they did indeed release the same film, but with eight seconds edited out at about 1'45" (hat tip @EerkeBoiten) – the eight seconds in which Ms Hughes (for it is she, if there's an impossible job, send for Janet Hughes, that one) tells us that ...

... oh, never mind, it doesn't matter any more, because now it's never going to be the same again ...

... and Mooncalf are going to go down in history as the impressarios who could have made it big, Britain's Got Talent, anything, sky's the limit ...

... and then they snatched disaster from the jaws of defeat. RIP IDA – who's going to ruin their career and appear in one of Mooncalf's productions now?

Eight seconds short of an Oscar

RIP IDA – "we've make a mistake"

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.



Monday 15 June 2015

Eat your heart out, Tech City UK

Tech City UK, meet your nemesis – Angers, la Cité des objets connectés.

Connecté avec quoi?

Inauguration de la Cité de l'objet connecté:
De gauche à droite pour dévoiler la plaque inaugurale: Christophe Béchu, Christophe Clergeau, François Hollande et Thierry Sachot. (Photo: Thierry Bonnet/Ville d'Angers)
Connecté avec le string, paraît-il.

Eat your heart out, Tech City UK

Tech City UK, meet your nemesis – Angers, la Cité des objets connectés.

Connecté avec quoi?

Inauguration de la Cité de l'objet connecté:
De gauche à droite pour dévoiler la plaque inaugurale: Christophe Béchu, Christophe Clergeau, François Hollande et Thierry Sachot. (Photo: Thierry Bonnet/Ville d'Angers)
Connecté avec le string, paraît-il.

RIP IDA – “It’s not our IT system; it’s the Cabinet Office’s”

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

Her Majesty's Revenue and Customs (HMRC) offer their parishioners several digital public services, among others Tax credit renewals and Transferable tax allowance. People are having problems using these digital services because they can't get past GOV.UK Verify (RIP).

Public services are services which the public are entitled to. GOV.UK Verify (RIP) is denying the public their rights.

The problem is that people can't register for a GOV.UK Verify (RIP) on-line ID without a passport or a photo-ID driving licence. Even with those documents, they can't register if they don't have a substantial credit history. Even with a substantial credit history, they can't register if they're not moderately computer-literate. Even with moderate computer literacy, they can't register if they don't have access to the internet.

These problems are well-known now and always have been. The Government Digital Service (GDS) claim to be solving them through their assisted digital initiative.

They've been claiming that since 28 July 2011 and they still are claiming it, please see All aboard: 18 months of assisted digital, 4 June 2015. It remains the case that, as the Daily Mail newspaper put it, talking about the Transferable tax allowance service, Thousands miss out in marriage tax fiasco, "HMRC's problem centres on a £25million computer system called Verify".

This matter has come to the attention of Clare McDonald, the business editor of Computer Weekly magazine. She's been talking to HMRC and reports as follows:
“No one will miss out on the Marriage Allowance because of difficulties with online verification. People can apply at any stage in the tax year and get the full entitlement regardless of when they claim,” said an HMRC spokesperson.

“It’s not our IT system; it’s the Cabinet Office’s,” the spokesperson added.
The Cabinet Office is the home of GDS and, understandably enough, HMRC want to make it clear that the dereliction of duty lies with GDS, and not HMRC, “it’s not our IT system; it’s the Cabinet Office’s”.

Ms McDonald concludes that:
Although the Verify scheme is still in its trial stage, these issues highlight the difficulties the Cabinet Office’s “digital by default” plans can bring for particular demographics, including vulnerable members of the public, people without the necessary documentation and those who do not have access to the internet.
"Particular demographics" means people. Here in the UK, public services are for everyone, not just well-connected iPhone users with a long credit history. GDS need to acknowledge reality. RIP IDA.

----------

Updated 20.1.15

Ms McDonald returned to the subject of GOV.UK Verify (RIP) on 11 June 2015, please see Is HMRC making tax more taxing for non-digital taxpayers?. It's not HMRC's system. And even GDS are trying to keep their distance:
GDS identifies need for testing [nothing gets past them]

GDS has highlighted the need for significant provisions and funding for HMRC to include the assisted digital user base during beta testing, as part of its latest assessment of the progress on developing the personal tax account system ...

The GDS team’s assessment of the project found that, although several “assisted digital users” had been identified, there had not been sufficient testing to register their needs. GDS said the system needed “substantial work” to focus on the needs of this type of user.
If it's not HMRC's problem and it's not quite GDS's either, whose is it?

Expect to see Mark Dearnley hung out to dry at some point. Him, and also the non-performing assisted digital team, whose presence here on earth has had no detectable effect.

But when?

HMRC and GDS had better hurry up about it because even ex-tax inspectors are now publicising the problem, "BBC's Linda McAuley interviews ex Tax Inspector Adrian Huston about how some find online verification difficult":



Some of the demographics out there – "people", as we used to call them – may begin to wonder whether HMRC and GDS are being entirely truthful when they say that "no one will miss out on the Marriage Allowance because of difficulties with online verification". That's not how it looks.

RIP IDA – “It’s not our IT system; it’s the Cabinet Office’s”

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

Her Majesty's Revenue and Customs (HMRC) offer their parishioners several digital public services, among others Tax credit renewals and Transferable tax allowance. People are having problems using these digital services because they can't get past GOV.UK Verify (RIP).

Public services are services which the public are entitled to. GOV.UK Verify (RIP) is denying the public their rights.