Sunday, 8 November 2015

WrinklesInTheMatrix: Mark Thompson 1

Earlier wrinkles:
14 October 2011Francis Maude
14 October 2011Oliver Letwin
14 October 2011Ian Watmore
14 November 2011Mike Bracken
Mark Thompson believes that 1½ million public servants could be laid off and £35.5 billion could be saved as a result, if only the UK civil service followed the example of Spotify, eBay, Airbnb, Rightmove, Uber and Amazon.

Any number of people believe the same thing. Douglas Carswell MP, for example, the UK Member of Parliament who wrote The End of Politics and the Birth of iDemocracy, reviewed here in February 2013.

Even HMRC may believe it. Her Majesty's Revenue and Customs are trying to break their giant ASPIRE contract into lots of little ones which is part of the Mark Thompson prescription. ASPIRE is unwieldy and ponderous. And expensive. Replace it with a lot of nimbler and more innovative contracts, and the result might be more efficient and cheaper. The question is, how do you get from ponderous to nimble?

HMRC have hired Bain & Company, the management consultants, to answer that question. Mr Thompson thinks that it's management consultants who got HMRC into the ASPIRE mess in the first place.

He may be right to be pessimistic about Bain's assignment. But if Mr Thompson had specified how to achieve his £35.5 billion of projected savings, then HMRC wouldn't have had to call in Bain.

Mr Thompson rejects that criticism, ruefully asserting that HMRC and others don't listen to people like him. You may get the impression of Mr Thompson as a lone thinker coming up with great ideas that Whitehall are too hoity-toity to listen to, a powerless Mr Thompson signalling to distant central government departments while trying to stay afloat in a sea of pathos.

But, there's a wrinkle.

Mr Thompson is a "University Senior Lecturer in Information Systems" at the University of Cambridge Judge Business School and according to his profile on their website:
Mark has 22 years of information and systems and change management experience and is currently Strategy Director & Co-owner, Methods Group, where he has created two thriving startups since 2011 (Methods Advisory and Methods Digital). He is a member of the National Audit Office's Digital Advisory Panel, and was until recently a Main Board Member, Intellect UK (now TechUK), and is also a member of the CBI 21st Century Public Services Task and Finish Group. Prior to Methods, Mark was a Change Management Consultant at Accenture.

Mark is acknowledged within the public domain as one of architects of Open Innovation thinking within the UK public sector. In 2007-8 he was a senior adviser to UK Shadow Cabinet under George Osborne, for whom he delivered an influential report proposing widespread adoption of open standards in government IT that has since become policy, helping to create a sea-change in the way the government approaches and uses technology. Mark was credited by Cabinet Office Minister Francis Maude as having laid the foundation for the government's current technology procurement strategy and has subsequently authored, co-authored, or significantly influenced a series of white papers, policy documents, and a parliamentary report. Such papers include a think-tank document, Better for Less with Liam Maxwell, which formed the strategy for Cabinet Office's Efficiently and Reform Group, a journal article that has been widely shared in government, the Government IT Strategy and Strategic Implementation Plan.

Mark is a regularly invited industry and government speaker, and is pioneering these ideas in practice through London-based Methods Group, where he is delivering radical, often disruptive transformation with over 15 pathfinding government organisations. He has appeared in digital panels at both Labour and Conservative Party conferences - as well as critiquing some of the early policy developments for the coming manifesto period.

Mark is a Fellow of the Royal Society of Arts, and a Visiting Professor at Surrey Business School.
Far from helpless, he is keen to make it clear in his profile how much he has the ear of the very most senior members of the executive.

Then. And now. Only the other day, the Cabinet Office Minister appointed Mr Thompson to a "Steering Group of digital and data visionaries" who will guide the UK's move to "data-driven government".

Is it really the case that HMRC won't listen to Mr Thompson?

His company, Methods, lists the Ministry of Defence, the Ministry of Justice and the Home Office among its clients, who presumably pay to listen to him. The National Audit Office listen to him, as do the CBI and TechUK. George Osborne, Francis Maude and Liam Maxwell listen to him. That gets him HM Treasury and the Cabinet Office plus maybe the Department for Business Innovation and Skills. His students at the Judge Business School and the Surrey Business School must listen to him. Etc ...

No. More likely, HMRC listened to Mr Thompson advocating his Airbnb idea for Whitehall, there was a gap where there should be a clear plan and they decided they'd better get Bain in to make sense of it.

WrinklesInTheMatrix: Mark Thompson 1

Earlier wrinkles:
14 October 2011Francis Maude
14 October 2011Oliver Letwin
14 October 2011Ian Watmore
14 November 2011Mike Bracken
Mark Thompson believes that 1½ million public servants could be laid off and £35.5 billion could be saved as a result, if only the UK civil service followed the example of Spotify, eBay, Airbnb, Rightmove, Uber and Amazon.

Any number of people believe the same thing. Douglas Carswell MP, for example, the UK Member of Parliament who wrote The End of Politics and the Birth of iDemocracy, reviewed here in February 2013.

Even HMRC may believe it. Her Majesty's Revenue and Customs are trying to break their giant ASPIRE contract into lots of little ones which is part of the Mark Thompson prescription. ASPIRE is unwieldy and ponderous. And expensive. Replace it with a lot of nimbler and more innovative contracts, and the result might be more efficient and cheaper. The question is, how do you get from ponderous to nimble?

HMRC have hired Bain & Company, the management consultants, to answer that question. Mr Thompson thinks that it's management consultants who got HMRC into the ASPIRE mess in the first place.

He may be right to be pessimistic about Bain's assignment. But if Mr Thompson had specified how to achieve his £35.5 billion of projected savings, then HMRC wouldn't have had to call in Bain.

Mr Thompson rejects that criticism, ruefully asserting that HMRC and others don't listen to people like him. You may get the impression of Mr Thompson as a lone thinker coming up with great ideas that Whitehall are too hoity-toity to listen to, a powerless Mr Thompson signalling to distant central government departments while trying to stay afloat in a sea of pathos.

But, there's a wrinkle.

Thursday, 5 November 2015

Does my register look canonical in this?

Cast your mind back seven months to 27 March 2015 and an interview given to TechRepublic magazine's Alex Howard by ex-Public Servant of the Year ex-Guardian man Mike Bracken ex-CDO ex-CDO CBE, ex-executive director of the Government Digital Service (GDS) and ex-senior responsible owner of the pan-government identity assurance programme now known as "GOV.UK Verify (RIP)".

Mr Bracken was the government's chief data officer at the time, that's one of his CDOs, and Mr Howard was trying to find out what a CDO does.

A CDO has to solve problems, Mr Bracken told him. Problems like multiple lists of the same things: "In the absence of standards, we have allowed a growing number of competing registers of data. There are literally multiple lists of the same things".

And the solution? These registers must become canonical: "We need to make decisions about what registers and data are canonical, and we need to work out some basics, like what an open address format should look like [?]".

Once our registers are canonical, as you know, the economy will grow like topsy and public services will become efficient and trusted and green. But before that could happen Mr Bracken left Whitehall and now it's all eyes on Paul Downey, a Technical Architect at GDS.

Mr Downey makes the link between Government as a Platform (GaaP) and canonical registers. Public services rest on shared platforms, he says. And shared platforms rest on canonical registers, which are, in Mr Downey's words, "authoritative lists you can trust".

We've got a few platforms, according to GDS. The award-winning GOV.UK, for example, is the government's publishing platform. GOV.UK Verify (RIP) is the government's identity assurance platform. There's a government performance platform with 801 dashboards all blaring numbers at you that may or may not measure the performance of public services. And even as we speak a government payments platform is taking its first tottering steps from discovery to alpha.

So we've got some platforms, but what about registers, and are they canonical?

3 November 2015
The Minister for Cabinet Office Matt Hancock spoke about data-driven government at the Open Data Institute (ODI) summit

The digital platforms we’re building, led by the brilliant GDS, will depend on strong data foundations.
This is important. Data-driven government depends on the answer. At least that's what Matt Hancock says. And he's the Cabinet Office Minister.

Let's see if we can get ourselves a data-driven answer by turning first to GDS's latest and sixth lack of progress report on GOV.UK Verify (RIP), Government services using GOV.UK Verify [RIP] - November 2015 update.

Table 1 shows the digital government services currently using GOV.UK Verify (RIP). All 13 of them. Is that an "authoritative list you can trust"?

You'd hope so, but the list includes DEFRA's digital claim rural payments service and that doesn't exist. DEFRA and GDS between them couldn't make it work and UK farmers are now using a manual system to claim their Common Agricultural Policy payments. The list also includes HMRC's digital marriage allowance transfer service and people were having trouble using that service because they couldn't register with GOV.UK Verify (RIP).

So is the authoritative number of government digital services using GOV.UK Verify (RIP) 13 or 12 or 11?

One sure-fire way to find out is to check the performance platform for GOV.UK Verify (RIP). If Mr Downey is to be believed, that platform must depend on an authoritative canonical register you can trust.

Take a look. Under "government services", the GOV.UK Verify (RIP) dashboard includes all the services which use it. All 8 of them. Including DEFRA's claim rural payments service. So maybe that should be 7. Either way, it's not 13 or 12 or 11. It's not authoritative. And it doesn't inspire trust. It may be a register. But it's not canonical. And if Mr Hancock is pinning his hopes for data-driven government on "the brilliant GDS" who are responsible for this unfortunate state of inequalities, then he's in a minority of one, and falling.

Does my register look canonical in this?

Cast your mind back seven months to 27 March 2015 and an interview given to TechRepublic magazine's Alex Howard by ex-Public Servant of the Year ex-Guardian man Mike Bracken ex-CDO ex-CDO CBE, ex-executive director of the Government Digital Service (GDS) and ex-senior responsible owner of the pan-government identity assurance programme now known as "GOV.UK Verify (RIP)".

Mr Bracken was the government's chief data officer at the time, that's one of his CDOs, and Mr Howard was trying to find out what a CDO does.

Friday, 16 October 2015

Manzoni: reform and the efficiency of the Civil Service

Apparently yesterday was the third birthday of the Government Digital Service's award-winning GOV.UK, the public face of UK government on-line.

While Steve Uriah Foreshew was cheering on the remainder of the depleted crew, John Manzoni was speaking to Reform about "reform and the efficiency of the Civil Service".

Mr Manzoni is Chief Executive of the civil service and he and Matt Hancock, Cabinet Office Minister, have entertained us before with their views on GDS.

"In the Government’s Major Projects portfolio there are 150 major projects worth £400 billion", Mr Manzoni told Reform, "everything from building aircraft carriers, to engineering new digital services like Verify, to protect citizens identity online". Aircraft carriers, yes, they appear in the Major Projects Authority's 2014-15 report. But GOV.UK Verify (RIP) doesn't.

Mr Manzoni will have cheered up the oarspersons in the GDS lifeboat with "GOV.UK is the model and the vehicle for what we need to do. It has brought nearly 1,900 websites into a single portal, saving significant amounts of money each year". If they ever make landfall, there's more to do – "this is just the start".

What more is there to do?

As the Chief Executive surveys his dominions, what is his top priority for action?

"Digital technology lets us share and join up. So, why, for example, would we duplicate effort and expense, by having numerous different ways for citizens to make payments to government online? Why have departments developing their own systems – when by working to a common goal we could have one – helping users by helping ourselves".

"Numerous"? How many different payment systems are there in the civil service? How much money would be saved by having just one? Who is competent to design that one, single payments system? Mr Manzoni didn't bore Reform with any details by way of an answer.

All he told them was that "this is how Government Digital Service is leading the digital transformation of government – government as a platform – cheaper, simpler, smarter". Oh dear.

Manzoni: reform and the efficiency of the Civil Service

Apparently yesterday was the third birthday of the Government Digital Service's award-winning GOV.UK, the public face of UK government on-line.

While Steve Uriah Foreshew was cheering on the remainder of the depleted crew, John Manzoni was speaking to Reform about "reform and the efficiency of the Civil Service".

Mr Manzoni is Chief Executive of the civil service and he and Matt Hancock, Cabinet Office Minister, have entertained us before with their views on GDS.

"In the Government’s Major Projects portfolio there are 150 major projects worth £400 billion", Mr Manzoni told Reform, "everything from building aircraft carriers, to engineering new digital services like Verify, to protect citizens identity online". Aircraft carriers, yes, they appear in the Major Projects Authority's 2014-15 report. But GOV.UK Verify (RIP) doesn't.

Mr Manzoni will have cheered up the oarspersons in the GDS lifeboat with "GOV.UK is the model and the vehicle for what we need to do. It has brought nearly 1,900 websites into a single portal, saving significant amounts of money each year". If they ever make landfall, there's more to do – "this is just the start".

What more is there to do?

Thursday, 8 October 2015

GDS, blue badgeholders

There was a cri de cœur the other day on the Government Digital Service (GDS) Twitter feed.

We've been here before. The national Blue Badge Scheme, you will remember, "provides a range of parking and other motoring concessions for people who are registered blind or have severe mobility problems". And clearly the on-line application system had given Ms Haworth a hard time.

GDS never tackled Blue Badge. It isn't one of the 25 exemplars included in their grandly titled "government transformation" programme.

Blue Badge is still a Directgov application, on https://bluebadge.direct.gov.uk/directgovapply.html and we've been here before as well. GDS claimed for years that GOV.UK, the award-winning public face of the UK government on-line, had replaced both Directgov and Business Link.


That claim was false for years and it still is, as Ms Haworth among others can testify.

But there has been progress – the misleading claim to have replaced Directgov and Business Link has now at last been removed from GOV.UK's home page.

As it happens, Ms Haworth is the Group Director of Transformation and Delivery at Torus, a company that focuses on "jobs, health, transport links, digital connectivity and housing" in the UK's North West. She may wonder, as may you, why Blue Badge wasn't one of the transformation exemplars.

We don't know the answer but there is an interview in Computer Weekly with Mike Beaven, the sometime director of transformation at GDS. "Critics pointed to several services as being little more than a new web front end on a pre-existing system", says Computer Weekly, "but Beaven defends the exemplars".

Previously he has claimed that "the programme's ended ... we're only just beginning". That was when GDS had to admit that they hadn't managed to deploy all 25 exemplars.

Now he tells Computer Weekly that the question how many exemplars GDS did deploy is irrelevant: "Whether you launch one or 25, it doesn't matter". Oh yes it does.

Mr Beaven has gone now. Like the GOV.UK claim to have replaced Directgov and Business Link.

Computer Weekly say of him that: "His role at GDS was primarily about liaising with the departments responsible for those transactions and generating the sort of collaborative approach that GDS now wants to be seen as its raison d’etre".

Now? GDS now wants liaising and collaborating to be seen as its raison d'être? What was its raison d'être before, you may ask?

Good question.

And when Public Servant of the Year ex-Guardian man Mike Bracken CBE CDO CDO, executive director of GDS and senior responsible owner of the pan-government identity assurance programme now known as "GOV.UK Verify (RIP)", spoke at the October 2013 Code for America Summit he made the answer limpidly clear.

UK public administration is stuck in the 1950s, he told the Americans and anyone else listening, Whitehall is useless, so is UK local government, so are the people behind President Obama's healthcare system, only GDS understand what's needed in today's world and if they're not given their head there'll be riots in the streets.

This vigorous criticism may be undermined in your eyes by the fact that, unlike his targets, Mr Bracken has no experience of government. Nothing daunted, he repeated the message a year later, announcing that "traditional policy-making is largely broken".

Neither liaison nor collaboration was ever on the menu and now he, too, like Mike Beaven and the GOV.UK claim to have replaced Directgov and Business Link, is gone.

Gone where?

God will not be mocked – Mr Bracken has become chief digital officer at The Co-operative Group.

Richard Pope (see valedictory tweet above) is also leaving GDS. We don't know where he's going but we do know where he comes from – 6+ years with mySociety. Which is where Mr Bracken comes from, too, as he told the Code for America Summit in October 2013. And where Tom Loosemore comes from, as he told the Code for America Summit in October 2014.

Who is Tom Loosemore? He's the deputy director of GDS. At least he was. But now, like Richard Pope and Mr Bracken and Mr Beaven and the claim that GOV.UK replaces Directgov and Business Link, he's gone.

Also gone are Russell Davies (strategy director), Ben Terrett (design director) and Leisa Reichelt (head of user research).

People come and go in any organisation. It's only noteworthy when, as in this case, it's the positions at the top which are cleared out and there has duly been a plethora of "whither GDS?" articles and blog posts here, for example, here, here and here. Not to mention here.

The man left holding the parcel, the new executive director of GDS, is one Steven Stephen Foreshew-Cain. It's open season for giving the poor man advice. What would you suggest?

When GDS say something, it must be true. For example:
  • We can't have the public face of government on-line telling us that Directgov and Business Link have been replaced when they manifestly haven't been.
  • We can't have the executive director of GDS giving the impression in public or in private that GDS's government transformation work has made savings equivalent to 4% of UK GDP, as Mr Bracken did at the Code for America Summit in October 2013, ...
  • ... nor that GDS have got 45 million people up and running with on-line identity assurance. It wasn't true then, it still isn't and it never will be, GOV.UK Verify RIP.
  • GDS have got to stop promising that GOV.UK Verify is "secure". They know it isn't and so does everyone else. The same applies to personal data stores.
  • The pretence that agile development is a silver bullet must be dropped ...
  • ... as must the Pied Piper of Hamelin pretence that it is wise, prudent, responsible or green to lose control of our data and our applications by sticking them in the cloud.
  • The claim that GDS is guided entirely by "user needs" has got to be dropped as long as it conflicts, which it always will, with GDS's senior claim that public administration should be "digital by default", by which they seem to mean mandatory that public administration should be on-line and on-line only and the Devil take the hindmost.
The claim that Government as a Platform could save £30 billion a year based on making a laughable analogy between running the UK and running a community nursing scheme has got to be volubly disowned.

GDS have got to clarify their position on data-sharing. There's big data, open data, public data and personal data. GDS say that people own their personal information and that people should have control over how it is used and by whom. They don't say what they mean by "own" here, they provide no "control" and their every action promotes incontinent data-sharing and relies on it. There's a circle for Mr Foreshew-Cain to square.
    And Mike Beaven is right. GDS have to liaise and collaborate with their colleagues in government, not least because it's those colleagues and not GDS who take the rap when something goes wrong, like the ignominious collapse of DEFRA's Basic Payment Scheme. Power without responsibility? GDS will get nowhere and they have got nowhere by pretending childishly that everyone else is stupid and that no-one else understands the biblical import of Amazon, Facebook, Apple, eBay and the internet.

    There's a lot of work for Mr Foreshew-Cain to do ...

    ... which, Ms Haworth may legitimately point out, leaves us still with the Blue Badge problem.

    HMRC have always been the leaders in digital transformation and they always will be. Why? Because they raise money for the government.

    DWP (work and pensions), the NHS (health) and the Department for Education will always be the laggards. Why? Because, unlike Amazon, Facebook, Apple and eBay, they spend government money.

    So does the Blue Badge scheme. It costs money. Cynical prediction:
    • Blue Badge application forms will consequently always be made as hard as possible to complete, ...
    • ... it will always be made as hard as possible to prove that your mother qualifies for a Blue Badge.
    • Applying for a Blue Badge will not be included in any successor to GDS's 25 exemplars programme.
    • And if you think you or your mother can get any help from GDS's assisted digital initiative, just take a look – assisted digital keeps starting and starting again but not assisting.
    ----------

    Updated 9.10.15

    Enough already

    The suggestion is made above that GDS should turn over a new leaf.

    Has anyone read Government as a platform for the rest of us on the GDS blog?

    If that post is to be believed:
    Services will be quicker, easier, and cheaper to create ... With these shared components doing all the hard work behind the scenes, service teams can focus solely on building what their service needs to do ... Another component is data ... we’ve put together design patterns and a development toolkit ... When it's so simple to create services, you can create them as experiments. They can be almost disposable ... Platforms stimulate markets, and markets drive innovation ... If we create platforms based on open standards and interoperability, we automatically create competition and drive innovation ... Services can change as policy and circumstances change ... So when policy changes, or when circumstances force change to happen, it can. Quickly, without fuss ... Everything’s built on standards and designed to interconnect ... Services are closer to policy intent ... That’s what Government as a Platform means. That’s why it matters ...
    But no-one level-headed is going to believe it.

    Components/objects/classes were marketed as the solution to software engineering back in the 1980s, 30 years ago. The benefits promised breathlessly by over-enthusiastic salesmen didn't arrive and there's no reason to believe that they will arrive now with the simple addition of the word "platform".

    You'd have to have been born yesterday.

    You'd have to be soft in the head.

    "Show, don't tell" – that's one of GDS's mottos. We've had the telling for decades from GDS and its predecessors. And for decades we haven't been shown.

    Enough already.

    Time for GDS to turn over a new leaf.



    Updated 10.10.15 #1

    The suggestion is made above that GDS should turn over a new leaf.

    "GDS have got to clarify their position on data-sharing", we said.

    In Government as a platform for the rest of us GDS tell us that:
    Right now, government data is stored in many different ways, frequently duplicated and hard to keep up-to-date. All those problems make it hard to put to good use. We have bad data, not good data.

    When we start building platforms, data becomes another shared component in the system. Standards ensure it is accessible by other components. It is maintained and curated by departmental teams who understand it best. Users are given control over their personal data, so they can choose which services can see it and when.
    It's never quite clear what GDS mean by a "platform" but it is clear that, whatever they mean, platforms entail massive data-sharing which, GDS somehow believe, gives users control over their personal information.

    Is it the users who would have control over their own personal information in GDS's new world?

    Or is it this mythical band of all-wise "departmental teams who understand it best"?

    GDS's bubbly prose, all excited with the novelty and energetic certainty of "platforms", seems to have at its heart the relatively dreary and antique busted flush nostrum first articulated by Douglas Jay in 1937:

    "the gentleman in Whitehall
    really does know better
    what is good for people
    than the people know themselves"


    GDS. Must try harder.


    Updated 10.10.15 #2

    The suggestion is made above that GDS should turn over a new leaf.

    "GDS have got to clarify their position on data-sharing", we said.

    In Government as a platform for the rest of us GDS tell us that:
    Platforms stimulate markets, and markets drive innovation ... Government’s current siloed approach stifles innovation, and leads to various problems ... If we create platforms based on open standards and interoperability, we automatically create competition and drive innovation. That means more providers and lower costs.
    GDS claim that platforms automatically drive innovation. Is that true? Who says? How do they know?

    There is a cadre of open data enthusiasts including Francis-now-Lord Maude of JFDI, David Gauke MP, Professor Sir Nigel Shadbolt, Dr Kieron O'Hara, Stephan Shakespeare and Tim Kelsey (now transported to Australia). According to them, it's open data that stimulates innovation, not platforms.

    They can't both be right, GDS and the open data cadre. They could both be wrong. What do they know about innovation?

    Professor Sir Nigel and Dr O'Hara say in their book The spy in the coffee machine – the end of privacy as we know it that: "sharing information across government databases will dramatically increase governmental powers – otherwise the UK government wouldn't have proposed it" (p.95). That doesn't seem to have anything to do with promoting innovation.

    Never mind the half-baked and contradictory reasoning, whatever the true motive, some people want us to make all our personal information public and they don't mind inverting the British Constitution to have their way.

    Time was when personal information submitted to the UK government was treated by default as confidential. Her Majesty's Revenue and Customs (HMRC), for example, is governed by the Commissioners for Revenue and Customs Act 2005 (CRCA):
    CRCA prohibits the disclosure of information held by HMRC in connection with its functions except in limited circumstances set out in legislation. This prohibition applies to all information held by HMRC in connection with its functions and reflects the importance placed on 'taxpayer confidentiality’ by Parliament when the department was created. There is additional protection for information that relates to an individual or legal entity whose identity is specified in the disclosure or can be deduced from it (‘identifying information’), in the form of a criminal sanction for unlawful disclosure.
    We could depend on it.

    Not now.

    Not any more – at their 2013 Summit at Lough Erne, the G8 issued this Declaration:
    We, the G8, agree that open data are an untapped resource with huge potential to encourage the building of stronger, more interconnected societies that better meet the needs of our citizens and allow innovation and prosperity to flourish ... the UK helped secure the G8’s Open Data Charter, which presumes that the data held by Governments will be publicly available unless there is good reason to withhold it.
    One minute the disclosure of information is prohibited except in limited circumstances set out in legislation. Next minute it's publicly available unless there is good reason to withhold it.

    What's that?

    That's a Constitution being stood on its head, that's what that is, with the thoughtless assistance of GDS. Time to turn over a new leaf.


    Updated 12.10.15

    The suggestion is made above that GDS should turn over a new leaf.

    According to GDS: "If we create platforms based on open standards and interoperability, we automatically create competition and drive innovation".

    Could we have an example, please?

    Yes:
    For example: look at GOV.UK Verify [RIP], which is stimulating the identity services market. It is setting standards, aggregating demand across government and government services, building a whole new market for identity services in the UK. New identity services are springing up and moving from 'clever idea' to 'commercial product' very quickly.
    Clever ideas and commercial products
    Not a very good example, though. "New identity services are springing up and moving from 'clever idea' to 'commercial product' very quickly"? How quickly?

    GOV.UK Verify (RIP) is GDS's putative identity assurance platform. What with all this competition that platforms are supposed to create and all this innovation that is supposed to be driven you might think that there are scores of clever ideas that have already become commercial products.

    Not just scores. Maybe hundreds of them.

    But not a single clever idea based on GOV.UK Verify (RIP) is named. Let alone a commercial product. Ask GDS to name 10 of them. Or five. Maybe they can and they just forgot to mention them. Or maybe they can't and they've confused wishful thinking with reality.

    Aggregating demand across government
    What's all this about "aggregating demand across government and government services"?

    We are familiar with the problems people face today trying to use GOV.UK Verify (RIP) to transfer marriage allowance between spouses/civil partners. Many of them can't get GOV.UK Verify (RIP) to "provide" them with an "identity". Which means they can't get their marriage allowance transferred. Not on-line, at least. Which is embarrassing HMRC.

    Transferring your marriage allowance is a statutory right. GOV.UK Verify (RIP) is coming between people and their rights.

    HMRC's comment? "It’s not our IT system; it’s the Cabinet Office’s".

    GDS call that "aggregating demand". They might more properly call it "failing to satisfy demand".

    Your invitation to the Identity Summit held last Thursday, 8 October 2015, may have been lost in the post. DMossEsq's invitation certainly was. Luckily there is a report in Computer Weekly magazine ...

    ... according to which the NHS looked at GOV.UK Verify (RIP) and rejected it. They don't like the use made of the "identity providers" in GDS's framework. Unless they, the NHS, themselves become an "identity provider". The "identity providers" can't do the identity assurance job they've been appointed to do. The NHS could do it or, to put it another way, the NHS don't need GOV.UK Verify (RIP).

    Once again, what GDS call "aggregating demand" might more properly be called "failing to satisfy demand". Using GOV.UK Verify (RIP) as an example of the guaranteed benefits of platforms is looking less and less like a wise choice.

    And it gets less wise still ...

    Basic accounts
    ... because next day, 9 October 2015, Janet Hughes published Basic identity accounts trial - an update on the identity assurance blog.

    Ms Hughes is the director of the identity assurance programme and she tells us that GDS and the "identity providers" are currently working hard on providing "basic" accounts. A "basic" account is a non-verified account. It's there for people like the marriage allowance transfer claimants above who can't get past GOV.UK Verify (RIP).

    Is this a clever idea? To an outsider that might look like a lot of hard work going into a new GOV.UK Can't Verify (RIP) service. Or it might just look like the end of the road.

    Levels of assurance
    GDS is "setting standards", if you remember.

    What standards?

    Consider. GOV.UK Verify (RIP), on those occasions when it works, verifies your identity. So they say. But how confident can a public authority like HMRC be that you are who you say you are? The answer is, according to GDS, that there are different levels of assurance. One standard that GDS have set, among others, is for the different levels of assurance.

    LoA3 (level of assurance 3), for example, means that the "identity provider" has evidence good enough for a criminal court that you are who you say you are. LoA2 is good enough for a civil court. LoA1 is just self-certification and is of little value to anyone.

    No-one has yet reached LoA3 with GOV.UK Verify (RIP) and, according to OIX, they haven't reached LoA2 either.

    OIX is the Open Identity Exchange and they're GDS's business partner in identity assurance. They say that the current "identity providers" can't do their identity assurance job. GOV.UK Verify (RIP) needs the banks on board. Adding the banks "would help [to] achieve the required standards against the 5 elements of identity assurance at level of assurance 2", please see The use of bank data for identity verification, p.11.

    Misleading the public
    GDS remind us that despite these problems Ms Hughes tried to enthuse 200 entrepreneurs at the Follow the Entrepreneur conference held on 4 September 2015. GOV.UK Verify (RIP) with its sub-LoA2 identities rejected by the NHS and causing embarrassment to HMRC not to mention frustration to the civilian population is the perfect platform on which these entrepreneurs can convert "clever ideas" into "commercial products". That is presumably the GDS pitch.

    And a surprising pitch it must seem not only to the entrepreneurs but also to the aforementioned civilians who have so far been led to believe that GOV.UK Verify (RIP) is only meant to allow them to transact with government – "GOV.UK Verify [RIP] is the new way to prove who you are online, so you can use government services like viewing your driving licence or filing your tax".

    Not having been prepared for it, the public may be a little upset to discover that it's also meant to provide a platform for "commercial products". They may feel that they have been misled.

    Couldn't GDS have chosen a better example to demonstrate the merits of platforms?

    Presumably not.

    Time to turn over a new leaf.


    Updated 19.10.15

    The suggestion is made above that GDS should turn over a new leaf.

    It doesn't seem to be happening.

    To mark the third birthday of the award-winning GOV.UK, the public face of the UK government on-line, the Government Digital Service (GDS) tweeted a lot of brightly-coloured numbers:


    There are 60 million of us in the UK, every one of us has some sort of interaction with the government and GOV.UK is pretty well the only show in town. Is 909,309,367 a lot of views? How many views should there be? Is this a case of the more the better? Perhaps there shouldn't need to be so many views – are we perhaps looking at failure? God knows what these numbers are meant to demonstrate. DMossEsq wanted to know, too:


    No answer, of course.

    But then New Zealand came on the line.

    New Zealand, you should know, have actually got on-line identity assurance up and running, unlike some people we could mention, no names no pack drill GOV.UK Verify (RIP). And they were impressed:


    Why? Why were they impressed? What had impressed them about the brightly-coloured numbers? What did New Zealand think these numbers demonstrate? DMossEsq asked and, unlike dealing with GDS, back came the answer:


    GDS used to house the UK government's chief data officer. They're supposed to be helping the Office for National Statistics (ONS) with the collection and presentation of UK metrics. And they've managed to mislead the public authority of New Zealand into believing that there have been 909 million logins to GOV.UK Verify (RIP).

    A quick perusal of the GOV.UK Verify (RIP) dashboard will leave you, too, confused. There seem to have been 0.725 million "authentications" to date including 0.185 million from "basic" accounts. "Basic" accounts are accounts which GOV.UK Verify (RIP) couldn't verify. "Authentications" seems to be the sum of the number of accounts created and the number of sign-ins.

    Whatever it does mean, it doesn't mean 909 million logins and New Zealand have now changed the object of their congratulations:


    Good luck to the ONS.

    Time for GDS to turn over a new leaf.


    Updated 3.11.15

    The suggestion is made above that GDS should turn over a new leaf.

    Sad, but it doesn't seem to be happening, Steve Foreshew isn't getting a grip.

    GDS's identity assurance service, GOV.UK Verify (RIP), is meant to verify people's identity. Thus the name, "GOV.UK Verify (RIP)". Faced with their inability to reach level of assurance 2 – verification acceptable to the civil courts – what have GDS done?

    Answer, they've introduced so-called "basic" GOV.UK Verify (RIP) accounts, level 1 accounts, self-certification, unverified accounts on which neither Whitehall departments nor private sector entrepreneurs can rely.

    Not only that, they've reduced the number of pieces of evidence required to verify identity from three to two, thereby diluting the assurance. And, the last refuge of the scoundrel, they've introduced face recognition biometrics into the verification process, "you can take a photo of yourself instead of answering questions based on credit history".

    Mr Foreshew may also like to take a look at the progress reports which his GDS colleagues publish on GOV.UK Verify (RIP):
    • The sixth progress report was published yesterday and maintains the tradition of moving all the deadlines forward several months from the previous report without achieving any progress in between.
    • It also continues to include in the list the digital services to which GOV.UK Verify (RIP) is connected (see Table 1) digital services which don't exist (DEFRA/Claim rural payments) and digital services to which GOV.UK Verify (RIP) is not connected (HMRC/Marriage allowance).
    Time for GDS to turn over a new leaf.

    GDS, blue badgeholders

    There was a cri de cœur the other day on the Government Digital Service (GDS) Twitter feed.

    We've been here before. The national Blue Badge Scheme, you will remember, "provides a range of parking and other motoring concessions for people who are registered blind or have severe mobility problems". And clearly the on-line application system had given Ms Haworth a hard time.

    GDS never tackled Blue Badge. It isn't one of the 25 exemplars included in their grandly titled "government transformation" programme.

    Blue Badge is still a Directgov application, on https://bluebadge.direct.gov.uk/directgovapply.html and we've been here before as well. GDS claimed for years that GOV.UK, the award-winning public face of the UK government on-line, had replaced both Directgov and Business Link.


    That claim was false for years and it still is, as Ms Haworth among others can testify.

    But there has been progress – the misleading claim to have replaced Directgov and Business Link has now at last been removed from GOV.UK's home page.

    Monday, 28 September 2015

    Lack of control, insecurity, irrelevance to attribute exchange and inconvenience – what else do you look for in a personal data store?

    Last heard of in these parts, personal data stores (PDSs) were being advocated as an aid to considerate death. Your PDS is a digital version of you. It represents you on the web while you live. And even in the afterlife, Assisted dying the digital way with a core consent delegation management repository.

    Maintain as much information about yourself as possible in a PDS, let apps (viruses) process it for you, and at last you will stop making stupid decisions. A life of rational utility beckons. That was the promise of three liberal democrat politicians – first Ed Davey, then Norman Lamb and finally Jo Swinson – all trying to get us mooncalves to buy in to their midata initiative.

    We've been following this story for years. Older readers will remember the midata Innovation Lab, for example, and the peerless explanation offered by Mydex, a purveyor of PDSs.

    midata is promulgated by the UK Department for Business Innovation and Skills (BIS).

    It's not just undertakers and BIS who think PDSs are good for you. So does the National Health Service (NHS) – they think PDSs will help you to become a good NHS citizen.

    It doesn't stop there. Undertakers, BIS, the NHS and ... the Government Digital Service (GDS). On 23 January 2015 it seemed that PDSs were going to be a vital component of GDS's identity assurance initiative, GOV.UK Verify (RIP). Then, at the last minute, 25 March 2015, it was all change and Mydex dropped out of the running to become an accredited "identity provider".

    We have had our doubts about PDSs. Four of them.

    1. The promise is made by politicians, officials in the civil service and suppliers that using a PDS will put people in control of their personal information. How? How will a PDS ensure that you can control who does what with your personal information? It doesn't. It can't.

    1.1 This is confirmed by Mydex's sister company, Ctrl-Shift, who point out that there is no way of enforcing the "trust framework" on which control depends.

    2. The promise is made that your PDS will be secure. In fact not just secure. Hypersecure. A claim which seems old-fashioned these days. The media feed us a daily diet of stories about breaches of cybersecurity and we've got the message.

    2.1 There's no such thing as guaranteed security. So why would anyone rational believe the promise of security? And why would anyone upright promise it?

    3. The promise is made that PDSs will support attribute exchange. What's that? Take an example. Suppose you're applying for a job as an investment manager. You need to be licensed to practice. That's an attribute of yours. The Financial Conduct Authority (FCA) issue your licence, if you pass the exams and you keep your nose clean, you store the licence in your PDS and the idea is that a prospective employer can check your PDS to make sure that you're licensed. That's attribute exchange.

    3.1 But it doesn't work. The licence in your PDS may be out of date. The FCA may have revoked it. The only way the prospective employer can be sure that you're still licensed is to check with the FCA. There's no point them checking your PDS. It's irrelevant.

    4. The promise is made that PDSs will make life more convenient for people, see for example Identity assurance – convenient? It'll make your life so much easier and We are making customers work too hard, let’s improve the experience for all. Working hard all day to keep your PDS up to date doesn't seem very convenient. It is a labour of self-love that normal people would find irksome, not convenient.

    4.1 Any residual suspicion that having a PDS would be convenient is dispelled by Opening up BBC channels and content. At the moment here in the UK, you sign a direct debit and your TV is licensed year after year without you having to think about it.

    4.2 With a PDS, the suggestion is that every year you could install the licence on all the TVs, PCs, laptops, iPads and phones that belong to you and your partner and your children and anyone else who lives with you: "If TV Licensing issued a secure digital token to people who can demonstrate that they live in a house covered by a valid licence ... this could be stored in a personal data store and shared with the BBC and any other service that needs it ... This is best done when a TV Licence is purchased – a one time code could be delivered to the household as part of the setup process for a digital license, and this would permit the addition of devices and individuals, with validation mapped back to the core license ...".

    4.3 ... the opposite of convenient.

    These doubts may be shared by others. Which could explain why PDSs haven't taken off in the UK, much to the querulous indignation of William Heath, one of the participants in the Twitter conversation above: "Can't believe we in UK will have to wait a generation ...".

    Now apparently PDSs are taking off in India: "Does 1m Indians in last few months count?". The PDS in India is known as a "DigiLocker" and is a product of the Indian government's Department of Electronics and Information Technology (Deity). Deity is now responsible for the Indian ID card scheme, Aadhaar. And for taking government control of all encryption in India. As well as PDSs. It's a powerful portfolio, in theory.

    Call it what you like. A personal data "store" or "vault" or "locker", it's got the same problems – lack of control, insecurity, irrelevance to attribute exchange and inconvenience – and it won't take off in India any more than the UK.

    ----------

    Updated 15:35

    As we said above, "the promise is made by politicians, officials in the civil service and suppliers that using a PDS will put people in control of their personal information". We have cast some doubt on that promise.

    But not enough doubt.

    Because what do we read in our inbox at 14:05 today? Civil servants are users too:
    It includes a personal data store for every civil servant - a digital space every individual can use to control what data they share, with whom, and how it’s updated. It could enable staff to share their work objectives (or not), their career history and specialist skills (or not), or their preferred forms of communication (or not).
    If we're right, civil servants will have no control over their personal information as a result of storing it in a PDS. The PDS will not be secure. It will be irrelevant to attribute exchange. And it will be inconvenient.

    We did ask Tom Loosemore, the deputy executive director of GDS, about this matter in a round about sort of a way but sadly he left before answering so civil servants are now left wondering.

    Updated 29.9.15

    GDS's childlike elaborate daydream

    Consider GDS's application to register to vote system. That system currently offers insufficient identity assurance. It also fails to tell you if your application has been successful. Government in that area remains untransformed.

    Now suppose, just for the sake of argument, that PDSs supported attribute exchange in the way that Mydex claims.

    With the appropriate attributes stored in it, Mydex might have you believe, you could use your PDS to prove that you are entitled to be entered on the electoral roll. And the Electoral Registration Officer (ERO) for your local authority could update your PDS with a polling card in the form of a digital certificate confirming that you have successfully been registered and that you are entitled to vote.

    That might make good the shortcomings of the current system. It might transform government.

    In that case, there's not much point you the person applying to register to vote. An app could do it for you. You the person aren't really needed. You can be adequately represented by your PDS.

    You could say that that is convenient. Or you could say that the person has been cancelled out of the equation. The PDS is relevant and you aren't.

    It is possible to elaborate this daydream:
    • The ERO may not be needed any more than you are.
    • And why take the trouble to vote? BIS claim that midata and its apps will help people to make rational decisions, please see Norman Lamb above. If an app can tell you how to vote it can just as easily tell the Returning Officer how you would/did vote. Cut out the middleman and you needn't be put to any trouble voting. Convenient.
    • And do we really need a Returning Officer?
    • Your PDS will survive you, please see opening paragraph above. It could carry on voting long after you're dead.
    • Etc ...
    When GDS offer you convenience, arguably what they're saying is that you're irrelevant. As irrelevant as the 1½ million public servants we don't need.

    Convenience = Irrelevance?
    10. Going out

    midata service providers could use an individuals purchase data to look at which restaurants and bars that user like. Taking this data, they could offer you a unique service, alerting you to new or recommended restaurants that suit your taste and location.

    So where your favourite restaurant has deals or offers, you could be alerted in advance to take advantage and make a booking. Combined with other services, the programme could also indicate where you could save money or improve your health by eating elsewhere, drinking less or going out less.
    From an old BIS press release no longer available, a victim of the advent of GOV.UK,
    A midata future: 10 ways it could shape your choices.
    A midata app that nags you
    for eating unhealthily, drinking too much and going out too often
    will have no compunction in shaping/making your choice how to vote
    for your own good.
    Before we get carried away, don't worry.

    Remember that one of our assumptions was that PDSs work. And they don't.

    We know that they can't grant us control over how other people use our personal information. It's just not in their gift.

    We know that they can't be made secure any more than Sony could defend itself against the North Koreans or the US Office of Personnel Management could keep millions of government employees' records and biometrics safe.

    We know that PDSs are the wrong place to look for attribute exchange, please see the case of the licensed investment manager above.

    And we know that, far from being convenient, PDSs can require us to do much more work, for example when renewing our TV licence, please see above, than the current untransformed procedures.

    People are complex and government is difficult. It would be easier to govern PDSs. But no adult would be fooled into thinking that that would amount to Whitehall doing its job.


    Updated 17.10.15

    Civil servants are users too, we learned on 28 September 2015.

    But for how long?

    Take another look at the quoted extract:
    It includes a personal data store for every civil servant - a digital space every individual can use to control what data they share, with whom, and how it’s updated. It could enable staff to share their work objectives (or not), their career history and specialist skills (or not), or their preferred forms of communication (or not).
    The PDS can be used by staff to record their specialist skills.

    Why's that?

    You will remember Mr Mark Thompson and his belief that the UK could get rid of 1½ million useless public servants and cut the deficit by £35 billion as a result while at the same time improving public services. But which 1½ million?

    The answer will be determined by matching staff skills against a giant Wardley map of the UK public sector. If you're a public servant and your skills are surplus to the Wardley requirements, then your services can be safely dispensed with:
    Wardley’s maps have the power to enable government to become situationally aware; to expose vast redundancy in capability right across the UK ...

    ... public sector bodies have a special opportunity – indeed, perhaps a duty - to work together to expose, standardise, and consume all that hidden, redundant capability.
    They're busy people, Stephen Foreshew-Cain and Mayank Prakash, and it is a venial oversight on their part that they omitted this point from Civil servants are users too. But that's what "Government as a Platform" means and that's what the PDSs are for ...

    ... to help Mr Thompson, who wants to build a Capability Exchange, on which skills can be traded just as listed shares are priced and traded on the Stock Exchange. A few public servants will be left but not those "lower down the value chain". Wardley maps can be trusted to ...
    ... expose duplication across public services, placing [public organisations] under pressure to standardise their demand for capabilities lower down the value chain, and consume these as commodities.
    There is only one question left. Who's going to establish and operate the Capability Exchange?

    Mr Thompson is unimpressed by the present leaders of the Civil Service:
    Although government has been good at training more junior technologists, it has perhaps been less effective at communicating to our leaders the radical implications of the web on our public service operating models.
    What is needed to fill this skills gap is ...
    ... 25 to 30 mobile specialists who live and breathe capability mapping and open architecture, with a laser focus on the business, who would criss-cross the country helping business leaders to bootstrap their organisations into the Capability Exchange.
    No doubt Mr Thompson will hope to convince his contacts in the Treasury that much of this team of laser-focussed mobile breathers can be hired from his company, the Methods Group, possibly including his recent recruit through the revolving door, Mike Beaven, formerly the Transformation Director at GDS.

    (Maybe there is one other question left. If power is no longer wielded by Whitehall, then who will it be wielded by? But don't worry about that.)


    Updated 24.10.15

    The criticism above of Mark Thompson's advocacy of Government as a Platform (GaaP) has elicited a number of attempted refutations.

    Simon Wardley, for example, suggests that Mr Thompson's three-article series in Computer Weekly magazine doesn't say what it means.

    Mr Thompson doesn't mention "what strategic points of control Gov needs to maintain" in any of those articles nor in UK voters are being sold a lie. There is no need to cut public services nor What is government as a platform and how do we achieve it?. The reader is somehow meant to intuit his thoughts on the matter.

    And as for Mr Thompson himself, he claims that he has been misrepresented. Repeatedly, across all five articles, he holds out the promise of "savings" of £35.5 billion p.a.. He also says that this money could be re-allocated to the front line. But then it wouldn't be a saving. He can't have it both ways.

    The £35.5 billion p.a. figure is based on what he himself calls a "back-of-envelope approach" ...

    ... which only counts staff, not the expensive "silo" software which is supposed to be replaced with cheap "GaaP" components. How much would that replacement save? In five articles on GaaP he doesn't tell us.

    Francis-now-Lord Maude, Mr Thompson tells us, has made the point that there is no Constitutional inevitability about the civil service. Ministers don't have to operate through departments. Instead:
    Digital operating models broker people’s ability to consume standard building blocks of business – which include information management, accountancy, logistics, payments, workflow, and so on - via a burgeoning market of affordable, easy-to-deploy, and flexible digital services, in ways that require very little “official” intervention.
    The civil service exercise power. If that is taken away from them, it will be exercised by someone else.

    The question "what strategic points of control Gov needs to maintain", as Mr Wardley says, is unanswered by Mr Thompson. GaaP means stripping Whitehall of power and giving it to the likes of Google and Amazon and Facebook and Apple, "the web is a game changer that requires a new model for government itself".

    It is imprudent to adopt this new model without first establishing how it could be controlled. It will have huge power vested in it and it needs to be dedicated to governing the UK in a way that Google and Amazon and Facebook and Apple are not.

    Mr Thompson talks about his capability exchange being "self-organising". Like the rest of the "new model for government itself", the danger is that it would be out of ministerial control.

    That is the unconstitutional target for GaaP as expounded by Mr Thompson. But how do we get there? What is his plan? How do we move from a set of government departments flying blind, according to Mr Thompson, and incapable of talking to each other to a set of self-organising digital services?

    We don't know. He doesn't tell us.

    The same question has occurred to HMRC, Her Majesty's Revenue and Customs. They have to be serious about these matters. They can't afford to proceed on the basis of "back-of-envelope" estimates and vague appeals to the efficiency of Uber and AirBnB.

    They're spending £20 million with the US consultancy Bain & Company to try to plug the gaps in ... GaaP. Bain are unlikely to advise à la Maude and Thompson that HMRC are a redundant silo but they may make practical proposals how to get better value for money for us taxpayers.

    The criticism of Mr Thompson's articles is not that they're Machiavellian. Far from it. That is a misrepresentation of the criticism. The problem is that they do not take sufficient account of the rôle of government and they provide no route map. Without that they are unconvincing. We don't know what it is Mr Thompson is trying to lure us into. His articles are missing the Machiavellian attention to detail.


    Updated 2.11.15

    Remember, we're talking about PDSs, personal data stores. PDSs specifically in connection with the Civil Service Learning initiative described by GDS and the capability exchange kite flown by Mark Thompson. And PDSs in general, including their proposed adoption by the NHS Citizen project.

    Remember that the most ardent proponents of PDSs are Mydex and that, according to them, the more personal information you entrust to your PDS, the better it is for you. That's their pitch. Some people disagree, vehemently, please see blog post above.

    Remember that Ctrl-Shift Ltd is Mydex's close cousin and that even Ctrl-Shift don't believe that the "trust framework" required for PDSs is feasible.

    Remember that TalkTalk was hacked last week. As reported by the Guardian newspaper among others, please see TalkTalk says hackers accessed fraction of data originally thought, the devastation caused by that hack may be on a smaller scale than initially feared.

    Ctrl-Shift detect some importance in that Guardian article. Enough importance to tweet about less personal information having been exposed than was at first reported.

    Too right.

    It is important.

    Suppose it had been your PDS that was hacked and not your TalkTalk account. Your PDS containing every last bit of personal information about you, making identity theft easier than any criminal could ever possibly have hoped.

    Ctrl-Shift are to be thanked for making that point. Unlike Civil Service Learning, who have kept quiet. As quiet as NHS Citizen and ... Mydex.


    Updated 28.10.17

    You know that cybercrime is a growing problem. You know that cybercrime often relies on false identities. You may not know that the British Standards Institution (BSI) have published PAS 499, a draft code of practice for digital identification and authentication, but they have.

    PAS is a publicly available specification and at clause 6.1 the document says: "[Any organisation performing identity validation] should have a process in place for checking, against an authoritative source where possible, that identity evidence is in the correct format and is correctly captured, not revoked, nor expired".

    That's why a personal data store (a PDS) is irrelevant to attribute exchange. A prospective employer checking my PDS might well find my driving licence there. But suppose that my licence has now been revoked? The prospective employer would have to check with DVLA. So there's no point checking the PDS. It's irrelevant.

    You read it here first. And now in PAS 499.