RIP IDA – are GDS talking to themselves?

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

Every week, the Government Digital Service (GDS) publish statistics about GOV.UK Verify (RIP) on their performance platform. A degree of academic rigour is called for. Without that, GDS are just talking to themselves.

As we speak, some of these statistics are complete to the week 11-17 April 2016 while others include the week 18-24 April 2016. We ignore the latter in the paragraphs below.

1. Total authentications
We ignore the 185,149 basic accounts. These are unverified and have no place in a verified identity assurance system.

User sign-ins went up from 547,416 to 571,191, i.e. there were 23,775 of them during the week.The number of verified accounts went up by 7,509 from 487,267 to 494,776.

Adding the two together – which is GDS's peculiar way – tells us that total authentications went up by 31,284.

2. Authentications per week
Nothing to add.

3. Authentication completion rate
43% for sign-ins and account creations added together. Given that there were 31,284 completed/successful authentications (see 1. above), if that's 43% of all attempted authentications, there must have been 72,753 authentication attempts in all, of which 41,469 failed.

4. Authentication success rate
90% – no idea what this means.

5. Account creation success rate, all services
71%. Given that 7,509 verified accounts were created (see 1. above), if that's 71%, then there must have been 10,576 account creation attempts altogether, of which 3,067 failed.

If GDS intend to enrol 50 million people, say, into GOV.UK Verify (RIP), at the rate of 7,509 per week the job will take 6,659 weeks or 128 years.

It could be worse than that. Those 7,509 verified accounts could be 939 people each creating one account with each of the eight "identity providers". On that basis, 50 million people would need 400 million accounts which could take 1,024 years to create.

Most people die before they're 128, let alone 1,024, which implies that GOV.UK Verify (RIP)'s registration job can never be completed.

The advocates of biometrics look for a failure-to-enrol rate (FTE) of less than 1%. Anything higher casts doubt on the credibility of proceeding with that biometric. GOV.UK Verify (RIP)'s FTE of 29% makes the feasibility of the system problematic.

Given that a total of 41,469 attempted authentications failed (see 3 above) and that 3,067 of them were attempted account creations, the other 38,402 must have been failed sign-ins.

Given that there were 72,753 authentication attempts (see 3. above) and that 10,576 of them were attempted account creations, there must have been 62,177 attempted sign-ins.

38,402 failures out of 62,177 attempts indicates a 62% false reject rate (FRR). 62% of the time, people are being told that they are not themselves.

That is similar to the FRR for face recognition any time more than six months after the enrolment photograph is inscribed on the register. Face recognition is useless as a biometric. GOV.UK Verify (RIP) looks similarly useless if its FRR really is 62%.

You can reduce the FRR, of course, by making it easier to achieve a match. But that has the effect of increasing the false accept rate (FAR), i.e. it becomes easier for a person to pretend that they're someone else, which is the opposite of GOV.UK Verify (RIP)'s objective.

6. Sign-in success rate
99% – no idea what this means.

7. User satisfaction – verification, security, certified company
No data available for the week 11-17 April 2016.

8. Certified company completion rate
55% – no idea what this means. Compare 43%, see 3. above?

-----  o  O  o  -----

4., 6. and 8. above may mean something to GDS but they're talking to themselves – these statistics can mean nothing to anyone else. At 7. above GDS have stopped talking even to themselves.

1., 2., 3. and 5. above broadcast GDS's message loud and clear to anyone listening – GOV.UK Verify (RIP) is a dead duck.

GDS nevertheless plan to announce some time this week that the duck is alive. In their world, perhaps it is. But not here on Terror Firmer, it isn't.

----------

Updated: 11:00

At 29%, GOV.UK Verify (RIP)'s failure-to-enrol rate (FTE) is problematic, as noted at 5. above.

GDS are doing what they can to reduce it:

• They have increased the recommended minimum age of people trying to register for an on-line account from 19 to 20. That may reduce the number of GOV.UK Verify (RIP) failures. But at the same time it would cut out 1.2% of the population and thereby reduce the universality of GDS's identity assurance scheme, making it less use to government and less attractive to the private sector, who are being courted by GDS.
• They have also taken to steering people away from the "identity providers" who are less likely to be able to complete enrolment. Again, that may reduce the number of GOV.UK Verify (RIP) failures. But it would do so at the expense of reducing the number and variety of enrolment agents/"identity providers"/"certified companies" when GDS's sales pitch to the populace is precisely that there is a wide and high quality choice on offer.

The other action GDS could take is to change the enrolment process. At the moment, the identity of a given name, address and age with sex optional is verified by reference to passport details, driving licence details and credit history. The enrolment process could be changed to take into account further personal information.

What further personal information?

Candidates include your health records, education records, travel records, bank account transactions, insurance policies, mobile phone usage, email contact lists, social media accounts, ... GDS claimed 18 months ago that they were about to announce their choice of additional personal information to include in the GOV.UK Verify (RIP) enrolment process. They still haven't.

Most people are not often exercised by questions of privacy but GDS's demand for yet more personal information might tip the balance.

Despite GDS's claims to the contrary, we have little or no proven control over these personal details once they have been divulged.

The privacy and fraud risks seem exorbitant compared with the benefit of being able to use GOV.UK Verify (RIP) to view our driving licence details on-line.

It seems unnecessary to amplify those risks when we already have the Government Gateway as a long-established working alternative to GOV.UK Verify (RIP).

Unnecessary also when, according to GDS, no other country has adopted this approach, the UK is in the vanguard.

In the absence of any additional personal information being added to the GOV.UK Verify (RIP) enrolment process we are left with GDS's eight "identity providers".

Five of them are being branded useless – Barclays, CitizenSafe/GB Group, the Royal Mail, Safran Morpho/SecureIdentity and Verizon. That must sour relations between them and GDS and it might sour relations between them and the three favoured "identity providers" – Digidentity, Experian and the Post Office.

The position of Barclays is odd. You'd think they would be among the best enrolment agents. Whatever percentage of applicants they can shepherd through the registration process should be definitive. Far from consigning Barclays to the out-of-favour list, perhaps GDS should be checking the apparently outperforming Digidentity, Experian and the Post Office to make sure that they aren't relaxing the matching criteria and exacerbating the FAR problem (false accept rate).

With only three favoured "identity providers", GDS are exposed. The Post Office is not a "certified company", its application for approval lapsed well over a year ago. And Digidentity and the Post Office are linked. If one of them suffers a security problem, they would both be knocked out, leaving GOV.UK Verify (RIP) with just one "identity provider" – Experian.

This visible promotion of Experian into the UK Constitution as the "identity provider" of choice for the entire nation has not been even debated by Parliament, let alone agreed. In this matter, GDS are wildly out of their depth and ultra vires. They need to talk to a lot more people about it than just themselves.


Updated 3.5.16

A new metric has been added to the GOV.UK Verify (RIP) dashboard:

9. Certified company choice
It's 81%.

GDS continue to recommend against registering with Barclays, GB Group/CitizenSafe, the Royal Mail, Safran Morpho/SecureIdentity and Verizon.

User satisfaction, please see 7. above, remains a thing of the past. It is measured in three ways and none of the figures have been updated since 27 March 2016.


Updated 11.11.16

GDS don't always talk to themselves about the performance of GOV.UK Verify (RIP). Two days ago they sent Chris Skidmore MP off to talk to Korea about it. In his speech, he said:

GOV.UK Verify [RIP] allows the citizen to create a single online identity to access a growing number of government services. And since going live in May, GOV.UK Verify [RIP] has verified more than 900,000 users.

Take a quick peak peek at the GOV.UK Verify (RIP) dashboard on the GOV.UK performance platform. On 1 May 2016 there were 692,951 GOV.UK Verify (RIP) accounts. By 6 November 2016, that figure had grown to 911,096.

Mr Skidmore is a historian as well as a politician. He knows to check his sources. But on this occasion he didn't. Since going live in May, GOV.UK Verify (RIP) has verified 218,145 users and not "more than 900,000" of them.

Even its supporters warn about the "wildly unrealistic expectations" of GOV.UK Verify (RIP). Next time he delivers a speech prepared for him by GDS he is advised to check it first.

RIP IDA – are GDS talking to themselves?

No need to say it, it goes without saying, it should be obvious to all but,

just in case it isn't obvious to all,

IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",

is the Cabinet Office Identity Assurance programme.

And it's dead.

"If Verify is the answer, what was the question?"

Every week, the Government Digital Service (GDS) publish statistics about GOV.UK Verify (RIP) on their performance platform. A degree of academic rigour is called for. Without that, GDS are just talking to themselves.

As we speak, some of these statistics are complete to the week 11-17 April 2016 while others include the week 18-24 April 2016. We ignore the latter in the paragraphs below.

Willing enthusiasm isn't enough

11:19 a.m., 8 October 2014, 18 months ago, someone saves a copy of the Transactions Explorer page of the Government Digital Service's performance platform:

Then someone updates HMRC digital team plights troth to wrong Liege and forgets about it ...

... until recently.

You will notice that GDS were trying to measure how digital central government is, department by department. The data they used is repeated below. You won't be surprised which department wins ...

Department	Digital take-up*	Total cost*	Data coverage*	Transactions per year
HM Revenue and Customs	91.90%	£528m	77.30%	1,233,662,926
Department for Transport	57.40%	£268m	73.60%	130,337,698
Home Office	4.83%	£1.43bn	76.20%	126,270,677
Department for Work and Pensions	17.20%	£3.77bn	95.80%	107,781,180
Department for Business, Innovation and Skills	82.40%	£242m	54%	40,513,661
Department of Health	40.80%	£308m	61.90%	33,647,220
Department for Environment, Food and Rural Affairs	86.60%	£101m	76.20%	22,580,710
Ministry of Justice	21.40%	£5.02m	52.40%	8,508,685
Cabinet Office	100%	£32.1k	100%	4,870,984
Department of Energy and Climate Change				1,331,834
Foreign and Commonwealth Office				549,065
Department for Communities and Local Government				515,756
Ministry of Defence				477,707
Department for Education				245,144
Attorney General's Office				65,658
Department for Culture, Media and Sport				33,589
Department for International Development				21,001
* Figures are based on data for high-volume services only

... yes, the Cabinet Office, which includes GDS, has 100% digital take-up (whatever that means) and 100% data coverage (whatever that means) and it's the winner.

That was 18 months ago. The figures were questionable.

Now, if you look at the services data on the performance platform, you find that GDS have stopped trying to measure digital take-up and data coverage. They list 802 public services and they have data on 571 of them which, between them, notch up 2.38 billion transactions p.a.

Take a look at GDS's data and you see that the 802 public services are divided up, department by department, as follows:

Department	No. services
Department for Business, Innovation & Skills	177
Department for Environment, Food & Rural Affairs	118
Department of Health	98
Department for Transport	77
Department of Energy & Climate Change	67
Department for Work and Pensions	48
Department for Culture, Media & Sport	43
Home Office	41
HM Revenue & Customs	34
Ministry of Justice	29
Foreign & Commonwealth Office	18
Department for Education	11
Cabinet Office	11
HM Treasury	10
Valuation Office Agency	9
Department for International Development	3
Department for Communities and Local Government	3
Ministry of Defence	2
Attorney General's Office	2
UK Export Finance	1

Does the Department for Communities and Local Government really offer only three services? And the Ministry of Defence just two?

Again, the figures seem questionable.

GDS keep promising us canonical registers. On which government policy can be based rationally. Their performance platform omits data on the Government Gateway. And it omits data on the Basic Payment Scheme for farmers. And it doesn't look as though GDS can even count public services.

The Office for National Statistics have got a lot of work to do to bring GDS up to speed on data science. Willing enthusiasm isn't enough.

How can GDS be ready to build Government as a Platform?

Tomorrow they're attending – or possibly even hosting – a seminar on blockchain, Blockchain: exploring uses in government. Are they ready for that?

Willing enthusiasm isn't enough

11:19 a.m., 8 October 2014, 18 months ago, someone saves a copy of the Transactions Explorer page of the Government Digital Service's performance platform:

Then someone updates HMRC digital team plights troth to wrong Liege and forgets about it ...

... until recently.

You will notice that GDS were trying to measure how digital central government is, department by department. The data they used is repeated below. You won't be surprised which department wins ...

Openness should include farmers

One of the standing jokes about the Government Digital Service's identity assurance scheme, GOV.UK Verify (RIP), is the list of public services using it:

How can DEFRA's Rural Payments service be connected by GOV.UK Verify (RIP)? DEFRA don't have a rural payments service, as we always point out, at least not a computerised one – the computerised system GDS tried to build collapsed and farmers are all applying for their money using pencil and paper now, as a result of GDS's failure. There's nothing for GOV.UK Verify (RIP) to connect farmers to.

It's misleading to pretend that GOV.UK Verify (RIP) connects farmers and their agents to the Rural Payments Agency's Basic Payment Scheme (BPS) and, if you're in any doubt, just look at the BPS dashboard on GDS's performance platform:

Couldn't be much clearer than that, could it? Nothing's happened since June 2015.

Except that that's not right. Take a look at the Rural Payments Agency's 7 March 2016 blog post, Start your 2016 Basic Payment Scheme application now. It's all on-line.

Take a look at their website, Everything rural businesses need to know about the Basic Payment Scheme (BPS) in 2016 - including how to claim BPS online using the Rural Payments service.

Check with the National Farmers Union. And with the Farmers Gazette, 22 March 2016, Thousands of farmers log on as 2016 BPS application window opens.

Watch the film:



Farmers and their agents have been able to claim on-line since 2 February 2016. History didn't stop in June 2015, pace GDS's performance platform.

We seem to have another butcher's thumb on the scales case here like the Government Gateway. Why is the performance platform incomplete? Why doesn't it include data on either the Government Gateway or the live rural payments system? Why are GDS ignoring BPS?

Openness should include farmers

One of the standing jokes about the Government Digital Service's identity assurance scheme, GOV.UK Verify (RIP), is the list of public services using it:

How can DEFRA's Rural Payments service be connected by GOV.UK Verify (RIP)? DEFRA don't have a rural payments service, as we always point out, at least not a computerised one – the computerised system GDS tried to build collapsed and farmers are all applying for their money using pencil and paper now, as a result of GDS's failure. There's nothing for GOV.UK Verify (RIP) to connect farmers to.

The gateway to openness

"The annual end submission date for tax self assessment in January is one of the critical events in the year for the Government Gateway, HMRC and government IT systems as a whole". So said David Hargreaves on 25 February 2016 in Managing the self assessment tsunami:

This year was the largest yet. The Government Gateway processed over 2.9 million self assessment submissions in January. This was just part of almost 7.5 million transactions it handled over the whole month, and the 10 million online self assessments processed in 2015. The volumes topped 400,000 on Friday 29 January. That’s the equivalent of 8.5 submissions per second.

The Government Gateway is clearly quite a substantial cross-government platform. And these are notable transaction volumes.

And yet, if you try to find anything out about the Government Gateway on the Government Digital Service's performance platform, look what you get:

It looks to you as though there's no such thing as the Government Gateway.

The same happens if you search data.gov.uk. You get no data.

It's as though the Government Gateway doesn't exist. Despite the Government Gateway having received 12.9 million 2015-16 self-assessment tax returns. And who knows how many VAT returns. And PAYE/NI returns. And corporation tax returns. And at what cost.

Given that the UK aims to be the most "open" nation on earth when it comes to government data, this is a glaring omission:

• The open data enthusiasts claim that openness leads to innovation – the omission of Government Gateway data is stymying innovation.
• The data scientists argue that rational government policy depends on the availability of data – Government Gateway data is not available and therefore policy is likely to be irrational.

Why is data relating to the Government Gateway hidden?

There's no point guessing. There's good reason though to insist that the omission be corrected, quickly, for the general good.

The gateway to openness

"The annual end submission date for tax self assessment in January is one of the critical events in the year for the Government Gateway, HMRC and government IT systems as a whole". So said David Hargreaves on 25 February 2016 in Managing the self assessment tsunami:

This year was the largest yet. The Government Gateway processed over 2.9 million self assessment submissions in January. This was just part of almost 7.5 million transactions it handled over the whole month, and the 10 million online self assessments processed in 2015. The volumes topped 400,000 on Friday 29 January. That’s the equivalent of 8.5 submissions per second.

The Government Gateway is clearly quite a substantial cross-government platform. And these are notable transaction volumes.

And yet, if you try to find anything out about the Government Gateway on the Government Digital Service's performance platform, look what you get:

Insolvent solutions

11:19 a.m., 8 October 2014, 18 months ago, someone saves a copy of the Transactions Explorer page of the Government Digital Service's performance platform:

Then someone updates HMRC digital team plights troth to wrong Liege and forgets about it.

Were you by chance to view the page source for the Transactions Explorer, in an idle moment, you would see the following scripts:

<script id="ga-params" type="text/javascript">   var GOVUK = GOVUK || {};   GOVUK.Analytics = GOVUK.Analytics || {};   var _gaq = _gaq || [];   _gaq.push(['_setAccount', 'UA-26179049-1']);   if(document.domain=='www.gov.uk') {     _gaq.push(['_setDomainName', '.www.gov.uk']);   } else {     _gaq.push(['_setDomainName', document.domain]);   }   _gaq.push(['_setAllowLinker', true]);     // track pixel density ratio   if (window.devicePixelRatio) {     _gaq.push(['_setCustomVar', 11, 'Pixel Ratio', String(window.devicePixelRatio), 2 ]);   } </script> ... <script type="text/javascript">   _gaq.push(['_gat._anonymizeIp']);   _gaq.push(['_trackPageview']);   (function() {     var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;     ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';     var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);   })(); </script>

What's that all about?

That's how you get Google Analytics to compile performance statistics for you. A lot of those occurrences of "ga" indicate Google Analytics. Statistics are being compiled for GDS's www.GOV.UK domain, the property ID of which is UA-26179049-1.

You stick that script into all the web pages you want to monitor. And GDS did. Until 2 June 2015, when they upgraded from Google Analytics to Universal Analytics.

Universal Analytics is much better, Google tell us. In particular:

What data does the tracking snippet capture? When you add either of these tracking snippets to your website, you send a pageview for each page your users visit. Google Analytics processes this data and can infer a great deal of information including: The total time a user spends on your site. The time a user spends on each page and in what order those pages were visited. What internal links were clicked (based on the URL of the next pageview). In addition, the IP address, user agent string, and initial page inspection analytics.js does when creating a new tracker is used to determine things like the following: The geographic location of the user. What browser and operating system are being used. Screen size and whether Flash or Java is installed. The referring site.

Perfect for calculating your advertising revenue. Or maintaining the audit trail in a transactional system. Or providing circumstantial evidence to corroborate someone's alibi.

But GDS have spotted that people don't like being kept under surveillance. And so a month ago they told us that:

Analytics and performance To gather performance data for the [GOV.UK Verify (RIP)] service we create our own logging. During the early days of private beta, we started measuring performance using our own logging system, but we now make use of Piwik, an open source web analytics system, which we host ourselves. We chose this so that we could avoid sending data to third party web analytics companies.

That's GDS being sensitive to user preferences, isn't it.

No, it isn't. Piwik collects all the same surveillance data that Google's analytics products do. Maybe more. GDS still get that surveillance data. It's just that Google don't.

Don't they?

What is there to stop Google monitoring www.GOV.UK if they want to?

Nothing.

And not just Google.

What is promoted by GDS as the solution to a problem, isn't. It might look at first blush like a solution. But it's a solution that doesn't solve the problem. It's an "insolvent solution". It doesn't work.

Piwik isn't GDS's only insolvent solution. Their adoption of agile as the exclusive software engineering methodology is another. Ditto Government as a Platform. And the list goes on.

----------

Updated 21.4.16 1

The DMossEsq leader-writers expected a storm of protest over the post above. Hundreds of irate lexicographers complaining about the phrase "insolvent solution".

We had an answer prepared. Solutions have obligations. A solution that doesn't solve the problem it was designed for cannot discharge its liabilities. Which is pretty well the definition of insolvency.

But nobody complained.

Not about that.

What did exercise hundreds of distraught callers to DMossEsq's Pyongyang call centre was GDS's blog post earlier this month, Capturing comprehensive analytics across GOV.UK:

To help us analyse and measure the performance of our content we use Google Analytics, which records the pages users visit.

Are GDS using Piwik, please see above, or are they using Google Analytics? Which is it?

The answer seems to be Piwik for GOV.UK Verify (RIP) and otherwise Google Analytics.

One way and another, don't worry – you are being properly surveilled (surveyed?) by GDS and Google.

Or actually, perhaps you should worry just a little bit. This afternoon GDS published Rebuilding GOV.UK’s publishing platform - an update.

Under the heading Why this work is such a high priority you might expect to see reasons like "to help spend the £450 million the Chancellor unexpectedly gave us" or "one of the joys of agile software engineering is that the job is never done". But, no, GDS give seven other reasons for GOV.UK being an insolvent solution, including this:

5. Querying analytics across GOV.UK At the moment we can’t follow user journeys across different types of content because of the different applications involved. This change [the re-building of GOV.UK] will mean we’ll have a much better understanding of user journeys, and the improvements we need to make.

It seems that GDS have inadvertently created 141 silos within GOV.UK. Silos that can't communicate with each other. And can't be monitored easily from the performance platform dashboard bunker under Holborn Towers. This situation is demonstrably insufferable:

It may well be that not a single human being has ever complained about this matter in any of GDS's user experience laboratories/interrogation centres. But it's affecting "GDS efficiency". And that means it's a user need.

"We expect this work will continue to dominate our roadmap for much of the 2016 to 2017 financial year", say GDS. What will they find to dominate their roadmap in 2017-18?

Updated 21.4.16 2

Literally years before yesterday, the UK Home Office tried to introduce government-issued ID cards. The project failed spectacularly.

But Whitehall didn't give up. The National Identity Scheme (NIS) was promptly replaced with the Identity Assurance Programme (IDAP), which incorporates GOV.UK Verify (RIP), and work continued.

The problem diagnosed with the NIS was the NIR, the National Identity Register. Get rid of the NIR, and then surely Whitehall's will would prevail.

GOV.UK Verify (RIP) would succeed where the NIS had failed, as long as there was no NIR. That's why the IDAP people came up with the notion of "identity providers", now known less sinisterly as "certified companies".

Plough your way through the GOV.UK Verify (RIP) registration process, and after a while you get to a screen something like this:

You may see different "identity providers" when you try to register. GDS are forever changing their recommended list.

Click on that Why there's a choice of companies link, and this is what you see:

Why there’s a choice of companies More certified companies means a more secure system – information is not stored in one place, but is split up in lots of different places, making it safer. It’s your right to choose who you want to deal with from these companies. It’s also your right to change which company you deal with at any time. When verifying your identity, these companies can use their own records, and they’re certified to access information like credit records. They do this to check information you provide from passports and driving licences is correct. Certified companies meet strict government privacy standards, so you can trust them with your information. They won’t use your information for any other purpose without your consent. There’s no effect on your credit score. Choose a company

"More certified companies means a more secure system" – no it doesn't.

"... information is not stored in one place, but is split up in lots of different places, making it safer" – or less safe.

Registering with a GOV.UK Verify (RIP) "identity provider" requires you to hand over the most minute details of your passport and driving licence to total strangers. When you look into the matter, you find that your personal information is stored all over the world, beyond any possibility of your control or even the UK government's.

GDS were told to do identity assurance with no NIR. They've ended up with eight of them, one per "identity provider".

In what way is GOV.UK Verify (RIP) the solution to the NIR problem? None. It's an insolvent solution.

Insolvent solutions

11:19 a.m., 8 October 2014, 18 months ago, someone saves a copy of the Transactions Explorer page of the Government Digital Service's performance platform:

Then someone updates HMRC digital team plights troth to wrong Liege and forgets about it.