Saturday 21 May 2016

"Data Science Ethical Framework" – contempt for the public

Housewives as a whole cannot be trusted to buy all the right things, where nutrition and health are concerned. This is really no more than an extension of the principle according to which the housewife herself would not trust a child of four to select the week’s purchases. For in the case of nutrition and health, just as in the case of education, the gentleman in Whitehall really does know better what is good for people than the people know themselves.

That was Douglas Jay in 1937, writing in The Socialist Case. How much has changed 79 years later?

-----  o  O  o  -----

The Government Digital Service (GDS) have just invented data. Apparently we didn't have data before. Don't tell anyone, but policy used to be made by reading Whitehall tea leaves.

And now we have something called "data science" to go with it. Data science is very important.

It's going to create innovation and thereby cause the economy to expand. It is unknown how we ever managed to have innovation before data science. It is equally unknown when data science will cause the economy to expand and how much the economy will expand by.

Data science is also going to allow Whitehall to perfect customised public services. It will revolutionise the relationship between people and the state. It will improve our lives.

Hard to believe, but there are objections to Whitehall's claims. Objections which caused the Cabinet Office to publish a Data Science Ethical Framework the other day. "This framework is a first iteration - a beta, if you like - of a set of principles wider than the legal framework, to help stimulate innovative and responsible action", says Rt Hon Matt Hancock MP, Minister for the Cabinet Office and Paymaster General rather airily in the introduction.

It might have been nice if the Cabinet Office had taken a little more care. Been a little less slapdash. It might have shown that they recognise the importance of these ethical considerations and that they take public concern seriously. But at the end of the day it's only the public. And a first iteration – a beta, if you like – is all they really need, these people.

"All they really need" is No.1 of the six key principles that constitute the data science ethical framework (p.3):
  1. Start with clear user need and public benefit
  2. Use data and tools which have the minimum intrusion necessary
  3. Create robust data science models
  4. Be alert to public perceptions
  5. Be as open and accountable as possible
  6. Keep data secure
GDS have ten design principles for all their work, including data science. No.1:


Note that GDS have to try somehow to maintain their empathy with users even though the users are so hopeless that what they ask for isn't always what they need. Thank goodness for the gentleman in Whitehall who knows better.

That first key principle of the data science ethical framework is amplified by the time you get to p.5 of the Cabinet Office document where the first factor that needs to be assessed is "How does the department and public benefit". It's not just user needs. Government departments have needs, too, and don't you forget it.

The data science framework advocates obeying the law. Which is good of GDS. "The law (e.g. the Data Protection and Intellectual Property Acts) sets out some important principles about how you can use data" (p.3).

But we shouldn't expect that principle and GDS's patience to last forever. We have it on the authority of Stephen Foreshew-Cain, executive director of GDS, that by 2030:
The way that the law is made will have changed. Today we are often blocked by the stuff written on the faces of bills about which we have limited understanding of feasibility, but by 2030 we will have legislation that supports service delivery, not blocks it.

White papers & green papers would be replaced by public prototypes of new or iterated services ...
By then, Mr Foreshew-Cain believes, the law will be the product of data science and not vice versa. He follows the lead there of Francis-now-Lord Maude, Matt Hancock's predecessor, who believed that the laws forbidding data-sharing between departments are just so many "myths" that need to be "busted".

Sod the law, Lord Maude more or less said, "we’re the JFDI school of government". You have been warned.

As long as the government's use of data science operates on obviously open data, there's no ethical debate to be had. Which could account for the absence of any ethical debate in GDS's ethical framework.

Government departments collect personal information from us for a specific purpose. Under what circumstances is it ethically acceptable to share that personal information with others for other purposes? You won't find out by reading GDS's jottings on the subject. They simply assume that personal information is open data, see key principle No.2, "use data and tools which have the minimum intrusion necessary".

There is one exception of course. Who wrote this document? We don't know. Their names have been withheld. GDS can sometimes show a little discretion. And who are we, the public, to intrude?

Actually, the document may not have been written by human beings at all. We learn on p.3 that:
Digital advances are producing huge amounts of new forms of data, allowing computers to more quickly process this data and makes decisions without human oversight [emphasis added]. This creates new opportunities and many new challenges we have not had to consider before.
Perhaps it was written by a slapdash robot with no interest in ethics.

You may say that we're being a bit unfair. There is an ethical consideration in the document. Key Principle No.4, "be alert to public perceptions". But don't forget, "what they ask for isn't always what they need". Only GDS know what people really need.

"Be as open and accountable as possible" (Key Principle No.5) but otherwise GDS's data scientists have carte blanche to carry on intruding.

The ethical framework document may not include any ethical considerations but it does list a few successful open data projects. The Office for National Statistics project to use mobile phone data to manage traffic congestion, for example (p.8). There are two more examples on p.10, three on p.13, one on p.14 and two on p.16. That's nine successful and innovative UK open data projects to date. Successful in GDS's eyes.

If those successes are possible with the present unbusted myths/laws against data-sharing, why do we need to invert the Constitution and make personal information open by default?

The question isn't posed in GDS's ethical framework and unsurprisingly therefore it is unanswered. What are the putative benefits of data science which could outweigh the risks?

GDS advocate key principle No.3, "create robust data science models". The table opposite shows a complete list of all the robust data science models GDS have built and demonstrates incontrovertibly their huge net benefits.

It's all a bit of a mystery, isn't it. A mystery to us, the public, at least. GDS know what they're talking about, of course, but not us. How could we?
The public cannot easily distinguish between the ethics of data science (the production of the insight) and the decision or intervention taken as a result. They are more likely to be content [dear lambs] if it is a supportive intervention rather than a punitive one (unless someone has broken the law) ... (p.8) This is really no more than an extension of the principle according to which the housewife herself would not trust a child of four to select the week’s purchases.
----------

Updated 30.9.16

According to LinkedIn, Paul Maltby has spent three years and nine months since January 2013 as the Cabinet Office's director of open data and transparency. What is there to show for it?

Today he published How does data fit with digital?. "... in some areas we are removing barriers for data access", he says, "elsewhere we will need to consider new protections for how we store, access and use data".

What sort of "new protections"? Answer, the data science ethical framework discussed above four months ago in May 2016. It took three-and-half years to produce that defective first draft devoid of ethics and there's been no progress since.

We're talking here about personal information. Mr Maltby advocates "removing barriers" to sharing personal information, the ethical framework provides no replacement protection and meanwhile he mocks any critic as a libertarian.

"... consent is not on its own a viable protection", he says, and "we should be wary of a purely consent-based approach". Government based on consent is no match in Maltbyworld for "collective interests", the "collective good", "collective decisions" and "collective interests".

Mr Maltby is obviously an expert in public administration as well as data science.

He was deputy director of Tony Blair's strategy unit for 4½ years (2003-08, no known results) and director of strategy at the Home Office for the next three-and-a-bit years (2008-11, no known results), he is a gentleman in Whitehall and he is a user – you must empathise with him.

But is he right? Remember rule #1, what users ask for isn't always what they need.

"Strengthen working discipline in collective farms"
– Soviet propaganda poster issued in Uzbekistan, 1933


Updated 1.10.16

Her Majesty's Revenue and Customs (HMRC) was created by the Commissioners for Revenue and Customs Act 2005 (CRCA).

By default government withholds personal information
CRCA makes it a criminal offence for HMRC to disclose taxpayer records "except in limited circumstances" (p,32):
CRCA prohibits the disclosure of information held by HMRC in connection with its functions except in limited circumstances set out in legislation. This prohibition applies to all information held by HMRC in connection with its functions and reflects the importance placed on 'taxpayer confidentiality’ by Parliament when the department was created. There is additional protection for information that relates to an individual or legal entity whose identity is specified in the disclosure or can be deduced from it (‘identifying information’), in the form of a criminal sanction for unlawful disclosure.
By default government discloses personal information
In April 2014 HMRC announced that it was planning to start sharing its information with other organisations. Please see You are for sale 2 and David Gauke MP and the UK's tax revolution 1 and 2.

Why did HMRC want to stand CRCA on its head?

The answer goes back to the June 2013 G8 summit at Lough Erne when the delegates agreed that "data held by Governments will be publicly available unless there is good reason to withhold it". That is an inversion of the status quo, at HMRC and throughout the UK's public administration.

We identified a number of interested parties – not just the G8 and David Gauke MP but also Rt Hon Francis-now-Lord Maude MP, Stephan Shakespeare, Tim Kelsey, Professor Sir Nigel Shadbolt, Kieron O'Hara and The Hon Bernard Jenkin MP.

Lord Maude has pulled out and Mr Kelsey has been transported to Australia but to that list must be added GDS's Paul Maltby. The Guardian newspaper published an interview with him on 13 June 2013:
You joined the Cabinet Office as director of open data and transparency in January. What will be your biggest challenge?
Promoting open data on the international stage. The UK is president of the G8 this year, and forming a collective, international agreement on open data is one of our central aims.
Open data v. personal information
Disclosing open data is a Good Thing. It is a Bad Thing that GDS are unenthusiastic about disclosing their own data, please see GDS yet to decide over DOS spend data publication from two days ago.

Not all data is open data. Some data needs to be withheld. National security data, for example. And, until Lough Erne, personal information. The interested parties listed above, however, make no distinction between open data and personal information.

Open data will cure cancer, make children happier and expand the economy
We have previously reported on Stephan Shakespeare's zany review of public sector information:
Is that exciting? It couldn't be more exciting: from data we will get the cure for cancer as well as better hospitals; schools that adapt to children’s needs making them happier and smarter; better policing and safer homes; and of course jobs (p.5) ...

Forecasting future benefits is also hard to predict. How businesses and individuals might use datasets in the future to generate new products and services and by implication impact economic growth, is equally unknown (p.30) ...
Forecasting future benefits was precisely Mr Shakespeare's job. He couldn't do it.

Mr Maltby refers to that farrago in his Guardian interview:
What's your next priority?
The Shakespeare review of public sector information has given us fire in our belly to face the next challenge – opening up more data to domestic businesses so that British companies can really succeed.
Neither Mr Shakespeare nor Mr Maltby can present a coherent case for making personal information held by the government publicly available/open to domestic businesses. How would that make British companies "really succeed"? They can't tell you. It's "hard to predict". The dynamics are "equally unknown".

What would constitute a "good reason to withhold it [personal information]"? They can't tell you. They can't distinguish personal information from open data. They aren't interested in doing so.

What causes Mr Maltby to persevere with his mission to overturn established practice and incontinently to share personal information willy-nilly between government departments and with other organisations? It's a mystery. It isn't logic. The decision isn't based on data. It's not scientific. Or business-like. Or responsible. The only answer offered is ... fire in his belly. But fire in the belly is unprecedented as a rule of inference in public administration.

Progress to date
Luckily the fire isn't very hot:
  • Mr Maltby has acquired five million of our pounds to try to duplicate the Royal Mail's postcode address file. That was six months ago and there has been no published progress report since then.
  • He has caused other people to produce two registers: a register of countries; and a register of English local authorities. There are just two of them, they're not live yet, you can't rush these things, they're still being tested ...
  • ... and that's just as well. He has set up the Register Design Authority (1.4.16) with "domain control for the register.gov.uk domain" which would put GDS in control of all Whitehall information if they actually had any registers and if Government as a Platform ever became a reality (18.12.15).
  • He has made some contribution to the frivolous Digital Economy Bill. Specifically, he has tried to make the ethical problems go away by changing the word "data-sharing" to "data access".
  • And he has produced the ethics-free data science ethical framework above which places no barriers whatever between publication/sharing and our personal information.
There are other inversion threats – the identity assurance programme, Companies House, ... – but at this rate our privacy will be safe at least from Mr Maltby for some time to come.


Updated 12.10.16

The Digital Economy Bill Committee took evidence yesterday from, among others, Mike Bracken and Jeni Tennison (roughly 11:00-11:25). Both of them criticised the Bill for its lack of clarity about access to data. When is data freely available for researchers and innovators to use? Not clear. When can departments share data? Not clear. Can departments be forced to make data available? Not clear. How do we avoid another failure like care.data? Not clear.

The Digital Economy Bill is a facetious bit of work put together by Ed Vaizey MP and now coming apart in the hands of Matt Hancock MP. Paul Maltby's contributions to the Bill have not helped.

It should be noted that he is now on the way out: "The [Committee] session was held following the announcement by the Cabinet Officer that GDS director of data Paul Maltby would be stepping down from his role once his contract expires in late December ... A Cabinet Office insider indicated Maltby’s leaving was due to the end of his contract and not an indication that he is being replaced".


Updated 17.10.16

The Digital Economy Bill Committee took further evidence on 13 October 2016. They heard from Jerry Fishenden between about 11:30 and 12:00 and then from the Information Commissioner's Office (ICO) between about 12:20 and 12:50.

Mr Fishenden is the father of the Government Gateway and was representing the Privacy and Consumer Advisory Group, of which he is co-chair. His oral advice is amplified in written evidence submitted to the Committee.

He warned that the Digital Economy Bill moves control of our personal information out of our hands and into the hands of officials. This is proposed in the putative interests of "data-sharing", which is nowhere defined in the Bill. The management of our personal information would depend on the codes of practice adopted by officials but these are not included in the Bill – so how can anyone know how the law would work?

One member of the Committee, Calum Kerr, clearly took the point:
Dr Fishenden, your exasperation with what is in the Bill is shared by other witnesses. We are faced with whether we can strengthen it in such a way that it is workable, or whether we should just oppose it, despite all the benefits. (Q228)
The ICO was represented by the Commissioner herself, Elizabeth Denham, and Steve Wood, the Deputy Commissioner. The Commissioner warns that the Digital Economy Bill proposes to share people's personal information without their consent. In the absence of consent, she says, there have to be other safeguards. This slovenly piece of draft legislation doesn't contain any.

Once again, the danger is that the Committee is wasting its time, the Bill isn't ready yet for the Committee's attentions.


Updated 20.10.16

Government Computing:
GDS new director general Kevin Cunnington has been giving further information about how he sees the organisation developing under his leadership. The overall GDS strategy is still being worked on, he said, but is expected to be out by Christmas.

He indicated that he plans to create a profession for digital, data and technology and he is also going to get a grip of the GOV.UK Verify identity assurance scheme.

“Two things that the [GDS] Advisory Board asked us to concentrate on are sort out Verify and get it to scale and the other is to tackle the really hard data issues” ...


Updated 8.12.16

Today is GDS's fifth birthday. By way of celebration, Kevin Cunnington, Director General, published Now we are 5. "Here are some of the things I am looking forward to us working on in the next year", he says. Here is the first of those things:
Fixing data

To make things that are truly better for citizens, we know that we need to fix how data is stored and used in government. Current structures prevent departments from giving each other access to information. The creation of joined up services across government is inhibited by legacy structures. GDS will work to lower these barriers, and help to establish secure, ethical ways for working with data for the benefit of the citizen. As part of this work, we will be publishing a roadmap of open APIs (application programming interfaces) for data.
How will GDS "establish secure, ethical ways for working with data for the benefit of citizens"?

There's been no sign of any understanding of the ethics of data-sharing so far, please see above.

There still isn't.

We're promised a "roadmap of open APIs". That might make it easier to overcome the obstacles to sharing data. The obstacles decreed by a supreme parliament and deployed by a so far obedient administration. But those APIs will just make it harder, not easier, to maintain an ethical approach and, indeed, to maintain security.


Updated 21.2.17

John Manzoni, chief executive of the UK Civil Service, gave a speech this morning, Big data in government: the challenges and opportunities.

Sharing our personal information all across government and beyond will improve our lives, he assumes. Here we go again with the "single source of truth" (18.12.15).

The Electric Kool-Aid Acid Test
Mr Manzoni recognises that "public trust is absolutely critical to achieving our ambition for a data-driven government".

How is that trust to be retained/reclaimed?

"In partnership with civil society, GDS has published an ethical framework for data science in government ...". They have indeed published a skimpy first draft paper with many of those words in it, Data Science Ethical Framework, please see above ...

... but it doesn't amount to a data science ethical framework and it undermines public trust.

Mr Manzoni recognises also that the on-line government he craves needs on-line identity assurance: "Verify [GOV.UK Verify (RIP)] - the government identity service for citizens - is enabling people to access a whole range of online government services easily, securely and in a way which builds their trust", he says. He's wrong.

And he says "by 2020, we are aiming to get 25 million people using the service". Wildly unrealistic, to coin a phrase.


Updated 12.4.17

Paul Maltby left his job as director of data in December 2016. In January 2017 he contributed to an exciting pioneers-pushing-back-the-frontiers blog post, Growing a government data science community: "... this is the story of how this joint project team overcame these hurdles, developed a community in government of more than 350 individuals with a data science capability, and started to put this capability to use to drive value for citizens".

The data pioneer corps had a four-point strategy, led by the imperative "to ‘show not tell’, by doing some practical demonstration projects, as opposed to writing strategy papers to explain in the abstract what the project might mean".

Have they achieved that? You be the judge:
  • "From these early beginnings to build a community has grown a wide range of opportunities to share and connect. These include a dedicated messaging app, where code and frustrations can be shared, and an assortment of data drinks, lunches and dedicated community groups within departments".
  • Also, "there are now tens of data science case studies – a mixture of prototypes (some successful, some less so) and increasingly serious value-adding propositions [no examples given, not shown, not even told]".
The fourth imperative on the strategy was "to ground this work in an ethical approach that, from the start, aimed to consider what we should do with these potentially powerful tools, not just what we could do with them". This required "an updated policy and legislative framework, not only to remove unnecessary friction (through data access provisions [i.e. data-sharing provisions] in the Digital Economy Bill, for example), but also to put in place new rules and procedures, for instance, on the ethical application of these new tools".

The "ethical application" link takes you to Data Science Ethical Framework, which is the subject of this very blog post here and which we have seen is neither ethical nor a framework.

As to the Digital Economy Bill, we have recorded a number of criticisms above, to which you may care to add:
  • Privacy groups urge dropping entire Digital Economy Bill data clause and
  • The Thirteenth Report/demolition job of the House of Lords Delegated Powers and Regulatory Reform Committee covering Parts 5-7 of the Digital Economy Bill, e.g.:
    • "21. We consider it inappropriate for Ministers to have the almost untrammeled powers given by clause 30".
    • "23. ... a higher level scrutiny cannot justify the delegation of a power which is inappropriately wide".
    • "37. We regard this as a wholly unconvincing reason for excluding Parliamentary scrutiny".
    • "69. ... We consider that this provision is inappropriate in the absence of a convincing explanation as to why it is needed".
    • And again, later, "82. ... We consider that this provision is inappropriate in the absence of a convincing explanation as to why it is needed".
Kevin Cunnington, director general at the Government Digital Service (GDS) "plans to create a profession for digital, data and technology". Based on the evidence above, GDS's data analytics achievements seem puny and anti-democratic, and you might conclude that he's got his work cut out ...

... but that's wrong.

Mr Cunnington can't create the profession – it's already there.

As Mr Maltby notes, but doesn't take on board, "there were some who dismissed the new data science agenda as 'trying to pretend it invented maths' and claimed data science had been practised in government since the time of the experimental physicist Patrick Blackett and the amazing innovations in operational research during and since World War II" (c.f. @gdsteam invent the right angle).

GDS will surely find it easier to succeed and "drive value for citizens" by collaborating with their colleagues if they recognise that Whitehall wasn't a thickly-wooded island inhabited by primitive and superstitious tribes before GDS brought MacBooks and civilisation. There's a data science profession already there and there's grown-up legislation with prudent helpings of friction already governing data-sharing.


Updated 17.10.17 1

To recap, in May 2016 the Cabinet Office published Data Science Ethical Framework which was reviewed two days later in the post above. The conclusion was that the document fails to provide an ethical framework for data science.

A year ago today we reported that Jerry Fishenden, co-chair of the Privacy and Consumer Advisory Group (PCAG), had given evidence to the Digital Economy Bill Committee. He criticised the Bill for taking control over our personal information out of our hands and giving it to officials.

The Bill was subsequently enacted and Mr Fishenden resigned from his post. What he called the "disappointingly amateurish and technically-illiterate" Digital Economy Act was the last straw. PCAG's advice was "repeatedly ignored by officials who should know better" and those officials "repeatedly misled and misinformed" PCAG.

The Better Use of Data Team at the Government Digital Service (GDS) have now published regulations and four codes of practice for sharing our personal information all across government and beyond. A consultation is underway. Submissions must be received by 2 November 2017 at GDS's new Whitechapel HQ.

You are enjoined please to make your submissions.

Your personal information could become open data. The plan is to invert today's official information-sharing procedures. Personal information could in future be shared by default instead of being withheld by default.You may find it useful to read the Open Data Institute's Data Ethics Canvas in addition to the framework document above, the regulations and the codes of practice.

GDS aim to control the registers in which your personal information would be maintained. No other government departments would be allowed to create "silos". Only GDS.

According to GDS's Information sharing code of practice: public service delivery, debt and fraud, it's not just the data itself but the future data-sharing agreements arrived at by government departments that would need to be notified to GDS and stored by them in their registers, please see here, here and para.95.

We have the Information Commissioner's Office (ICO). We have the General Register Office (GRO). Even if you are convinced of the benefits of massive information-sharing – and no-one has made a detailed convincing case in favour, only the case against – GDS are a bizarre choice as custodian of our registers. They have no relevant experience.

GDS's GOV.UK Verify (RIP) identity assurance scheme flouts all nine of PCAG's principles. There is no reason to believe that they would abide by the nine data-sharing principles at para.12 or the eight data-protection principles at para.18.

Four times the public service delivery document refers to GDS's ethics-free framework, at para.12 (principle #7), section 2.3, section 3.3. and section 4.3.

Information-sharing is allowable, according to GDS's proposed code of practice, if its purpose is to benefit individuals or households or to improve their well-being (para.45). GDS's Gentleman-in-Whitehall tussles with the concept of putting the user first are a good example of how unworkable this utilitarianism is.

Information-sharing is not allowable, according to GDS's proposed code of practice, if its purpose is "punitive" (para.48). But what is punitive for one individual or household will be beneficial or will improve the well-being of other individuals or households. We're no further forward, anything goes.


Updated 17.10.17 2

"16. The Data Protection Act 1998 requires that personal data is processed fairly and lawfully and that individuals are aware of which organisations are sharing their personal data and what it is being used for". That's what it says in GDS's Information sharing code of practice: public service delivery, debt and fraud.

Also, from the Data Protection Act 1998: "8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data" (para.18).

It hardly needs to be read in the Data Protection Act 1998. You'd think that anyone with the right mentality would follow a code of practice incorporating these conditions.

But not GDS.

GDS have never attempted to make it clear which organisations are sharing your personal information via GOV.UK Verify (RIP), GDS's moribund identity assurance scheme. DMossEsq has attempted to make it clear several times. GDS, never.

Ditto the countries in which your GOV.UK Verify (RIP) personal information is stored. GDS give the impression of being supremely uninterested where our personal information finishes up.

The EU are rather more grown up and rather more responsible. The European Court of Justice found that the US "safe harbor" rules do not make the US a safe harbour for our personal information. Comment from GDS – none.

Safe harbor was promptly replaced with Privacy shield. Comment from GDS – none.

Now Privacy shield has collapsed. Comment from GDS – none.

Meanwhile, GDS's habit of spreading our personal information around the world in other ways has been noted:
While claiming to put the user in control, GDS like us to spray our personal information all over the world when we register with GOV.UK Verify (RIP). Their heart really isn't in this privacy lark, is it. They use Eventbrite to organise events. They use Zendesk for user support. They use StatusPage for network monitoring. They use Survey Monkey for user feedback. All the personal information involved is stored and used beyond your control and now GDS want you to upload your CV to Jobvite.
Comment from GDS – none.

It is hard to think of an organisation less qualified than GDS, or more disqualified, to abide by the information-sharing code of practice currently being consulted on by GDS.


Updated 17.10.17 3

Under the heading Non-public authority duties GDS's Information sharing code of practice: public service delivery, debt and fraud says: "Non-public authorities can only participate in an information sharing arrangement once their sponsoring public authority has assessed their systems and procedures to be appropriate for secure data handling. Details will need to be set out in the privacy impact assessment, along with a statement of compliance with this Code of Practice in the information sharing agreement" (para.33).

You'd hardly think that needed to be said. It's obvious.

But it's obviously not obvious to GDS. Their GOV.UK Verify (RIP) identity assurance simulator uses so-called "identity providers" to try to verify people's identity. The "identity providers" are non-public authorities and there they are, participating in an information-sharing arrangement sponsored by GDS.

Are their systems appropriate for secure data-handling?

The Post Office applied for certification on 24 February 2014, 3½ years ago. Their application lapsed a year later. And yet despite being uncertified GDS continue to promote the Post Office as an "identity provider", thereby flouting the code of practice they now seek to consult us on.

GB Group are also promoted as an "identity provider" despite not being certified as one. Once again, GDS are flouting their own proposed code of practice, prudence and common sense.

Four of GDS's "identity providers" use Equifax for knowledge-based verification – Barclays, GB Group, the Royal Mail and Verizon. Are Equifax's systems appropriate for secure data-handling? We know that they're not – they've just been spectacularly hacked.

GDS want Timpson to do retail registration of GOV.UK Verify (RIP) accountholders. Are Timpson's systems appropriate for secure data-handling? No. They're not certified by tScheme. And that's the test. The test set by GDS themselves. Timpson use Mydex for their registration work. Are Mydex certified? No.

GDS want Mvine and Sitekit to provide GOV.UK Verify (RIP) identity hubs for the private sector. Mvine are already selling access to GOV.UK Verify (RIP) on the Digital Marketplace. So are Sitekit. Are they certified by tScheme? No. But just like Mydex and Timpson, they're sponsored by GDS and they're participating in GDS's information-sharing scheme.

GDS's commitment hitherto to the code of practice they now promulgate is nil.


Updated 19.10.17

We all have until 2 November 2017 to submit our responses to GDS's consultation on the UK civil service's proposed codes of practice and regulations for massive sharing of our personal information all across government and beyond.

Until now the personal information you provide to officials has stayed with those officials unless there was some agreed supervening need to disclose it. The proposal is to invert the state of affairs so that disclosure becomes the default option/duty.

The benefits of this Constitutional inversion are murky and are presented in an impressionistic and allusive manner. There's no detail.

And there is no promise that these benefits will be delivered. You could keep your side of the bargain and hand over all your personal information only to find that there is no benefit to show for it.

Questions were raised by Mike Bracken and Jeni Tennison and by Jerry Fishenden and the Information Commissioner's Office while the Digital Economy Bill was in Committee. Have those questions been answered to your satisfaction by the proposed codes of practice and regulations?

Suppose that the answer is yes. Suppose, that is, that you believe that no department of state should maintain its own registers of personal information. Instead, that personal information should be maintained by GDS. Do you believe that GDS are fit and proper to do the job? Or competent to do the job? Why? Can you give 10 examples of GDS achievements to support that view?

You can submit your consultation responses by email to data-sharing@digital.cabinet-office.gov.uk.

Or you can send them by post to GDS's terrarium at Better Use of Data team, 7th Floor, The White Chapel Building, Whitechapel High Street, London E1 8QS.

Or you can respond on-line to SmartSurvey at http://www.smartsurvey.co.uk/s/DBXV2/.

SmartSurvey say: "If you operate within the UK (Europe) and perform research through online questionnaires and surveys, it's important you comply with the Data Protection Act 1998 (DPA) and your data does not leave the EU! In addition the General Data Protection Regulation (GDPR), intended to strengthen and unify data protection, will be implemented on 25th May 2018 and organisations must ensure that they are compliant".

They know that. GDS don't ...

... and have always been happy to broadcast our personal information all over the world.


Updated 2.11.17

9 November 2016, nearly a year ago, GDS told us how they were using topic modelling, Latent Dirichlet Allocation (LDA), Latent Semantic Indexing (LSI), Non-negative Matrix Factorization (NMF) and Kullback-Leibler divergence with LDA "to tackle a range of text analysis challenges ... such as quickly understanding policy consultation responses".

In the event it transpired that they are counting exclamation marks.

Good luck to them with that. There are no exclamation marks in the following consultation response:

2 November 2017, this document is a response to the Cabinet Office Consultation on the Digital Economy Act, part 5: data sharing codes and regulations. The response is submitted by David Moss, a member of the public, who is happy for it to be published and for it to be attributed to him.


Summary:

·         The codes of practice proposed for information-sharing fail to distinguish between open data and personal information. As a result the G8 inversion of the settled order whereby the information held by public authorities will be disclosed by default instead of being withheld by default will destroy privacy.
·         The objectives for information-sharing are supposed to be set by Whitehall’s prescriptions for improving the general wellbeing. Since Whitehall doesn’t know what would improve our wellbeing any information-sharing agreement without limit could be sanctioned.
·         Information-sharing agreements are supposed to be prohibited if the objective is punitive but, since what is punitive for one set of people may improve the wellbeing of another set of people, that is no constraint.

1. On 24 April 2012 the Guardian newspaper published an article which claimed that: “Ministers are planning a shakeup of the law on the use of confidential personal data to make it far easier for government and public-sector organisations to share confidential information supplied by the public”.

2. Next day Francis Maude, Cabinet Office Minister, said the article “misrepresented statements the Government has made concerning existing data sharing arrangements”.

3. Who was right? The Guardian? Or Francis-now-Lord Maude?

4. It looks as though the answer is the Guardian – here we are 5½ years later and Damian Green, Cabinet Office Minister, has set up a consultation on the Digital Economy Act, which “introduces new information sharing provisions to support the delivery of better public services”.

5. Mr Green promises “new information sharing provisions”? What new information-sharing provisions?

6. Back in March 2012, Lord Maude told the Information Commissioner’s Conference that he wanted to “bust the myths around the complexities of data sharing ... we aim to find effective ways of using and sharing data for the good of everyone ...”.

7. Mr Green says the same: “By sharing information between public authorities we can offer better services that are tailored to the needs of people. We can reduce the need for citizens to provide the same information to different public authorities. Furthermore, we can drive more efficiency and be better equipped to identify and offer the right services to the right people at their point of need”.

8. How do you offer such tailored services? How do you reduce the need to register with a lot of different public authorities? Answer, by sharing personal information all round central government departments and their agencies and local government. That’s what’s new.

9. Whereas, until now, each public authority guarded your personal information in their own record-keeping systems – or “silos” as some people call them pejoratively – henceforth your personal information will be made available to any authority in possession of agreed access rights.

10. That inversion of the current settlement was sanctioned in 2013 by the G8’s Open Data Charter. According to HMRC’s Sharing and publishing data for public benefit: “the UK helped secure the G8’s Open Data Charter, which presumes that the data held by Governments will be publicly available unless there is good reason to withhold it” (p.4). Withheld-by-default has become disclosed-by-default.

11. As noted, Lord Maude said that Whitehall aims to share data “for the good of everyone”.

12. As far as he is concerned nothing has changed since 1937 when Douglas Jay wrote in The Socialist Case: “Housewives as a whole cannot be trusted to buy all the right things, where nutrition and health are concerned. This is really no more than an extension of the principle according to which the housewife herself would not trust a child of four to select the week’s purchases. For in the case of nutrition and health, just as in the case of education, the gentleman in Whitehall really does know better what is good for people than the people know themselves”.

13. That’s the theory but in fact you can give a Whitehall agency all the information about people that there is and they can still make those people’s lives worse. Think of the Child Support Agency, which ministered to families already in turmoil and managed nevertheless to increase their misery.

14. Mr Green’s consultation comprises four codes of practice on the sharing of information in (a) public service delivery, (b) civil registration, (c) national statistics and (d) research and a fifth document, (e) a statutory instrument for regulating all this information-sharing. Nowhere among them will you discover a detailed worked example of how information-sharing will be “good for everyone”, as Lord Maude put it. The public don’t know what they’re buying at the cost of their privacy.

15. Mr Green gives no reason to believe that “the gentleman in Whitehall really does know better what is good for people than the people know themselves”, as Mr Jay put it, and therefore no reason to believe that we should now sanction massive information-sharing which has been hitherto prohibited.

16. We don’t mind if information about the location of bus stops is made public (to choose the favourite example of the Open Data Institute) – that’s obviously open data. We do mind if our GP records are disclosed. NHS England’s care.data scheme planned to do just that, starting in April 2014. The doctors revolted and the patients revolted and care.data had to be scrapped. The lessons of that failure have not been learned.

17. You might hope that Mr Green would define “personal information” so that we can distinguish it from “open data” but he doesn’t.

18. In Mr Green’s public service deliverydocument clause 8 says: “While we consider the terms ‘information’ and ‘data’ to have the same meaning, ‘personal information’ in the Digital Economy Act 2017 has a slightly different meaning to ‘personal data’ in the Data Protection Act 1998. In this Code, personal information is information which relates to and identifies a particular person or body corporate (but which does not relate to the internal administrative arrangements of a person who may disclose or receive information under the Act”.

19. We are none the wiser thanks to clause 8, there is no clear distinction between the two and the door is open for Whitehall to treat our personal information in the same way as open data, just as the Guardian suggested.

20. In this new world clause 45tells us that information-sharing will be sanctioned if its purpose is “the improvement or targeting of a public service provided to individuals or households, or the facilitation of the provision of a benefit (whether or not financial) to individuals or households” or if its purpose is “the improvement of the wellbeing of individuals or households”. If any public authority can prove that their objectives satisfy those conditions then they will be granted access rights to our open data and our personal information without distinction.

21. Give Whitehall the data and they will know how to provide you with a benefit and improve your wellbeing? On the one hand, they may know how to but the codes of practice place public authorities under no duty actually to proceed and improve the general wellbeing. On the other hand, they may not know how to. That is the more likely case.

22. The experience of the Child Support Agency suggests Whitehall do not know how to improve the general wellbeing, however much data they have to hand. They can’t do these utilitarian calculations. You may keep your part of the bargain and hand over your personal information and yet Whitehall may still fail to increase the general wellbeing.

23. It’s not just the Child Support Agency. Take another example. The Government Digital Service (GDS). The very people to whom responses to Mr Green’s consultation have to be sent. The very people supposedly in charge of data sciencefor Whitehall.

24. In January 2016 GDS published a blog postabout a modelling toolthey had devised which predicts how many people in the UK will be able to open a GOV.UK Verify (RIP) account. GOV.UK Verify (RIP) is GDS’s identity assurance scheme and according to the model over 80% of the UK population would be able to open an account by July 2016. Completion rates are currently running at about 38%. Their model doesn’t work.

25. Do GDS or any other ladies or gentlemen in Whitehall have a model for calculating “the wellbeing of individuals or households”? Mr Green doesn’t say that they do. We need to see this model working before his provisions for information-sharing are adopted.

26. Clause 48tells us that information-sharing will notbe sanctioned if its “objective is punitive instead of providing a benefit and improving wellbeing” and gives as examples “identifying individuals operating in the grey economy” and “identifying welfare claimants erroneously receiving welfare benefits”.

27. One official may believe that identifying DWP mistakes is punitive, in which case no information-sharing will be allowed. Another official may believe that it contributes to other people’s wellbeing and is a benefit to other people, in which case information-sharing will be allowed.

28. Mr Green’s officials and their predecessors have had five years and more to work out confidence-inspiring codes of practice and regulations for their revolution in information-sharing. They have failed. Presumably they’re not interested.


(1,573 words) 


Updated 4.5.18

As we know, last month, the Government Digital Service (GDS) lost their strategic national responsibility for "data". That responsibility has now been given to the Department for Digital Culture Media and Sport (DCMS).

Why?

Every now and again, GDS like to remind us. Please see for example Kevin Cunnington: What next for the Government Digital Service, which includes this graphic:


14 billion. That's the "approximate number of page views on the GOV.UK site during its five-year lifespan". So what? Is that a big number? Or a small one? Is it the right number to aim for? Or should it be higher? Or lower? Is it twice as good as 7 billion? Or maybe half as good. After all, a lot of people have spent a lot of time and used a lot of electricity loading 14 billion pages into their browsers. Was that productive? GDS don't tell us. GDS don't know.

People whose job it is to deal with data use numbers to convey a thought, to give a message, to tell people something, to provide information. This 14 billion number tells us nothing, it raises all sorts of questions and the only answer is that GDS isn't the natural home of data, they don't think that way, it's not their métier.

Ditto with the 242 "services using GDS Government-as-a-Platform [GaaP] companies, such as Pay, Notify and Verify".

They're not "companies". They're platforms. Data people – statisticians, people who work for the Office for National Statistics, ... – label their axes accurately. Unlike GDS.

GOV.UK Notify alone accounts for 220 of the services using GDS GaaP platforms. Data people would mention it if the population is so heavily skewed. Unlike GDS. Data people would realise that it's not remarkable that 220 government services use email and texts for workflow management. The big question is why don't more government services use GDS's GOV.UK Notify? Instead, they use other platforms. And have done for decades.

15 government services use GDS's GOV.UK Pay, which has so far collected £1.15 million, about 0.005% of the UK government's annual revenue. Data people trying to convey something of the microscopic scale of this operation would mention that. Unlike GDS. Again, as with GOV.UK Notify, the big question is why don't more government services use GDS's GOV.UK Pay? Instead, they use other platforms. And have done for decades.

According to its dashboard on GDS's performance platform GOV.UK Verify (RIP) has 17 government services using it. 220 + 15 + 17 = 252. Not the 242 Mr Cunnington's graphic claims. Data people can add up. Unlike GDS, apparently.

"GOV.UK Verify [RIP] has been used more than 5.4 million times to access services". That's what Mr Cunnington tells us in the text of his article but, you're getting the hang of this now aren't you, you have to check everything, and according to the GOV.UK Verify (RIP) performance dashboard, 2.21 million accounts have been created and "reused" (used?) 3.82 million times, not 5.4 million times. They can't both be right, Mr Cunnington and the performance dashboard. The difference is a substantial 1.58 million. Which of them is closer to the correct figure? Data people wouldn't publish a mistake like that. Unlike GDS.

GOV.UK Verify (RIP) uses seven companies as "identity providers". So we proles can create up to seven GOV.UK Verify (RIP) accounts each. Do the 2.21 million GOV.UK Verify (RIP) accounts represent 2.21 million people? Or just 315,714.29 people? Or some point in between? What point? How many people are using GOV.UK Verify (RIP)? Data people would know the answer and tell us. Unlike GDS, who may not even know.

Why aren't more government services using GOV.UK Verify (RIP) for their identity assurance? The system's been "live" for two years now. Is it because 57% of attempts to use it fail? Nothing in the graphic tells a reader that GOV.UK Verify (RIP) fails more often than not. Data people wouldn't use figures to create a false impression. Unlike GDS.

What many government services actually use for identity assurance is the Government Gateway, a platform which has been with us for 17 years, which has collected trillions of pounds of government revenue by now and which can be used by companies as well as natural people, unlike GOV.UK Verify (RIP). There is no performance dashboard for the Government Gateway. Nor for the email and payments platforms which are used in preference to GOV.UK Notify and GOV.UK Pay, and have been for decades. Data people would try to paint in the background to GaaP and identify the competition. Unlike GDS.

GDS have expressed the belief in the past that parliamentary debate and written legislation are irrelevant. In future, they assert, policy will be the result of analysing data. With GDS in charge of data? No. You can see why that responsibility was taken away from them.

"Data Science Ethical Framework" – contempt for the public

Housewives as a whole cannot be trusted to buy all the right things, where nutrition and health are concerned. This is really no more than an extension of the principle according to which the housewife herself would not trust a child of four to select the week’s purchases. For in the case of nutrition and health, just as in the case of education, the gentleman in Whitehall really does know better what is good for people than the people know themselves.

That was Douglas Jay in 1937, writing in The Socialist Case. How much has changed 79 years later?

-----  o  O  o  -----

Friday 20 May 2016

Furtive

The Rt Hon Matt Hancock MP, Minister for the Cabinet Office, gave a speech yesterday to launch the Data Science Ethical Framework. It got off to a wobbly start:
When Alan Turing proposed the Turing Machine and his theory of machine intelligence, he would not have imagined that his early ideas of computing and algorithms would be enhanced and evolved using the quintillions of bytes of data we generate today.
There's no telling what Alan Turing would or would not have imagined.

The speech wobbled on:
Turing’s work on enigma during the war, working with Bill Tutte who remained less recognised, is a piece of history we are all familiar with.
Was the minister about to tell us more about Bill Tutte?

No. He wanted to talk about artificial intelligence putting humans out of work ...
We’ve heard this before - from the Luddites to Keynes to Harold Wilson, history is littered with those predicting the end of work. And history has proved them wrong every time.
 ... at least briefly he wanted to talk about that, but then he moved on from Harold Wilson to himself:
Across government we are working hard to ensure data and data-science techniques are put to good use; improving data quality and security through canonical registers, integrating data into digital services; and using cutting edge data science techniques to improve government policy and services.
The minister recognised that you may be a bit confused about canonical registers and kindly explained that:
Digital transformation has no meaning or real world effect unless it is the driver for business transformation, of changes in culture.
Soon we were back on familiar territory:
The [Digital Economy] Bill will allow more modern use of data, to improve services or tackle fraud. And it will do this within a strong framework of data protection and protection of personal information ... It is vital we seize the opportunities that data science presents. The biggest risk would be to do nothing and to miss out on the enormous potential to improve the lives of our citizens.
3 November 2015
The Minister for Cabinet Office Matt Hancock spoke about data-driven government at the Open Data Institute (ODI) summit

The digital platforms we’re building, led by the brilliant GDS, will depend on strong data foundations.
We're back to The magic of open data and revolutionising the relationship between the citizen and the state and open data expanding the economy by causing innovation and up-ending the Constitution so that personal information is disclosed by default while somehow respecting our privacy.

The minister was about three-quarters of the way through his speech now, he's said all this before, the benefits of open data remain dubious, the threats to our privacy are substantial and in his peroration the minister tried to reassure us that there is a new data science ethical framework in the offing.

There was just one other matter slipped in before the final canter:
Privacy or cyber security are nothing without reliable verification of identity. So I'm delighted to announce that GOV.UK Verify [RIP] has passed its service assessment and will go live next week ... Verify allows secure and straightforward identity checking without the need for an identity database - and underpins the digital transformation of government ...
GOV.UK Verify (RIP) has passed its service assessment? Janet Hughes is the Programme Director of GOV.UK Verify (RIP). And she's the "lead assessor for Digital by Default Service Standard Assessments". And she's on the executive management committee of the Government Digital Service, GDS, the only begetters of GOV.UK Verify (RIP).

But no time to ask about that and no time to ask how reliable, secure and straightforward GOV.UK Verify (RIP) is because, immediately, the minister was back to:
Technology is constantly changing, new techniques constantly invented. These offer huge opportunities to improve lives, to create jobs, to connect better the citizens and the state. We must be at the forefront of this change, secure yet ambitious, else we will count the cost.
We have asked before which senior figures in government would be prepared to put their name to the declaration that GOV.UK Verify (RIP) is "live". Now we know. Poor Rt Hon Matt Hancock MP, Minister for the Cabinet Office.

Furtive

The Rt Hon Matt Hancock MP, Minister for the Cabinet Office, gave a speech yesterday to launch the Data Science Ethical Framework. It got off to a wobbly start:
When Alan Turing proposed the Turing Machine and his theory of machine intelligence, he would not have imagined that his early ideas of computing and algorithms would be enhanced and evolved using the quintillions of bytes of data we generate today.
There's no telling what Alan Turing would or would not have imagined.

Wednesday 18 May 2016

RIP IDA – worse than you thought

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.

The problem you already knew about ...
The point of GOV.UK Verify (RIP) is to assure central government departments like HMRC, Her Majesty's Revenue and Customs, that the person on the other end of the line is who they say they are. GOV.UK Verify (RIP) follows the good practice, we are told, set out in GPG45, Good Practice Guide 45.

Chapter 4 of GPG45, p.9, provides for four levels of assurance, 1-4.

Level 1 isn't much use to a relying party such as HMRC, the identity hasn't been proved at all.

Level 2 gets a bit more useful: "The steps taken to determine that the identity relates to a real person and that the Applicant is [the] owner of that identity might be offered in support of civil proceedings". Level 2 might support identification in a civil court. It might. It might not.

Levels 3 and 4 are successively more reliable. But that's irrelevant at the moment as GOV.UK Verify (RIP) is only offering Level 2.

What's more, it's having trouble reaching even Level 2 according to OIX, the Open Identity Exchange, the Government Digital Service's business partner. If GOV.UK Verify (RIP) could use our personal bank account information, OIX say, that "would help [to] achieve the required standards against the 5 elements of identity assurance at level of assurance 2" (p.11).

To some extent, OIX have now got their wish. GDS tell us that: "In the last few months, we've seen new data sources and methods being introduced, and we've worked with mobile network operators as they've developed a new phone contract validation service that’s now in live use in GOV.UK Verify [RIP] ... It’s also now possible to verify your identity without either a passport or driving licence, thanks to a new method introduced by one of our certified companies which allows you to use your bank account as proof of your identity".

They've got their additional data and it's not helping. The GOV.UK Verify (RIP) account creation success rate remains stuck at around 70%. Young people have trouble opening an account, so do old people and unemployed people and people on low incomes.

Hat tip someone, it's all a far cry from the 16 September 2014 GOV.UK Verify (RIP) service assessment, when the assessors' report called for GDS to "actively work with the market to grow [demographic] coverage to as close to 100% as can be achieved, as early as possible during the Beta".

... may be worse than you thought
But suppose GOV.UK Verify (RIP) achieved 100% demographic coverage and enrolled everyone into GOV.UK Verify (RIP) with a level of assurance of 2. Then what?

Enter NIST, the US National Institute of Standards and Technology. They've come up with a draft of some new so-called "800-63" guidance about how to do the identity verification job.

They're a thorough lot, NIST. They look at GDS's "level of assurance" and they see not one thing but three things:
A new approach for digital authentication solutions is required by these guidelines, separating the individual elements of identity assurance into discrete, component parts. For non-federated systems, agencies will select and combine two (2) individual components, referred to as Identity Assurance Level (IAL) and Authenticator Assurance Level (AAL). For federated systems, a third component, Federation Assurance Level (FAL), is required.
  • IAL refers to the robustness of the identity proofing process and the binding between an authenticator and a specific individual.
  • AAL refers to the robustness of the authentication process itself.
  • FAL refers to the robustness of the federation assertion protocol utilized to communicate authentication and attribute information (if applicable) to a relying party.
GDS's level of assurance has four possible values, as noted, from 1 to 4. NIST's IAL has only three values, 1 to 3. An IAL of 1 is self-assertion, as with GDS, and is useless to a relying party. 2 is better and 3 is best, requiring attendance in person by the applicant and verification by a trained operative.

NIST compare this new suggestion of theirs with several other identity verification standards, including GDS's GPG45, and they summarise their thoughts in this table (para.2.4):

SP 800-63 [GPG45] [RSDOPS] STORK 2.0 29115:2011 ISO 29003 Government
of Canada
N/A N/A Level 01 N/A N/A N/A N/A
AAL/IAL 1 Level 1 Level 1 QAA Level 1 LoA 1 LoA 1 IAL/CAL 1
AAL/IAL 1 Level 2 Level 2 QAA Level 2 LoA 2 LoA 2 IAL/CAL 2
AAL/IAL 2 Level 3 Level 3 QAA Level 3 LoA 3 LoA 3 IAL/CAL 3
AAL/IAL 3 Level 4 N/A2 QAA Level 4 LoA 4 LoA 4 IAL/CAL 4

As far as NIST are concerned, GDS's level of assurance 2 is no better than 1.

They both map to a NIST IAL of 1. Self-assertion.

GOV.UK Verify (RIP) could achieve 100% demographic coverage at level of assurance 2 and, in NIST's view, still not have anything useful for HMRC to rely on.

----------

Updated 3.6.16

GOV.UK Verify (RIP) uses your name, address, date of birth and, optionally, your sex to try to verify your identity on-line, together with your passport details, your driving licence details and your credit history. We know, see above, that GOV.UK Verify (RIP) can also use your mobile phone contract and/or your bank account.

Who gave your mobile phone network operator permission to share your data with the Government Digital Service (GDS)? Very possibly, no-one. Who gave your bank permission to share your data with GDS? Very possibly, ditto.

Desperate to try to raise the reliability of GOV.UK Verify (RIP) off the floor and above the level of self-certification, GDS look as though they're taking a few ethical short cuts, the latest of which involves grabbing your charitable donation history, please see JustGiving and GOV.UK Verify [RIP]: Exploring JustGiving information as part of the GOV.UK Verify [RIP] process (pp.3-4):
The first hypothesis explored the response of JustGiving users if information about their activity on JustGiving was used by a GOV.UK Verify [RIP] Certified Company as part of the verification process ...
"No holds barred", as the referee used to say, GDS look as though they're prepared to try to wrestle all our personal information out of us even if they are incapable of performing on-line identity verification.


Updated 9.12.16

On Monday morning this week GDS published Future-proofing our approach to identity verification. That's a blog post about GOV.UK Verify (RIP).

Read the title quickly and you may be tempted to believe that the authors describe how GDS have future-proofed identity verification. That's not what it says. It's the approach to identity verification that has allegedly been future-proofed.

There's no telling what that means. But read the blog post in full, and it's clear that nothing has been future-proofed. GDS hope that OIX, their business partner, might be able to find some way to establish a reliable link between a GOV.UK Verify (RIP) identity and a person.

The approach to identity verification favoured by GDS is knowledge-based: "Knowledge based verification (KBV) involves asking the user a range of questions only they would know the answer to". That can't be right, can it. If only the user knows the answer, then GOV.UK Verify (RIP) can't tell whether the answer is right.

"There are further innovative data sources and methods currently being explored in the private sector that would be both secure and convenient for GOV.UK Verify [RIP] users". Such as? What further innovative data sources and methods? GDS don't tell us.

That's because they don't know. They don't know how to improve KBV. Instead, they're asking OIX to ask the market if they know: "We are inviting the market to submit a proposal to help us explore what alternative, additional or complementary data sources are being used in the market for KBVs".

They haven't future-proofed anything. They've issued an invitation. An invitation to submit a proposal. A proposal to help GDS explore. Explore an alternative data source or an additional one (what's the difference here between "alternative" and "additional") or a complementary one.

That flabby invitation is GDS's response to the failure of GOV.UK Verify (RIP) to rise above the level of self-certification.

To the extent that Kevin Cunnington's strategy for GDS depends on the success of GOV.UK Verify (RIP), the strategy's had it. Mr Cunnington is the director general of GDS and he's promised the public a strategy before Christmas. 15 days to go. Good luck with that.

RIP IDA – worse than you thought

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.

The problem you already knew about ...
The point of GOV.UK Verify (RIP) is to assure central government departments like HMRC, Her Majesty's Revenue and Customs, that the person on the other end of the line is who they say they are. GOV.UK Verify (RIP) follows the good practice, we are told, set out in GPG45, Good Practice Guide 45.

Chapter 4 of GPG45, p.9, provides for four levels of assurance, 1-4.

Level 1 isn't much use to a relying party such as HMRC, the identity hasn't been proved at all.

Level 2 gets a bit more useful: "The steps taken to determine that the identity relates to a real person and that the Applicant is [the] owner of that identity might be offered in support of civil proceedings". Level 2 might support identification in a civil court. It might. It might not.

Levels 3 and 4 are successively more reliable. But that's irrelevant at the moment as GOV.UK Verify (RIP) is only offering Level 2.

What's more, it's having trouble reaching even Level 2 according to OIX, the Open Identity Exchange, the Government Digital Service's business partner. If GOV.UK Verify (RIP) could use our personal bank account information, OIX say, that "would help [to] achieve the required standards against the 5 elements of identity assurance at level of assurance 2" (p.11).

To some extent, OIX have now got their wish. GDS tell us that: "In the last few months, we've seen new data sources and methods being introduced, and we've worked with mobile network operators as they've developed a new phone contract validation service that’s now in live use in GOV.UK Verify [RIP] ... It’s also now possible to verify your identity without either a passport or driving licence, thanks to a new method introduced by one of our certified companies which allows you to use your bank account as proof of your identity".

They've got their additional data and it's not helping. The GOV.UK Verify (RIP) account creation success rate remains stuck at around 70%. Young people have trouble opening an account, so do old people and unemployed people and people on low incomes.

Hat tip someone, it's all a far cry from the 16 September 2014 GOV.UK Verify (RIP) service assessment, when the assessors' report called for GDS to "actively work with the market to grow [demographic] coverage to as close to 100% as can be achieved, as early as possible during the Beta".

... may be worse than you thought
But suppose GOV.UK Verify (RIP) achieved 100% demographic coverage and enrolled everyone into GOV.UK Verify (RIP) with a level of assurance of 2. Then what?