Saturday 9 July 2016

Take care of the sense and the sounds would take care of themselves

"digital" v. "transformation"
Some of the Government Digital Service's time the other day was filled up with fundamental research into the correct name for the organisation, please see tweets below.

Nothing has come of it so far. Is "digital" a really unhelpful word? The jury is still out.

"data-sharing" v. "data-linking" v. "data access"
Next day, GDS, or whatever they're called now, published Data access legislation and data reform:
On Tuesday we published data access legislation as part of the Digital Economy Bill. The Bill is an important part of what we are seeking to do in GDS to transform our relationship to data and unleash the next decade of innovation and public service reform ...

Our clauses in the Digital Economy Bill are described as being about ‘data sharing’, although our preferred term is ‘data access’, because we think it better reflects the way technology and practices for handling data across government are changing.
Is data-sharing less controversial if the name is changed to "data access"?

You may remember a little spat between the Cabinet Office and the Guardian newspaper a few years ago. The Cabinet Office objected to the newspaper describing their plans as "data-sharing". They demanded an apology. They didn't want data-sharing at all and it was a calumny even to suggest that they did. No, what they wanted was "data-linking" and that's quite different.

That was four years ago in April 2012 and apparently the Cabinet Office, or at least GDS, or whatever they're called now, still think that they can overcome the problems of data-sharing just by changing the name.

"enhances" v. "impugns"
Further on in GDS's data reform blog, we read that:
... government's commitment to enabling a digital state that has privacy at its heart can be seen in the design of GOV.UK Verify [RIP]. This platform is a new way to safely and straightforwardly prove who you are online when accessing services like filing your tax return, viewing your driving licence or applying for Universal Credit. Besides being quick and simple to use it enhances privacy because information is not stored centrally, and there’s no unnecessary sharing of information. The company you choose to verify your identity doesn’t know which service you’re trying to access, and the government department doesn’t know which company you choose.
"The company you choose to verify your identity" could be any one of GDS's first-nine-then-eight-now-seven "identity providers". Sometimes they're called "identity providers", which is an odd, science fiction-like name. And sometimes they're called "certified companies" even though three of them aren't certified. GDS really do have problems with language ...

... and not just with the correct name for "identity providers". We noted over a year ago that when they're talking about GOV.UK Verify (RIP) GDS distinguish between the first time you verify your identity with an "identity provider" and subsequent occasions. The distinction is perfectly clear. The first time is when you register with an "identity provider".

But GDS didn't want to use the word "register". Because that would remind people of the National Identity Register on which the Home Office's failed ID cards scheme depended. And obviously GDS didn't want to be associated with that. Nevertheless, registering is exactly what you're doing if and when you open a GOV.UK Verify (RIP) account.

GDS would have you believe that GOV.UK Verify (RIP) "enhances privacy because information is not stored centrally, and there’s no unnecessary sharing of information". Is your privacy really enhanced by having your personal information stored all over the world with multiple companies beyond your control? That's what happens with GOV.UK Verify (RIP).

Is "enhances" the right word here? Surely "impugns" would be more accurate – GOV.UK Verify (RIP) impugns privacy because information is quite unnecessarily stored all over the world with massive and uncontrollable sharing or linking or access ...

"The company you choose to verify your identity doesn’t know which service you’re trying to access, and the government department doesn’t know which company you choose"? That may be true. But someone has to know. Otherwise there would be no audit trail.

That someone is GDS, and they know thanks to the GOV.UK Verify (RIP) identity hub.

"Government's commitment to enabling a digital state that has privacy at its heart"? That's not what it looks like. Never mind which words GDS use to describe it, their putative "digital state" is an utter stranger to any recognisable concept of privacy.

Take care of the sense and the sounds would take care of themselves

"digital" v. "transformation"
Some of the Government Digital Service's time the other day was filled up with fundamental research into the correct name for the organisation, please see tweets below.

RIP IDA – openness closes as Verizon bolts again and penetration becomes a mystery

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
The Government Digital Service (GDS) continue to promote GOV.UK Verify (RIP) to central government departments, local government and the private sector.

GOV.UK Verify (RIP) has its own dashboard on the GOV.UK performance platform. Yesterday, GDS published a blog post, Improving our reporting, announcing certain changes to the dashboard.

Openness
The GOV.UK Verify (RIP) dashboard has always listed the "identity providers" contracted to GDS. In the name of "improving our reporting", that list has been dropped. Its omission is not mentioned in the Things we’ve removed section of yesterday's blog post.

Why not?

Possibly because GDS have lost one of their "identity providers". Verizon have gone missing again. If you tried to create a GOV.UK Verify (RIP) account for yourself at 00:30 this morning you were advised by GDS that "3 companies can verify you now" – digidentity, Experian and the Post Office. You were also advised that "we’ve filtered out 4 companies, as they’re unlikely to be able to verify you" – Barclays, CitizenSafe, the Royal Mail and SecureIdentity.

What confidence can central and local government and the private sector have in GOV.UK Verify (RIP) when GDS themselves tell applicants that only three of their "identity providers" work? And when GDS fail to make an announcement that one of their "identity providers" has gone missing.

Penetration
GDS have always maintained that their objective is for GOV.UK Verify (RIP) to be capable of registering at least 90% of the population. That was one of their conditions for declaring GOV.UK Verify (RIP) to be "live".

The goalposts were moved in May 2016 when GOV.UK Verify (RIP) was declared "live" even though the account creation success rate still languished 20% adrift on about 70%.

The goalposts have now been entirely removed – "We’ve taken 3 measures off the service dashboard: ‘Authentication success rate’; ‘Account creation’; and ‘User sign in’ ... None of these measures tell us or the user much about how well GOV.UK Verify [RIP] is performing ...".

Central government, local government and the private sector may disagree. GDS were right the first time. The account creation success rate is an important indicator. It told everyone a lot about "how well GOV.UK Verify [RIP] is performing" and its omission from the dashboard now, far from improving GDS's reporting, is a serious warning.


RIP IDA – openness closes as Verizon bolts again and penetration becomes a mystery

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
The Government Digital Service (GDS) continue to promote GOV.UK Verify (RIP) to central government departments, local government and the private sector.

GOV.UK Verify (RIP) has its own dashboard on the GOV.UK performance platform. Yesterday, GDS published a blog post, Improving our reporting, announcing certain changes to the dashboard.

Wednesday 6 July 2016

Old local authority briefing reviewed on the Antiques Roadshow*

"New Socitm, ADASS and LGA briefing sets out challenges in implementing ID assurance methods that can limit information loss and identify fraud", says the Government Computing website in an article published yesterday, 5 July 2016, Social care providers called on to set out online identity strategies.

Socitm is the pre-eminent society for IT practitioners in the UK public sector and they issued a press release on 4 July 2016, Social care leaders urged to consider options for managing identity and authentication online for service users and providers.

That press release refers to a briefing they have prepared on identity and authentication which includes several questionable claims. Among others (p.7):
  • "The UK Government has adopted GOV.UK Verify [RIP] for central government service providers such as HM Revenue & Customs (HMRC) and, of particular interest for local public services, the Department for Work and Pensions (DWP)." – neither HMRC nor DWP is relying on GOV.UK Verify (RIP), and neither are the NHS nor the nation's payments industry.
  • "GOV.UK Verify [RIP] ... uses a range of identity providers ... to check that users are who they say they are. Currently, four companies are connected: Digidentity, Experian, Post Office and Verizon. It is planned that they will be joined by five more (Barclays, Paypal, Morpho, Royal Mail and GB Group) before GOV.UK Verify goes live in April 2016." – Paypal have pulled out, GOV.UK Verify (RIP) was declared live in May 2016, the Post Office, Morpho and the Royal Mail have yet to be certified trustworthy by tScheme.
  • "The infrastructure of GOV.UK Verify [RIP] is built to meet the privacy principles developed by PCAG and will ensure a greater degree of privacy than is likely through a locally developed solution." – GOV.UK Verify (RIP) doesn't abide by a single one of PCAG's identity assurance principles and accountholders find their personal information sprayed all over the world beyond their control.
  • "At the current time, GOV.UK Verify [RIP] is in public beta for the following seven services ... A further 30 government services are planned to be implemented by April 2016." – in the event, GDS claim that there are just nine government services using GOV.UK Verify (RIP) today, not 37.
  • "And it’s fast: it takes about 15 minutes the first time you verify your identity, and less than a minute each time after that." – the first time you verify your identity is what we would normally call "registration", it's not a race, it's hard and unwise to evaluate the terms and conditions of business of eight "identity providers" before registering in 15 minutes flat.
  • ...
The Socitm/ADASS/LGA briefing mentions the level of assurance that can be achieved on-line as to whether someone is who they say they are (p.4). The US National Institute of Standards and Technology say that GOV.UK Verify (RIP) only achieves Level 1, which is no good to a local authority trying to decide whether to pay for someone's social care.

The briefing also mentions attribute exchange (p.5) and calls yet again on the Warwickshire County Council attempt to automate applications for Blue Badges. Three years ago Ian Litton's prototype was just a prototype and three years later it's still just a prototype. There's a warning there for local authorities.

The briefing was published in December 2015, six months ago. It had faults then and it's got more now. Issuing a press release the day before yesterday suggesting that the briefing is up to date could cause confusion – local authorities, beware.

----------

* In case you don't know, the Antiques Roadshow is a BBC TV programme in which members of the public bring along an ancient artefact to a swanky venue and experts decide whether it's unexpectedly valuable or just yet another old mass produced identity and authentication briefing.

Old local authority briefing reviewed on the Antiques Roadshow*

"New Socitm, ADASS and LGA briefing sets out challenges in implementing ID assurance methods that can limit information loss and identify fraud", says the Government Computing website in an article published yesterday, 5 July 2016, Social care providers called on to set out online identity strategies.

Socitm is the pre-eminent society for IT practitioners in the UK public sector and they issued a press release on 4 July 2016, Social care leaders urged to consider options for managing identity and authentication online for service users and providers.

Monday 4 July 2016

The copulation of propositions (iterating in public)

David Hume, A Treatise of Human Nature (1739):
In every system of morality, which I have hitherto met with, I have always remarked, that the author proceeds for some time in the ordinary ways of reasoning, and establishes the being of a God, or makes observations concerning human affairs; when all of a sudden I am surprised to find, that instead of the usual copulations of propositions, is, and is not, I meet with no proposition that is not connected with an ought, or an ought not. This change is imperceptible; but is however, of the last consequence. For as this ought, or ought not, expresses some new relation or affirmation, 'tis necessary that it should be observed and explained; and at the same time that a reason should be given, for what seems altogether inconceivable, how this new relation can be a deduction from others, which are entirely different from it ...
The Government Digital Service (GDS) have several times recently served up a gem of an example of Hume's is-ought problem, most recently in What GDS is for:
By 2030, policy making will be service design. Ideas and implementation will be so closely tied, you won’t be able to have one without the other. Thinking in code, iterating in public - these will be the norm.

Policy making will be minimally designed and built as a framework which allows flexibility and feedback, not as a conclusion.

The way that the law is made will have changed ...
GDS may believe that the way UK law is made ought to change. They are in no position to say that it will change. There is no discernible popular outcry demanding that the law should in future be made by GDS manipulating data. Where did GDS get the laughable idea that anyone would ask them about legislation or policy-making?

They made the same suggestion in What government might look like in 2030. But that's just not what GDS is for. They seem to have convinced the Cabinet Office Minister. That's a worry. They should all go out for a walk and get some fresh air.

According to What GDS is for:
Lots of the government services we have today evolved over a very long time. The service itself - the thing that the user experiences - cuts across organisational boundaries. Boundaries that users don’t care about, and shouldn’t be expected to understand.

For example: think about how benefits are divided between DWP and HMRC. Or how offenders and other people dealing with the criminal justice system have to be in touch with the police and the courts, prisons and probation staff. Or how complicated it is to start a business, because you have to get in touch with BIS, HMRC and Companies House, at least ...
Who says that users don't care or that it's expecting too much of them to understand? GDS.

What is the alternative for offenders to being in touch with several different services? GDS don't say.

What they do say is that you can't start a business without contacting BIS, the Department for Business Innovation and Skills. And there, they're just wrong. They've obviously never started a business, they're guessing and, bad luck, they've guessed wrong.

Communicating via walls – and tea towels – is no substitute for experience. Neither is calling in the consultants which is what GDS appear to have done. Because here they are again promoting Simon Wardley and Mark Thompson's natty pictures of value chains with their ubiquity and certainty:

"This diagram is my attempt to explain that a bit",
says Stephen Foreshew-Cain, once a consultant
and now the executive director of GDS

GDS have been trying to explain "where they're at and where they're going" for some months now. It's obviously difficult. We still don't know what GDS is for. And quite clearly neither do they. They ought to but they don't.

The copulation of propositions (iterating in public)

David Hume, A Treatise of Human Nature (1739):
In every system of morality, which I have hitherto met with, I have always remarked, that the author proceeds for some time in the ordinary ways of reasoning, and establishes the being of a God, or makes observations concerning human affairs; when all of a sudden I am surprised to find, that instead of the usual copulations of propositions, is, and is not, I meet with no proposition that is not connected with an ought, or an ought not. This change is imperceptible; but is however, of the last consequence. For as this ought, or ought not, expresses some new relation or affirmation, 'tis necessary that it should be observed and explained; and at the same time that a reason should be given, for what seems altogether inconceivable, how this new relation can be a deduction from others, which are entirely different from it ...

Wednesday 29 June 2016

Communicating via the walls

Good culture evolves from the bottom up, Stephen Foreshew-Cain told us the other day. So does bad culture. And culture can be influenced from the top, for good or ill.

Mr Foreshew-Cain is the executive director of the Government Digital Service (GDS), where "we don’t always get it right, but one thing we’ve found that does work is communicating via the walls", he says. "Communicating via the walls" means pinning posters up, reminding the staff to be bold, for example.


There always has been a thriving industry in motivational tea towels. But that's not GDS's raison d'être. They're meant to be there in Whitehall to accomplish the digital transformation of government.

That's not about computers, Mr Foreshew-Cain says. What is it about then?

In a nutshell, "digital means applying the culture, practices, processes and technologies of the internet era to respond to people’s raised expectations".

That definition of "digital" comes from Tom Loosemore, deputy director at GDS until his internet "jibba jabba" caused him to be ejected last September. The internet, or at least the web, has been used to distribute pornography in industrial quantities. Presumably that isn't the culture Messrs Foreshew-Cain and Loosemore want to emulate but nothing in their definition of "digital" prevents that interpretation – "the digital transformation of government" means making pornography easily available to everyone everywhere?

Mr Loosemore doesn't advocate pornography. He's far more interested in the government compiling a single source of truth, registers of everyone's personal information, a pre-internet delusion suffered most notably by the Stasi.

Disappointingly, Mr Foreshew-Cain just seems to advocate whatever Mr Loosemore advocates. Him and Mike Bracken and Martha-now-Lady Lane Fox.

Even more disappointingly, so does the editor of Computer Weekly magazine, please see After Brexit, we have a legacy government - so let's build a new one based on digital technology: "let’s approach the post-Brexit government IT world like a tech startup wherever possible. Eliminate silos from day one. Integrate systems and processes under a common digital architecture. Start from citizens’ needs, not the needs of the Whitehall machine. Build a common data platform and make that data open. Develop a government ecosystem built on open standards and APIs ...".

Most disappointing is the case of Richard Heaton, permanent secretary at the Ministry of Justice, who has just published 5 ways we are putting data in the driving seat: "Comparing individual data against population data will help managers predict and prevent patterns of infection in hospitals, or incidents of violence or self-harm in prisons. You will all be able to think of similar examples ... Could we go further, and replace human decisions about people’s lives with machine learning and predictive analysis?".

The funny thing is that GDS aren't actually all that good at digital. Their batch application system for voter registration fell over when too many people tried to use it. Ditto their petitions system. Their payments system for farmers had to be abandoned. And so it goes, on. Quite why Whitehall would listen to GDS's walls or read their tea towels is not clear. Nor is it clear what GDS have to offer local government.

Unlike the rest of Whitehall and unlike our local authorities in the UK, GDS aren't steeped in the business of government. Their chosen special subject is front ends. They're interested in the user interface between people and websites. That's all.

And that's a problem ...

... a problem laid bare in Digital Government: overcoming the systemic failure of transformation (hat tip: David Chassels), a paper written by two academics at Brunel, Paul Waller and Professor Vishanth Weerakkody (pp.7-8):
We argue that there are (at least) three delusions associated with this approach to deploying digital technology in government and public administration. These delusions are that:
  • it is about slashing administrative costs: in fact it raises needs for resources for development, maintenance, security, cyber-defence, dealing with scam imitations (UK HM Revenue and Customs acted to shut down 1,740 illegal sites in 2013), extension/redesign to meet new channels e.g. mobile platforms, and complete redevelopment every 5-10 years,
  • everything has to be user-focused: but not much of a government or public administrative function directly involves citizens so a focus on the interface misses the point about “transforming government processes”,
  • technology can “rationalise” government and public administration: but both are rooted in nations’ constitutions, in policy and in law, and are in constant flux.
Messrs Waller and Weerakkody are adamant. The nature of public services has been misunderstood by the internet jibba jabberers. Government departments are not commercial firms. Social and political science is "a strange land for many e-government academics". Government is different (p.22):
Always, the next technological fashion — be that big data analytics, algorithmic regulation, platform government, co-creation or whatever — must be critically assessed against the distinct context of politics and government.
It's quite hard work reading the Waller and Weerakkody paper. But useful.

Easier to read one of GDS's tea towels. But why bother?



----------

Updated 30.6.16

The DMossEsq blog uses Google's Blogger platform on which, when someone kindly submits a comment, a copy is emailed to DMossEsq and the comment is displayed on the blog ...

... unless it's too long, in which case it isn't displayed ...

... as happened this morning – David Chassels submitted the following comment at 11:27 a.m. today, 30 June 2016 [24.11.166: Google updated Blogger the other day. Longer comments are now supported and Mr Chassels's comment is now displayed below]:
The hard working folk at GDS have had very poor support from their leaders who have failed dismally as described to truly understand “digital”. Politicians like most business people are understandably confused and this ignorant of underlying complexity in building and delivering an end to end service; and wow the vendors take advantage of that! Hence the need to be the ”intelligent customer” as articulated by Bernard Jenkin chairman of PASC which reported in 2011 on Good Governance: effective use of IT and its follow up in 2013 “Public Procurement: capability and effectiveness” (link)

Reality is that driving a “digital service” is as indicated much more that a web form it is about the whole business operation to deliver effectively. Users internal and external should be the drivers and in fairness to the “IT” industry this was recognised over 15 years ago and tagged “BPM” as the required “discipline” see this forum (link).

However sadly the supporting software remained in component complexity. This was the very challenge which was recognised by many we took on in the 90s! Yes real R&D to deliver a working solution with early adopters taken over 20 years. But you know what it worked! In effect we opened that door and given the recognition of the importance of Government buyers understanding what they are actually buying, we thought now is our time! So we embarked up trying to attract attention from ”our” Government when ICT Futures was created by the then new Government and quickly followed by GDS.

Just to put into context the effectiveness of what we created we had a Government agency UK Sport as early adopters which handles the end to management of grants to support our elite athletes. Now over 15 years supporting constant change recognised as the most efficient grant body - see here in 2011 (link). Total cost including original build less than £2m yet doing the same maybe even more complex than the grant system to farmers under RPA which seems to be on second attempt with total costs over £400m and as noted GDS contributed to that failure! Just this year UKSport converts to web from client server over half of the 500 UIs converted total cost less that £50K! That is what is called “disruptive” and in UK that represents a huge challenge…..!

Now you would think all this would excite Government as proof of very significant savings and GDS with its CTO who was also responsible for ICT Futures seeking “..on how government can use innovative new technology to deliver better, cheaper solutions” . Well not so we were ignored so many times as were many invites to visit UK Sport to see just how. GDS leaders had their own agenda with a fixation on open source and doing it themselves (and sticking bits of paper on walls!) Well now we know the result as GDS failed. Time for accountability…….?

Communicating via the walls

Good culture evolves from the bottom up, Stephen Foreshew-Cain told us the other day. So does bad culture. And culture can be influenced from the top, for good or ill.

Mr Foreshew-Cain is the executive director of the Government Digital Service (GDS), where "we don’t always get it right, but one thing we’ve found that does work is communicating via the walls", he says. "Communicating via the walls" means pinning posters up, reminding the staff to be bold, for example.