Sunday 7 August 2016

What else don't they know?

Government as a Platform (GaaP) is rumoured to be at the heart of the Government Digital Service's strategy.

GaaP has its own blog ...

... and the other day Graham Bleach published Incident Report: Platform as a Service for government:
This post is about an incident in the 'Platform as a Service for government' production environment for hosting applications.

What happened

At 1.30pm UTC on Friday 3 June 2016, a program to delete Cloud Foundry (CF) development environments was accidentally run in the production environment. As a result, there was a complete outage to the platform.
Take another look. Just to check: "a program to delete ... development environments was accidentally run in the production environment. As a result, there was a complete outage to the platform".

Accidentally?

This accident should be almost impossible.

Cast your mind back 37 years to 1979, when DMossEsq had to make an amendment to some data on the Lloyds Bank International (LBI) live production database. Programs acting on the production system all had the prefix X. Y was used for test development systems only. So he couldn't use YDBAXS, it had to be XDBAXS. The operators wouldn't run an XDBAXS job without the signed authorisation of the deputy head of the computer department. And he wouldn't sign without a convincing explanation.

No-one questioned this procedure. It was just obviously prudent.

It still is. But it appears nevertheless to have eluded GDS. They have only just learned this basic element of prudence. A test data job was allowed to delete the production environment. "... there was a complete outage to the platform". On their core system. GaaP. The one that Whitehall and everyone else is supposed to feel total confidence in. And invest in.

If GDS are still learning that lesson, what else don't they know yet? That we at LBI and everyone else already knew 37 years ago and more.

----------

Updated 10.8.16

Helen Margetts is the "Professor of Society and the Internet and Director, Oxford Internet Institute, University of Oxford" and she "sits on the Advisory Board of the Government Digital Service [GDS]".

"The largest government departments have begun to reassert their authority over GDS expert advice", she tells us, without telling us what GDS's expertise is, "and digital government looks likely to be dragged back towards the deeply dysfunctional old ways of doing things", like keeping your production environment safely separated from the development environment, please see above.

"GDS isn’t perfect, but to erase the progress it has put in place would be a terrible loss". What is this logic? GDS has failed to see off the deeply dysfunctional old ways of doing things and that is progress, the loss of which would be terrible?

GDS has 700 staff according to Professor Margetts and a budget of £450 million to spend on unspecified UK government contracts by March 2020. Just like half a dozen other systems integrators (SIs), the villains of the deeply dysfunctional old ways of doing things.

They have performed just as badly as the other SIs. See for example Government Digital Service “hindered delivery” of rural payments programme, Public Accounts Committee says and Student Loans Company burns £50 million in IT project superfail and Electoral Commission warns of ‘lost’ voters and ...

What went wrong? Was it a deeply dysfunctional leadership? Or a deeply dysfunctional Advisory Board?

What else don't they know?

Government as a Platform (GaaP) is rumoured to be at the heart of the Government Digital Service's strategy.

Wednesday 13 July 2016

RIP IDA – Connect.Gov goes down the tubes

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
"GOV.UK Verify [RIP] is a new type of service, being delivered in a new way for the first time anywhere in the world". So said the Government Digital Service (GDS) on 30 June 2015. And so said their political boss, Matt Hancock, three months later on 26 October 2015: "It is a world first, and has been offering users a level of ID security that wasn’t previously possible online".

False. At the time. The UK was not alone.

Over in the US, they had Connect.Gov: "Connect.Gov, creates a secure, privacy-enhancing service that conveniently connects people to government services and applications online using a digital credential they may already have and trust ... Connect.Gov partners with Sign-In Partners – private sector organizations (e.g., Verizon, ID.me, Banks, Social Media companies) that offer government approved, digital credentials for millions of individuals across the United States ...".

For Connect.Gov's "Sign-In Partners", read GOV.UK Verify (RIP)'s "identity providers".

The two systems are similar.

You knew that already:
  • Just over a year ago on 23 June 2015 DMossEsq reported on the findings of four academics who reviewed the security of GOV.UK Verify (RIP): "It's not just GOV.UK Verify (RIP) that they criticise but also the US equivalent, the Federal Cloud Credential Exchange (FCCX), recently rebranded as Connect.GOV".
  • And those of you endowed with a cryptic crossword mind will have spotted the connection via NSTIC nearly four years ago.
Hat tip an anonymous commentator, Connect.Gov is now on the way out. According to the SecureIDNews website, 5 July 2016: "It was supposed to be a government-wide identity platform, but it appears the project is being scrapped. In its place, GSA [the US General Services Administration] is planning to build its own platform from scratch". Connexit?

Maybe GOV.UK Verify (RIP) is now unique, as GDS falsely claimed last year. But for how long? Will it, too, like Connect.Gov, soon disappear? Verexit?

It would require uncommon boldness for GDS to follow the US example and cancel GOV.UK Verify (RIP). But that's precisely what they claim to be famous for aspire to. Boldness.

RIP IDA – Connect.Gov goes down the tubes

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
"GOV.UK Verify [RIP] is a new type of service, being delivered in a new way for the first time anywhere in the world". So said the Government Digital Service (GDS) on 30 June 2015. And so said their political boss, Matt Hancock, three months later on 26 October 2015: "It is a world first, and has been offering users a level of ID security that wasn’t previously possible online".

False. At the time. The UK was not alone.

Saturday 9 July 2016

Take care of the sense and the sounds would take care of themselves

"digital" v. "transformation"
Some of the Government Digital Service's time the other day was filled up with fundamental research into the correct name for the organisation, please see tweets below.

Nothing has come of it so far. Is "digital" a really unhelpful word? The jury is still out.

"data-sharing" v. "data-linking" v. "data access"
Next day, GDS, or whatever they're called now, published Data access legislation and data reform:
On Tuesday we published data access legislation as part of the Digital Economy Bill. The Bill is an important part of what we are seeking to do in GDS to transform our relationship to data and unleash the next decade of innovation and public service reform ...

Our clauses in the Digital Economy Bill are described as being about ‘data sharing’, although our preferred term is ‘data access’, because we think it better reflects the way technology and practices for handling data across government are changing.
Is data-sharing less controversial if the name is changed to "data access"?

You may remember a little spat between the Cabinet Office and the Guardian newspaper a few years ago. The Cabinet Office objected to the newspaper describing their plans as "data-sharing". They demanded an apology. They didn't want data-sharing at all and it was a calumny even to suggest that they did. No, what they wanted was "data-linking" and that's quite different.

That was four years ago in April 2012 and apparently the Cabinet Office, or at least GDS, or whatever they're called now, still think that they can overcome the problems of data-sharing just by changing the name.

"enhances" v. "impugns"
Further on in GDS's data reform blog, we read that:
... government's commitment to enabling a digital state that has privacy at its heart can be seen in the design of GOV.UK Verify [RIP]. This platform is a new way to safely and straightforwardly prove who you are online when accessing services like filing your tax return, viewing your driving licence or applying for Universal Credit. Besides being quick and simple to use it enhances privacy because information is not stored centrally, and there’s no unnecessary sharing of information. The company you choose to verify your identity doesn’t know which service you’re trying to access, and the government department doesn’t know which company you choose.
"The company you choose to verify your identity" could be any one of GDS's first-nine-then-eight-now-seven "identity providers". Sometimes they're called "identity providers", which is an odd, science fiction-like name. And sometimes they're called "certified companies" even though three of them aren't certified. GDS really do have problems with language ...

... and not just with the correct name for "identity providers". We noted over a year ago that when they're talking about GOV.UK Verify (RIP) GDS distinguish between the first time you verify your identity with an "identity provider" and subsequent occasions. The distinction is perfectly clear. The first time is when you register with an "identity provider".

But GDS didn't want to use the word "register". Because that would remind people of the National Identity Register on which the Home Office's failed ID cards scheme depended. And obviously GDS didn't want to be associated with that. Nevertheless, registering is exactly what you're doing if and when you open a GOV.UK Verify (RIP) account.

GDS would have you believe that GOV.UK Verify (RIP) "enhances privacy because information is not stored centrally, and there’s no unnecessary sharing of information". Is your privacy really enhanced by having your personal information stored all over the world with multiple companies beyond your control? That's what happens with GOV.UK Verify (RIP).

Is "enhances" the right word here? Surely "impugns" would be more accurate – GOV.UK Verify (RIP) impugns privacy because information is quite unnecessarily stored all over the world with massive and uncontrollable sharing or linking or access ...

"The company you choose to verify your identity doesn’t know which service you’re trying to access, and the government department doesn’t know which company you choose"? That may be true. But someone has to know. Otherwise there would be no audit trail.

That someone is GDS, and they know thanks to the GOV.UK Verify (RIP) identity hub.

"Government's commitment to enabling a digital state that has privacy at its heart"? That's not what it looks like. Never mind which words GDS use to describe it, their putative "digital state" is an utter stranger to any recognisable concept of privacy.

Take care of the sense and the sounds would take care of themselves

"digital" v. "transformation"
Some of the Government Digital Service's time the other day was filled up with fundamental research into the correct name for the organisation, please see tweets below.

RIP IDA – openness closes as Verizon bolts again and penetration becomes a mystery

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
The Government Digital Service (GDS) continue to promote GOV.UK Verify (RIP) to central government departments, local government and the private sector.

GOV.UK Verify (RIP) has its own dashboard on the GOV.UK performance platform. Yesterday, GDS published a blog post, Improving our reporting, announcing certain changes to the dashboard.

Openness
The GOV.UK Verify (RIP) dashboard has always listed the "identity providers" contracted to GDS. In the name of "improving our reporting", that list has been dropped. Its omission is not mentioned in the Things we’ve removed section of yesterday's blog post.

Why not?

Possibly because GDS have lost one of their "identity providers". Verizon have gone missing again. If you tried to create a GOV.UK Verify (RIP) account for yourself at 00:30 this morning you were advised by GDS that "3 companies can verify you now" – digidentity, Experian and the Post Office. You were also advised that "we’ve filtered out 4 companies, as they’re unlikely to be able to verify you" – Barclays, CitizenSafe, the Royal Mail and SecureIdentity.

What confidence can central and local government and the private sector have in GOV.UK Verify (RIP) when GDS themselves tell applicants that only three of their "identity providers" work? And when GDS fail to make an announcement that one of their "identity providers" has gone missing.

Penetration
GDS have always maintained that their objective is for GOV.UK Verify (RIP) to be capable of registering at least 90% of the population. That was one of their conditions for declaring GOV.UK Verify (RIP) to be "live".

The goalposts were moved in May 2016 when GOV.UK Verify (RIP) was declared "live" even though the account creation success rate still languished 20% adrift on about 70%.

The goalposts have now been entirely removed – "We’ve taken 3 measures off the service dashboard: ‘Authentication success rate’; ‘Account creation’; and ‘User sign in’ ... None of these measures tell us or the user much about how well GOV.UK Verify [RIP] is performing ...".

Central government, local government and the private sector may disagree. GDS were right the first time. The account creation success rate is an important indicator. It told everyone a lot about "how well GOV.UK Verify [RIP] is performing" and its omission from the dashboard now, far from improving GDS's reporting, is a serious warning.


RIP IDA – openness closes as Verizon bolts again and penetration becomes a mystery

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
The Government Digital Service (GDS) continue to promote GOV.UK Verify (RIP) to central government departments, local government and the private sector.

GOV.UK Verify (RIP) has its own dashboard on the GOV.UK performance platform. Yesterday, GDS published a blog post, Improving our reporting, announcing certain changes to the dashboard.

Wednesday 6 July 2016

Old local authority briefing reviewed on the Antiques Roadshow*

"New Socitm, ADASS and LGA briefing sets out challenges in implementing ID assurance methods that can limit information loss and identify fraud", says the Government Computing website in an article published yesterday, 5 July 2016, Social care providers called on to set out online identity strategies.

Socitm is the pre-eminent society for IT practitioners in the UK public sector and they issued a press release on 4 July 2016, Social care leaders urged to consider options for managing identity and authentication online for service users and providers.

That press release refers to a briefing they have prepared on identity and authentication which includes several questionable claims. Among others (p.7):
  • "The UK Government has adopted GOV.UK Verify [RIP] for central government service providers such as HM Revenue & Customs (HMRC) and, of particular interest for local public services, the Department for Work and Pensions (DWP)." – neither HMRC nor DWP is relying on GOV.UK Verify (RIP), and neither are the NHS nor the nation's payments industry.
  • "GOV.UK Verify [RIP] ... uses a range of identity providers ... to check that users are who they say they are. Currently, four companies are connected: Digidentity, Experian, Post Office and Verizon. It is planned that they will be joined by five more (Barclays, Paypal, Morpho, Royal Mail and GB Group) before GOV.UK Verify goes live in April 2016." – Paypal have pulled out, GOV.UK Verify (RIP) was declared live in May 2016, the Post Office, Morpho and the Royal Mail have yet to be certified trustworthy by tScheme.
  • "The infrastructure of GOV.UK Verify [RIP] is built to meet the privacy principles developed by PCAG and will ensure a greater degree of privacy than is likely through a locally developed solution." – GOV.UK Verify (RIP) doesn't abide by a single one of PCAG's identity assurance principles and accountholders find their personal information sprayed all over the world beyond their control.
  • "At the current time, GOV.UK Verify [RIP] is in public beta for the following seven services ... A further 30 government services are planned to be implemented by April 2016." – in the event, GDS claim that there are just nine government services using GOV.UK Verify (RIP) today, not 37.
  • "And it’s fast: it takes about 15 minutes the first time you verify your identity, and less than a minute each time after that." – the first time you verify your identity is what we would normally call "registration", it's not a race, it's hard and unwise to evaluate the terms and conditions of business of eight "identity providers" before registering in 15 minutes flat.
  • ...
The Socitm/ADASS/LGA briefing mentions the level of assurance that can be achieved on-line as to whether someone is who they say they are (p.4). The US National Institute of Standards and Technology say that GOV.UK Verify (RIP) only achieves Level 1, which is no good to a local authority trying to decide whether to pay for someone's social care.

The briefing also mentions attribute exchange (p.5) and calls yet again on the Warwickshire County Council attempt to automate applications for Blue Badges. Three years ago Ian Litton's prototype was just a prototype and three years later it's still just a prototype. There's a warning there for local authorities.

The briefing was published in December 2015, six months ago. It had faults then and it's got more now. Issuing a press release the day before yesterday suggesting that the briefing is up to date could cause confusion – local authorities, beware.

----------

* In case you don't know, the Antiques Roadshow is a BBC TV programme in which members of the public bring along an ancient artefact to a swanky venue and experts decide whether it's unexpectedly valuable or just yet another old mass produced identity and authentication briefing.

Old local authority briefing reviewed on the Antiques Roadshow*

"New Socitm, ADASS and LGA briefing sets out challenges in implementing ID assurance methods that can limit information loss and identify fraud", says the Government Computing website in an article published yesterday, 5 July 2016, Social care providers called on to set out online identity strategies.

Socitm is the pre-eminent society for IT practitioners in the UK public sector and they issued a press release on 4 July 2016, Social care leaders urged to consider options for managing identity and authentication online for service users and providers.