Monday 22 August 2016

GDS & the banshees 2


The system is not set up to do stuff.
It’s set up, frankly,
to have an intellectual pissing match
around how its things should be.


On 1 August 2016 one man replaced another man as head of the Government Digital Service (GDS). Kevin Cunnington came. Stephen Foreshew-Cain left. People come and people go. It's not unusual but on this occasion there was an exorbitant keening and wailing and moaning from an international class of banshees.

St Sebastian
Captain of the Praetorian Guard
Roman Soldier, Healer, Martyr
One minute GDS was Icarus, then Dreyfus, then Turing. How long before St Sebastian makes an entrance? "Hyperbole? No" (Derek du Preez, banshee).

What was all the fuss about? GDS's staff of 700 (Helen Margetts, banshee and GDS advisory board member?) have been promised £450 million to spend on unspecified government IT projects between now and 31 March 2020.

That looks quite confidence-inspiring, you might think, but the banshees fear that the organisation will (a) be closed down or (b) have its terms of reference changed.

Suppose the nervous banshees are right. Suppose that (a) or at least (b) is about to happen. So what? The banshees are surprisingly bad at explaining why that would be a disaster. What are they so upset about?

"Recently my car's tax had run out ... In the bad old days, renewing your tax disc was that special kind of hell – government hell. Filling in forms, finding obscure bits of paper ... and then queueing for the duration of the Pliocene epoch at a post office ... But online it took but minutes ... That service was just one of many built in part, or full, by a quite remarkable team, the world-beating Government Digital Service ..." (Ben Rooney, banshee).

More research required, Mr Rooney. The UK has had on-line car tax renewal since at least September 2005, six years before GDS existed.

Car tax cannot be the reason for Mr Rooney's banshee distress. Maybe it's more about money? Mr Rooney adds: "the team ... has saved the taxpayer £4billion in direct costs and an almost incalculable amount in indirect costs".

What are we supposed to do with "almost incalculable"? Useless.

And there is no audited support for the £4 billion figure. Elsewhere, we read "in many ways GDS has been a success story ... with a claimed £1.7 billion cost savings" (Helen Margetts). After reading Government unveils £14.3 billion of savings for 2013 to 2014, turn to p.4 of End of year savings 2013 to 2014: technical note and you'll find claimed savings of £91 million + £119 million = £210 million or, to put it another way, £0.21 billion. Not £4 billion. Not even £1.7 billion. Which figure, if any, is correct? More research required, Mr Rooney. And Ms Margetts.

GDS have a poor record with figures. They're not good at them. Not comfortable. It's not their thing. 4%. 0.6%. What's the difference?

The National Audit Office (NAO), whose job it is to audit government accounts, noted back in March 2013 that "the GDS has estimated total potential annual savings of £1.7 billion to £1.8 billion ..." (para.1.5) and "we have not audited the estimated savings" (para.1.6).

These estimated savings are supposed to be made by reducing headcount. 1½ million public servants should be made redundant. That's the idea behind GDS's Government as a Platform strategy (GaaP).

Two years later, June 2015, the NAO published Central government staff costs (para.2.15): "Most departments have made limited progress in using digital services more in their strategic workforce planning, to achieve significant staff reductions. The government expects digital services to reduce staff costs by processing transactions efficiently and introducing more customer self-service. To help kick start digital services, departments have been developing and implementing digital exemplars. However, we have seen little evidence that departments are making the expected savings".

"We have seen little evidence that departments are making the expected savings"? Scepticism is the order of the day ...

... even when it comes to Stephen Foreshew-Cain's October 2015 blog post, How digital and technology transformation saved £1.7bn last year. Her Majesty's Treasury warns readers that: "These savings figures are not national or official statistics: they are based on management information evidence in department reports and other supporting evidence".

Let's leave Mr Rooney and Ms Margetts doing their further research for a moment and look at Mr Foreshew-Cain's claim that "85% of self assessment filing is done through online channels". He's talking about self-assessment for UK income tax.

Like the car tax example, it should be noted that this is little or nothing to do with GDS. Her Majesty's Revenue and Customs (HMRC) got on-line self-assessment up and running years before GDS existed, please see the January 2008 Government Gateway/self-assessment letter alongside.

The Government Gateway has been operating in the UK since 2001. HMRC collect all Value Added Tax (VAT/sales tax) returns on-line using the Gateway. Ditto company returns for Pay As You Earn (PAYE/income tax) and National Insurance (social security). Ditto all Corporation Tax returns. They have done for years. It's nothing to do with GDS.

By the same token, when Mr Foreshew-Cain says that "over 98% of driving tests are now booked online" he may well be right but it's got little or nothing to do with GDS. It's DVLA again, the Driver and Vehicle Licensing Agency, the same people who've been collecting car tax on-line for 10 years.

"When we, the citizens, have to deal with the government we neither know, nor care, what department we have to deal with. It is a huge arrogance to assume that we should know ...", says Mr Rooney. No. The huge arrogance is to assume that all government digital success is thanks to GDS. There are other departments.

À-propos, Mr Rooney believes that "... thanks to the GDS, the UN ranked the UK best in the world in the 2016 E-Government rankings". Nowhere in their 242-page report do the United Nations say that.

On p.110 they do refer to HMRC's success with self-assessment and to DVLA's success with driving tests. They do not ascribe those successes to GDS.

Talking of GDS, Mr Rooney suddenly remembers "heck, it even won a design award – and when did any government IT project anywhere in the world ever win a design award?". Charmingly folksy, it obviously doesn't hurt to win an award but it doesn't help either. How does winning an award help the Exchequer or the British people? How does it help to prove that GDS shouldn't have its terms of reference changed three years later? Or that it shouldn't be terminated for having achieved little or nothing since then?

"So successful has the GDS been that the Obama administration shamelessly copied its playbook for its own US Digital Service, as did the Australians". It is only sensible to copy GDS's "playbook" if GDS has been "so successful". And so far, Mr Rooney has failed to demonstrate that it has been.

Anyway, who's copying whom? GDS's identity assurance scheme is a copy of the US's NSTIC, the National Strategy for Trusted Identities in Cyberspace. And GaaP was dreamed up by the US's Tim O'Reilly (banshee).

Kevin Cunnington worked previously at the Department for Work and Pensions (DWP). "This is the same DWP ... whose own IT projects are a text-book example of everything that is wrong with government IT", says Mr Rooney. Maybe, but that doesn't prove that GDS is a textbook example of everything that is right with government IT.

Mr Rooney sagely reminds us that "bad IT ... erodes trust and harms democracy". What about GDS's agile failure with the Rural Payments Agency? That was bad IT. What about the failings of its application to register to vote system? Or the student loans system?

Above all, what about GOV.UK Verify (RIP), GDS's failed identity assurance system? Years late, privacy-destroying, insecure and still not working, what is there to choose between GDS and any other systems integrator with guaranteed government work?

We have concentrated on Mr Rooney's keening because it is the most complete set of whinges but the same criticism applies to all the banshees – they can't make the reader understand what's so heroic about GDS. Or why they're moaning so much about changes at GDS. Hyperbole, Mr du Preez? Yes.

GDS & the banshees 2


The system is not set up to do stuff.
It’s set up, frankly,
to have an intellectual pissing match
around how its things should be.


On 1 August 2016 one man replaced another man as head of the Government Digital Service (GDS). Kevin Cunnington came. Stephen Foreshew-Cain left. People come and people go. It's not unusual but on this occasion there was an exorbitant keening and wailing and moaning from an international class of banshees.

Friday 19 August 2016

GDS & the banshees 1


The system is not set up to do stuff.
It’s set up, frankly,
to have an intellectual pissing match
around how its things should be.


Proper journalists have sources and on Sunday 31 August July 2016 Bryan Glick, editor of Computer Weekly magazine, published DWP director Kevin Cunnington set to take over as new head of Government Digital Service. Next day he turned out to be right, John Manzoni: Changes at the Government Digital Service.

The Government Digital Service (GDS) has a budget – £450 million to tide them over to 31 March 2020 – but no published strategy. Mr Glick's sources seem to have been able to give him the date of the overdue announcement of GDS's strategy – 15 September 2016 – and some insight into official thinking: "Our sources say the Cabinet Office hopes to use the launch of the new strategy to 'nullify any coverage around GDS being in confusion or disarray' ...".

These matters are of little popular interest. They will not detain historians. But anthropologists studying the GDS tribe will note that the Cabinet Office were destined to be disappointed. The appointment of Kevin Cunnington was announced and, instantly, full-throated keening broke out among the GDS banshees.

J’accuse John Manzoni Part 2 – A Digital Purge, wailed Derek du Preez on diginomica.com: "make no mistake about what is happening. The long-standing power base across some of the most influential departments in Whitehall are using the post-Brexit chaos as an opportunity to make a land grab for the power (and money) they so enjoy" and "Let me make this clear – in my opinion, senior civil servants in the Department for Work and Pensions, the Home Office and HMRC have thrown the interests of citizens out of the window, in an attempt to maintain the status quo. Heels are digging in and the political daggers are out" and "this could well be the beginning of the end for GDS progress".

Mr du Preez quotes another banshee, Andrew Greenway, a classical scholar who once was something to do with GDS and who wrote in Losing one is a misfortune. Two?: "Meanwhile, GDS is following the course charted by other successful centralised reformers in government. Icarus-like soaring for a few years. The occasional flutter of feathers. Then a headlong dive into the timeless, inky depths of the bureaucratic abyss. The sun always rises, Whitehall always wins".

Tim O'Reilly weighed in, with Alan Turing rather than Icarus, and told us in What's Up With the British? that: "The UK Government Digital Service, hailed and emulated around the world as among the most innovative and successful approaches to bringing government into the 21st century, is the target of senior civil servants who seek to break it up and reduce its ability to transform business as usual".

"Helen Margetts ... sits on the Advisory Board of the Government Digital Service", it says (falsely?) in Back to the bad old days, as civil service infighting threatens UK’s only hope for digital government and, just to keep the voltage up, she contributed "GDS isn’t perfect, but to erase the progress it has put in place would be a terrible loss".

What progress? How terrible? She didn't say, but someone called Jimmy Leach gnashed his teeth and wanted his question answered Whitehall's revenge: Will the Government Digital Service be broken up? while garment-renderer Ben Rooney chipped in with Heroes behind government's digital revolution face extinction from Whitehall's arcane ways.

It's all too late according to "negotiation expert" David Eaves. Everyone is going to die: The Empire Strikes Back: How the death of GDS puts all government innovators at risk.

It's a banshee's job to keen and the banshees have duly keened. Even Tony Collins, with Is Sir Humphrey trying to kill off GDS and the innovations it stands for?.

What's all the fuss about? That's a question to which we may return.

Until then, note that it's not all breast-beating. Others have been more circumspect. Ignore the doom-mongers. The Government Digital Service is evolving, not retreating, according to Civil Service World magazine. And Kevin Cunnington has rather sensibly contented himself so far with saying nothing more than "hello".

GDS & the banshees 1


The system is not set up to do stuff.
It’s set up, frankly,
to have an intellectual pissing match
around how its things should be.


Proper journalists have sources and on Sunday 31 August July 2016 Bryan Glick, editor of Computer Weekly magazine, published DWP director Kevin Cunnington set to take over as new head of Government Digital Service. Next day he turned out to be right, John Manzoni: Changes at the Government Digital Service.

The Government Digital Service (GDS) has a budget – £450 million to tide them over to 31 March 2020 – but no published strategy. Mr Glick's sources seem to have been able to give him the date of the overdue announcement of GDS's strategy – 15 September 2016 – and some insight into official thinking: "Our sources say the Cabinet Office hopes to use the launch of the new strategy to 'nullify any coverage around GDS being in confusion or disarray' ...".

Sunday 7 August 2016

What else don't they know?

Government as a Platform (GaaP) is rumoured to be at the heart of the Government Digital Service's strategy.

GaaP has its own blog ...

... and the other day Graham Bleach published Incident Report: Platform as a Service for government:
This post is about an incident in the 'Platform as a Service for government' production environment for hosting applications.

What happened

At 1.30pm UTC on Friday 3 June 2016, a program to delete Cloud Foundry (CF) development environments was accidentally run in the production environment. As a result, there was a complete outage to the platform.
Take another look. Just to check: "a program to delete ... development environments was accidentally run in the production environment. As a result, there was a complete outage to the platform".

Accidentally?

This accident should be almost impossible.

Cast your mind back 37 years to 1979, when DMossEsq had to make an amendment to some data on the Lloyds Bank International (LBI) live production database. Programs acting on the production system all had the prefix X. Y was used for test development systems only. So he couldn't use YDBAXS, it had to be XDBAXS. The operators wouldn't run an XDBAXS job without the signed authorisation of the deputy head of the computer department. And he wouldn't sign without a convincing explanation.

No-one questioned this procedure. It was just obviously prudent.

It still is. But it appears nevertheless to have eluded GDS. They have only just learned this basic element of prudence. A test data job was allowed to delete the production environment. "... there was a complete outage to the platform". On their core system. GaaP. The one that Whitehall and everyone else is supposed to feel total confidence in. And invest in.

If GDS are still learning that lesson, what else don't they know yet? That we at LBI and everyone else already knew 37 years ago and more.

----------

Updated 10.8.16

Helen Margetts is the "Professor of Society and the Internet and Director, Oxford Internet Institute, University of Oxford" and she "sits on the Advisory Board of the Government Digital Service [GDS]".

"The largest government departments have begun to reassert their authority over GDS expert advice", she tells us, without telling us what GDS's expertise is, "and digital government looks likely to be dragged back towards the deeply dysfunctional old ways of doing things", like keeping your production environment safely separated from the development environment, please see above.

"GDS isn’t perfect, but to erase the progress it has put in place would be a terrible loss". What is this logic? GDS has failed to see off the deeply dysfunctional old ways of doing things and that is progress, the loss of which would be terrible?

GDS has 700 staff according to Professor Margetts and a budget of £450 million to spend on unspecified UK government contracts by March 2020. Just like half a dozen other systems integrators (SIs), the villains of the deeply dysfunctional old ways of doing things.

They have performed just as badly as the other SIs. See for example Government Digital Service “hindered delivery” of rural payments programme, Public Accounts Committee says and Student Loans Company burns £50 million in IT project superfail and Electoral Commission warns of ‘lost’ voters and ...

What went wrong? Was it a deeply dysfunctional leadership? Or a deeply dysfunctional Advisory Board?

What else don't they know?

Government as a Platform (GaaP) is rumoured to be at the heart of the Government Digital Service's strategy.

Wednesday 13 July 2016

RIP IDA – Connect.Gov goes down the tubes

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
"GOV.UK Verify [RIP] is a new type of service, being delivered in a new way for the first time anywhere in the world". So said the Government Digital Service (GDS) on 30 June 2015. And so said their political boss, Matt Hancock, three months later on 26 October 2015: "It is a world first, and has been offering users a level of ID security that wasn’t previously possible online".

False. At the time. The UK was not alone.

Over in the US, they had Connect.Gov: "Connect.Gov, creates a secure, privacy-enhancing service that conveniently connects people to government services and applications online using a digital credential they may already have and trust ... Connect.Gov partners with Sign-In Partners – private sector organizations (e.g., Verizon, ID.me, Banks, Social Media companies) that offer government approved, digital credentials for millions of individuals across the United States ...".

For Connect.Gov's "Sign-In Partners", read GOV.UK Verify (RIP)'s "identity providers".

The two systems are similar.

You knew that already:
  • Just over a year ago on 23 June 2015 DMossEsq reported on the findings of four academics who reviewed the security of GOV.UK Verify (RIP): "It's not just GOV.UK Verify (RIP) that they criticise but also the US equivalent, the Federal Cloud Credential Exchange (FCCX), recently rebranded as Connect.GOV".
  • And those of you endowed with a cryptic crossword mind will have spotted the connection via NSTIC nearly four years ago.
Hat tip an anonymous commentator, Connect.Gov is now on the way out. According to the SecureIDNews website, 5 July 2016: "It was supposed to be a government-wide identity platform, but it appears the project is being scrapped. In its place, GSA [the US General Services Administration] is planning to build its own platform from scratch". Connexit?

Maybe GOV.UK Verify (RIP) is now unique, as GDS falsely claimed last year. But for how long? Will it, too, like Connect.Gov, soon disappear? Verexit?

It would require uncommon boldness for GDS to follow the US example and cancel GOV.UK Verify (RIP). But that's precisely what they claim to be famous for aspire to. Boldness.

RIP IDA – Connect.Gov goes down the tubes

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
"GOV.UK Verify [RIP] is a new type of service, being delivered in a new way for the first time anywhere in the world". So said the Government Digital Service (GDS) on 30 June 2015. And so said their political boss, Matt Hancock, three months later on 26 October 2015: "It is a world first, and has been offering users a level of ID security that wasn’t previously possible online".

False. At the time. The UK was not alone.

Saturday 9 July 2016

Take care of the sense and the sounds would take care of themselves

"digital" v. "transformation"
Some of the Government Digital Service's time the other day was filled up with fundamental research into the correct name for the organisation, please see tweets below.

Nothing has come of it so far. Is "digital" a really unhelpful word? The jury is still out.

"data-sharing" v. "data-linking" v. "data access"
Next day, GDS, or whatever they're called now, published Data access legislation and data reform:
On Tuesday we published data access legislation as part of the Digital Economy Bill. The Bill is an important part of what we are seeking to do in GDS to transform our relationship to data and unleash the next decade of innovation and public service reform ...

Our clauses in the Digital Economy Bill are described as being about ‘data sharing’, although our preferred term is ‘data access’, because we think it better reflects the way technology and practices for handling data across government are changing.
Is data-sharing less controversial if the name is changed to "data access"?

You may remember a little spat between the Cabinet Office and the Guardian newspaper a few years ago. The Cabinet Office objected to the newspaper describing their plans as "data-sharing". They demanded an apology. They didn't want data-sharing at all and it was a calumny even to suggest that they did. No, what they wanted was "data-linking" and that's quite different.

That was four years ago in April 2012 and apparently the Cabinet Office, or at least GDS, or whatever they're called now, still think that they can overcome the problems of data-sharing just by changing the name.

"enhances" v. "impugns"
Further on in GDS's data reform blog, we read that:
... government's commitment to enabling a digital state that has privacy at its heart can be seen in the design of GOV.UK Verify [RIP]. This platform is a new way to safely and straightforwardly prove who you are online when accessing services like filing your tax return, viewing your driving licence or applying for Universal Credit. Besides being quick and simple to use it enhances privacy because information is not stored centrally, and there’s no unnecessary sharing of information. The company you choose to verify your identity doesn’t know which service you’re trying to access, and the government department doesn’t know which company you choose.
"The company you choose to verify your identity" could be any one of GDS's first-nine-then-eight-now-seven "identity providers". Sometimes they're called "identity providers", which is an odd, science fiction-like name. And sometimes they're called "certified companies" even though three of them aren't certified. GDS really do have problems with language ...

... and not just with the correct name for "identity providers". We noted over a year ago that when they're talking about GOV.UK Verify (RIP) GDS distinguish between the first time you verify your identity with an "identity provider" and subsequent occasions. The distinction is perfectly clear. The first time is when you register with an "identity provider".

But GDS didn't want to use the word "register". Because that would remind people of the National Identity Register on which the Home Office's failed ID cards scheme depended. And obviously GDS didn't want to be associated with that. Nevertheless, registering is exactly what you're doing if and when you open a GOV.UK Verify (RIP) account.

GDS would have you believe that GOV.UK Verify (RIP) "enhances privacy because information is not stored centrally, and there’s no unnecessary sharing of information". Is your privacy really enhanced by having your personal information stored all over the world with multiple companies beyond your control? That's what happens with GOV.UK Verify (RIP).

Is "enhances" the right word here? Surely "impugns" would be more accurate – GOV.UK Verify (RIP) impugns privacy because information is quite unnecessarily stored all over the world with massive and uncontrollable sharing or linking or access ...

"The company you choose to verify your identity doesn’t know which service you’re trying to access, and the government department doesn’t know which company you choose"? That may be true. But someone has to know. Otherwise there would be no audit trail.

That someone is GDS, and they know thanks to the GOV.UK Verify (RIP) identity hub.

"Government's commitment to enabling a digital state that has privacy at its heart"? That's not what it looks like. Never mind which words GDS use to describe it, their putative "digital state" is an utter stranger to any recognisable concept of privacy.

Take care of the sense and the sounds would take care of themselves

"digital" v. "transformation"
Some of the Government Digital Service's time the other day was filled up with fundamental research into the correct name for the organisation, please see tweets below.