Sunday, 18 September 2016

Ruminating about process

It's over two years since we looked at the achievements of the Government Digital Service (GDS). It looked to us then as though the big achievers digitalwise were not GDS at all, despite their noisy claims, but Her Majesty's Revenue and Customs (HMRC).

GDS aim one day to deliver something called "Government as a Platform (GaaP)". They have a publishing platform and a performance platform already up and running. They're working on at least three other platforms:
  • GOV.UK Verify (RIP) is meant to be a standard cross-government platform for identity assurance.
  • GOV.UK Notify is meant to be a standard way for government to send texts, emails and letters.
  • GOV.UK Pay is meant to be a standard way for government to collect payments.
GOV.UK Notify
Five days ago GDS published From pounds to pennies and months to minutes. They make a vague claim there to the effect that GOV.UK Notify could reduce central government costs and reduce the time taken to make changes. There's no guarantee that these reductions will be made. Just a claim.

"GOV.UK Notify now has 8 service teams sending texts and emails as part of our private beta", GDS tell us. That was 13 September 2016. Three days later, we learnt that it's not just government departments communicating with each other, government departments are communicating with some suppliers, too – Using GOV.UK Notify to communicate with suppliers. Presumably government departments and their suppliers have always communicated with each other. Is GOV.UK Notify an improvement? In what way? GDS don't tell us.

Back in July 2016, Civil Service World (CSW) magazine told us that GOV.UK Notify has "now begun sending messages to people applying for student finance and UK visas as part of the government’s invite-only public beta testing". There has been no update on the progress of this beta testing.

Cabinet Office minister Ben Gummer is quoted in the same CSW article as saying: "In GOV.UK Notify, we have developed an impressive, cost-saving product that can be used across any government department for lots of different services – making it easier for the public to interact with government and keep track of their applications and requests". There is no evidence to support these claims of his.

That's GDS.

Meanwhile the Daily Telegraph newspaper announces that HMRC have tested text messages with over 13,000 taxpayers and found that they increase tax payment rates by up to 7%. That looks like a properly constructed case in support of using texts, unlike the GDS claims.

What's more, there is no sign that HMRC are using GOV.UK Notify. They seem to have their own text-generating system. Bang goes GDS's hope of providing the single platform for government notifications.

GOV.UK Pay
"On Friday 2 September we took our very first live payment on GOV.UK Pay ... This is the first time we’ve processed a payment using a real card". That was GDS, in GOV.UK Pay is ready for business.

Would you describe a payments system that has processed one single solitary payment as "ready for business"?

Is that lonely only child of a payment enough evidence to support GDS's claim that "we're making it easier for citizens to make payments, and more efficient for civil servants to process these payments"?

GDS have four "beta partners" in the development of GOV.UK Pay – Companies House, the Environment Agency, the Home Office and the Ministry of Justice. HMRC isn't one of them.

According to GDS's UK government performance platform, HMRC received about 63 million payments in the year to September 2015. Quite why the statistics stop then is not clear.

What is clear is that we're talking about a lot of payments. HMRC have to think commercially and responsibly about how they collect these payments.

HMRC publish the methodology by which they calculate the cost of collecting each payment, 19p on average. GDS provide no methodology and no unit cost.

It would be worrying if HMRC entrusted their 63 million receipts p.a. to GOV.UK Pay on the basis of GDS's hot-headed claims about a single payment. But they haven't. Neither has anyone else.

GOV.UK Verify (RIP)
GDS's foray into the world of identity assurance is a disaster.

Meanwhile, HMRC added millions of users to their new personal tax accounts service this year, using the old Government Gateway.

And that's not their only on-line service by any means. HMRC processed 1.19 billion stamp duty reserve tax (SDRT) transactions, for example, in the year to September 2015 (digital take-up = 100%). Who is paying this SDRT? GOV.UK Verify (RIP) doesn't tell HMRC the answer because GOV.UK Verify (RIP) isn't involved.

Then there are the 412 million PAYE transactions (95.8%) and the 146 million customs transactions (100%) and the 63 million payments HMRC receive every year, please see above, etc ...

That's a lot of users and they all have to be identified. GOV.UK Verify (RIP) involvement? Nil.

HMRC v. GDS
It was an embarrassing mistake for Sir Jeremy Heywood, the Cabinet Secretary, to promote GDS as the organisation to deliver government transformation. As GDS themselves put it, "this page is no longer being updated".

It was a mistake for Matt Hancock, the previous Cabinet Office minister, and it's a mistake for Ben Gummer, the current one, please see above. It was a mistake for Stephen Foreshew-Cain, GDS's last executive director, and it would be a mistake for Kevin Cunnington, its first director general ...

... but he hasn't made that mistake. Instead, with John Manzoni, chief executive of the civil service and permanent secretary at the Cabinet Office, he's taking GDS in another direction, GDS promised 'national presence' as it takes over DWP's Digital Academy and leaves Aviation House.

That may be more up GDS's street. They are obviously happy ruminating about process – please see Using Activity Theory to build effective personas, for example, or 100 rounds of user research on GOV.UK Verify [RIP].

There's no doubt two years after the previous review that HMRC remain the great achievers when it comes to delivering on-line government transaction systems.

----------

Updated 5.3.17

A triumphant Government Digital Service (GDS) announced the other day on 1 March 2017 that GOV.UK Notify is now open for use.

"Back in May last year GOV.UK Notify sent its first messages as part of our invite-only beta phase", they said. "Now - after 9 months, 3.5 million messages, 32 live services, 850 code deployments, and 500 hours of user research — we’re making Notify available to all of central government".

GOV.UK Notify is a GDS service for central government departments to "send emails and text messages to [their] users". About time, too, you may say. What took them so long?

It's not quite like that.

It may have taken GDS until now to make a notification service "available to all of central government" but DVLA, for example, the driver and vehicle licensing agency, have been sending emails for more than 10 years now:
From: Vehicle Licensing Online [mailto:donotreply@vehiclelicence.gov.uk]
Sent: 19 April 2006 17:12
To: <DMossEsq>
Subject: Confirmation of Tax Disc Application

THIS IS AN AUTOMATED EMAIL - PLEASE DO NOT REPLY AS EMAILS
RECEIVED AT THIS ADDRESS CANNOT BE RESPONDED TO.

Confirmation of Tax Disc Application

Thank you for using DVLA Vehicle Licensing Online. Your application for a new
Tax Disc has been successful.

Reference Number: 1031 0163 9722 1190
Application made on: 19/04/2006 17:08:02
Tax Disc Period: 12 months
Tax Disc Duty: £175.00

The Tax Disc and receipt should arrive in the post within 5 working days.

Should your tax disc not arrive after 5 working days, then please phone us on 0870 850 4444 and choose option 4 then option 1 and be prepared to quote the Reference Number.
GDS tell us that "we expect to start offering Notify to local government by late 2017, once we’ve sorted out the pricing model". But even the dear old London Borough of Merton have been sending emails for at least the past four years:
From: Permitsnoreply@merton.gov.uk
Sent: 22 January 2013 13:05
To: <DMossEsq>
Subject: Payment Confirmation

This is an e-mail from London Borough of Merton.

Your payment has been processed successfully. The details of your payment are :

Payment Reference : 28040
Permit Number : RPP11937
Amount Paid : 65.00 pounds
Date Paid : 22-Jan-2013

This message has been generated automatically. Please do not reply.
Neither Merton nor DVLA are likely to share GDS's excitement about GOV.UK Notify.

Nor Companies House. Here's a notification they sent over 13 years ago:
From: web-filing@companies-house.gov.uk
Sent: 02 January 2004 10:41
To: <DMossEsq>
Subject: Companies House WebFiling Service

This message has been generated in response to your request for a Security Code for use on the Companies House WebFiling service.

Your Security Code is <security code>.

This code will be automatically linked to the e-mail address <DMossEsq>, and any company transactions received under this code will be confirmed to this address.

Additional security codes can be requested for alternative e-mail addresses.

Thank you for visiting the Companies House Website. Contact Centre tel: 0870 33 33 636 or e-mail: enquiries@companieshouse.gov.uk
GDS list 33 central government services currently testing GOV.UK Notify on their performance dashboard. Guess who's not on the list.

That's right.

Her Majesty's Customs and Excise Revenue and Customs (HMRC). The big one.

Just how big is made clear in an interview given to Derek du Preez, please see HMRC Digital Chief – ‘This transformation is the biggest in our history’: "Hardik Shah, Deputy Director, Chief Digital and Information Officer group, HMRC, ... explained that £536 billion of revenue is collected by HMRC every year and that this is the amount that flows through its IT systems ... HMRC processes more than 2 billion transactions every year and Shah said that 90% of those happen online already ...".

HMRC have had automated notification operating for years. Here they were last year for example telling DMossEsq that it's time to submit one of his VAT returns:
From: vatnotifications@eprompts.hmrc.gov.uk
Sent: 24 July 2016 02:30
To: <DMossEsq>
Subject: Reminder to file your VAT Return


Hello Subscriber

You need to submit a VAT return for the period 01.05.16 to 31.07.16 for <Company name>, VAT registration number <VAT no.>.

To submit the return go to the HMRC Services: Sign in or register page on GOV.UK to sign in.

Alternatively, if you use accounting software, in most cases you can use it to quickly prepare and submit your VAT return directly to HMRC.

You'll need to pay your VAT bill by the deadline shown on your VAT return. You may have to pay a surcharge if you don't pay on time.

For details of the due date for returns and payments go to the VAT Returns guide on GOV.UK.

The easiest way to avoid missing a payment deadline is to pay by Direct Debit.

Don't reply to this email as it's an automated reminder.


HM Revenue and Customs
HMRC send texts as well as emails, as noted in the Daily Telegraph article referred to above and in their guidance note on how to recognise phishing attacks. GDS will have to produce similar guidance for their users when GOV.UK Notify finally goes live. (The service is currently still in beta.)

HMRC don't need GOV.UK Notify. Or GOV.UK Pay – they're already used to collecting hundreds of billions of pounds p.a. Famously, they don't need GOV.UK Verify (RIP) either. That's three platform services for GDS's Government as a Platform strategy that HMRC aren't using (excluding a bit of grudging use of GOV.UK Verify (RIP)).

GDS are trying to get government departments to stick all their applications and all their data in the cloud. That's the strategy. There's a long way to go. But not for HMRC. They're already well on the way, as they told Mr du Preez:
When we started our transformation in 2015, we realised our IT infrastructure was not suitable. That’s when we started our virtualisation programme. Some 50% of our IT estate is already virtualised, and given the size of our estate, that’s not a small thing. And we did that in less than 2 years.

Almost 90% of our SAP estate is virtualised, in a private cloud. It wasn’t easy, technologies were developing, security isn’t easy, so we had to do a lot of work with our partners to get the right solution. But it’s now 90% virtualised. All of our SAP apps were virtualised in about 9 months.

We are now in the final stage of database virtualisation, and we only have three databases left. Hopefully by the end of the financial year we will be 100% virtualised on our SAP estate.
Who is leading whom here? You can notify whoever you like with your answer by email, text, tweet or letter, but from where we're sitting it looks as if GDS aren't so much devising the government's transformation strategy as trying breathlessly to keep up with HMRC.


Updated 13.4.18



The Government Digital Service's job is to transform government. Instead of doing that, they ruminate about process.

Katy Arnold, the head of user research at the UK Home Office, posted a tweet yesterday morning about storing and sharing the results of user research.

User research is one of the processes government transformers are meant to go through to achieve their objectives.

Lorna Wall is the user research lead for GOV.UK Verify (RIP), the inanimate pan-government identity assurance scheme still being promoted hopelessly and pointlessly by GDS.

Ms Wall commented (or ruminated) on Ms Arnold's tweet. Not once. But twice.

There have been about 150 rounds of user research into GOV.UK Verify (RIP) and it's a "challenge", she says, to store the results accessibly.

This research has been going on for nearly five years she says in her second tweet and, what with changes in personnel, it's hard to keep track of which research findings led to which design decisions. That, too, is a "challenge".

You'd think that the user research profession might have solved this problem by now. Apparently not.

At GDS, they continue to conduct user research into GOV.UK Verify (RIP), they've done it about 150 times, they've been doing it for nearly five years and they're still "struggling" to maintain the relevance of all this work. Meantime, GOV.UK Verify (RIP) has failed.

That was the real challenge – to make pan-government identity assurance work. They've failed. But work continues to be done on cataloguing their user research results.

Have you ever seen a clearer example of missing the point? Of continuing the process because the process must be continued even though it's not working?

What was GDS's objective?

To deliver an identity assurance scheme?

Or to maintain an accessible set of research results?

Neither has been achieved.

In this instance, GDS have lost the plot.

Let that be an example to others, who are supposed to be guided in their attempts to transform government by the syllabus taught at GDS's academy. 5 years. 150 iterations. No cigar.


Updated 17.4.18

According to the Autumn Budget 2017 (p.5) the UK government expects to receive payments of about £769 billion in 2018-19:


The Government Digital Service's payments platform, GOV.UK Pay, collected its first payments on 13 November 2016 – £170. During fiscal year 2017-18 it collected a total of £38,653,834.

That's 0.005% of the 2018-19 figure. At this rate 99.995% of all receipts will not involve GOV.UK Pay.

On 31 March 2016 GDS described GOV.UK Pay as a "greenfield project". They provided a link explaining that "the term greenfield project is used in many industries, including software development where it means to start a project without the need to consider any prior work". Two years later, the result of not considering any prior work is a system which collects 0.005% p.a. of the government's receipts.

How did GDS get into this ridiculous backwater?

Their March 2016 blog post says that "user research showed us how frustrating payment pages can be". Good old user research. GDS's favourite process. It doesn't seem to have helped GOV.UK Pay any more than it helped GOV.UK Verify (RIP), please see above.

The blog post says also "we’ve had the freedom to make good technical choices that address user needs". Good old user needs. GDS's lodestar. But they're not the only ones, Her Majesty's Revenue and Customs and others must be quite good at working out user needs, perhaps better than GDS are, given that 99.995% of receipts don't rely on GOV.UK Pay.

The natives are getting restless about claims to be uniquely guided by user needs, please see the tweet alongside.

"... we’ve built a consistent and reliable user experience hosted securely on GOV.UK", GDS say. Maybe. But 99.995% of the time that experience is irrelevant.

Nowhere in their March 2016 blog post do GDS say how much money will be saved by using GOV.UK Pay nor when the savings can be expected to start. That's no way to mount a business case.

But of course GDS aren't trying to mount a business case. They're trying, ineffectually as it turns out, to bring about a callow vision they have of government as a platform. It's ideological. An "intellectual pissing match", as Mike Bracken would say.

How much longer will GDS be allowed to ruminate? When will they be expected to deliver something?

Ruminating about process

It's over two years since we looked at the achievements of the Government Digital Service (GDS). It looked to us then as though the big achievers digitalwise were not GDS at all, despite their noisy claims, but Her Majesty's Revenue and Customs (HMRC).

GDS aim one day to deliver something called "Government as a Platform (GaaP)". They have a publishing platform and a performance platform already up and running. They're working on at least three other platforms:
  • GOV.UK Verify (RIP) is meant to be a standard cross-government platform for identity assurance.
  • GOV.UK Notify is meant to be a standard way for government to send texts, emails and letters.
  • GOV.UK Pay is meant to be a standard way for government to collect payments.

Friday, 16 September 2016

Why no-one can devise @gdsteam's strategy

“It reminds me of that old joke – you know, a guy walks into a psychiatrist's office and says, hey doc, my brother's crazy! He thinks he's a chicken. Then the doc says, why don't you turn him in? Then the guy says, I would but I need the eggs.

Last heard, the Government Digital Service (GDS) were due to publish their strategy yesterday, 15 September 2016. That was the deadline. Not for the first time, they missed it.

Instead of a strategy explaining what GDS are going to do with £450 million we were treated to a press release, Government Digital Service announces plans to run a national digital academy, which includes this:
GDS director general Kevin Cunnington said:

" More and more we are going to make the work from GDS about transformation - not just digital.

" We have a superb team and I want our UK strategy to not only reflect the bold ambition that we have across Government, but the new challenges that now face us. We will have an updated and complete Digital Transformation Strategy before the end of the year."
What's all this about "the new challenges that now face us"?

According to the press release:
The Government’s Digital Transformation Strategy is also going to be updated to match the new and larger remit of GDS and to take into account the EU referendum vote and the challenges that the Civil Service now face.
Someone would have us believe that GDS, who couldn't even computerise farm payments, have a transformative rôle to play in bringing about the UK's exit from the European Union.

You may find that unlikely ...

... in which case you must put forward another explanation for the long delay in agreeing GDS's strategy. If the delay isn't caused by working out GDS's crucial contribution to Brexit, what is it caused by?

Here's one possibility:
  • The UK government continues to want all public services to be digital by default.
  • In order for that to work everyone must have an on-line identity.
  • GDS have come up with GOV.UK Verify (RIP), an identity assurance platform that doesn't work.
  • You try writing the GDS strategy in that case – you'll be delayed well beyond "the end of the year".
GDS's bosses know that GOV.UK Verify (RIP) is dead and that digital-by-default as currently envisaged is a dead duck. But they continue to want digital-by-default so they continue to pretend that GOV.UK Verify (RIP) is viable.

It's hard in this case to disagree with the first head of GDS, Mike Bracken, whose recent gritty pronouncement on Whitehall is:
The system is not set up to do stuff. It’s set up, frankly, to have an intellectual pissing match around how its things should be.

Why no-one can devise @gdsteam's strategy

“It reminds me of that old joke – you know, a guy walks into a psychiatrist's office and says, hey doc, my brother's crazy! He thinks he's a chicken. Then the doc says, why don't you turn him in? Then the guy says, I would but I need the eggs.

Last heard, the Government Digital Service (GDS) were due to publish their strategy yesterday, 15 September 2016. That was the deadline. Not for the first time, they missed it.

Instead of a strategy explaining what GDS are going to do with £450 million we were treated to a press release, Government Digital Service announces plans to run a national digital academy, which includes this:
GDS director general Kevin Cunnington said:

" More and more we are going to make the work from GDS about transformation - not just digital.

" We have a superb team and I want our UK strategy to not only reflect the bold ambition that we have across Government, but the new challenges that now face us. We will have an updated and complete Digital Transformation Strategy before the end of the year."
What's all this about "the new challenges that now face us"?

According to the press release:
The Government’s Digital Transformation Strategy is also going to be updated to match the new and larger remit of GDS and to take into account the EU referendum vote and the challenges that the Civil Service now face.
Someone would have us believe that GDS, who couldn't even computerise farm payments, have a transformative rôle to play in bringing about the UK's exit from the European Union.

You may find that unlikely ...

Monday, 5 September 2016

RIP IDA – "wildly unrealistic expectations"

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

"If Verify is the answer, what was the question?"

Take a look at New GOV.UK Verify [RIP] chief sets out stall after departure of Janet Hughes. That's a Civil Service World (CSW) article, 23 August 2016, and there's something in there for everyone.

"If there's a tricky job facing the Government Digital Service (GDS), or indeed an impossible job, what do they do? Call for Janet Hughes". That's what we said. Several times. Now the heroic Janet has left GDS.

Can she be replaced?

A, B, C and D below say no, she can't be. E, F, G and H are waiting in the wings.

Are GDS advertising for a replacement? You take a look.

A Jess McEvoy is standing in as interim programme director of GOV.UK Verify (RIP). CSW say: "According to McEvoy, Verify has now been used to verify more than 800,000 individual identities, with more than three quarters of users reporting that they are either satisfied or very satisfied with the service". Is she right?

GDS have three ways of measuring user satisfaction on the GOV.UK Verify (RIP) performance dashboard. 84.11% of respondents say that they are satisfied or very satisfied from the point of view of security. That figure falls to 72.17% from the point of view of certified companies and 64.97% from the point of view of verification.

Never mind what these categories mean – security, certified companies and verification – in each case there have been about 11,100 respondents out of 821,000 or so GOV.UK Verify (RIP) accountholders. That's a 1.35% response rate.

About 821,000 accounts have been created. They have been used about 844,000 times, i.e. about once each:
  • How many accountholders are there? GDS provide no answer. If each accountholder has seven accounts, one with each of the remaining "identity providers", we could be talking about only 118,000 people, not 821,000.
  • Are these people using GOV.UK Verify (RIP) or just trying it out once and then going back to the Government Gateway? That is, is Ms McEvoy right to refer to them as "users"?
  • Why are the user satisfaction statistics four weeks out of date at the time of writing?
  • Less than three-quarters of respondents are satisfied or very satisfied in two of the user satisfaction categories, where does Ms McEvoy get more than three-quarters from?
  • Do the respondents constitute a representative cross-section of the population from which it is legitimate to extrapolate? Or would it be better to say that 64.97% of 1.35% = 0.88% of users, if that's what they are, are satisfied or very satisfied with GOV.UK Verify (RIP) from the point of view of verification?
  • Do the respondents understand the question? Do they each understand the same thing by the question? Or are they all answering different questions?
GDS are meant to be the experts in data analytics. If this is how they handle statistics, they are in danger of suffering the same fate as the pollsters who get referendum and general election results hopelessly wrong – no-one will believe them.

B Ms McEvoy is supported in the CSW article by Jessica Figueras, chief analyst for technology consultancy Kable: "Figueras said it 'should not come as any surprise' if HMRC was considering other options for identiy verification, because the original plan for Verify was for it 'to provide low to medium security ID assurance for citizens, and this hasn’t changed' ...". Is she right?

Presumably Ms Figueras is talking about low-to-medium assurance, not low-to-medium security. GDS claim to offer nothing but unqualified high security.

Take a look at the 9 October 2014 IPV Operations Manual published by GDS. That document covers identity-proofing and verification for GOV.UK Verify (RIP). Para.5 on p.5 specifies registration requirements at both identity assurance level 2 (civil courts) and level 3 (criminal courts). Para.58 also includes level 3 requirements. So does para.71. So much of paras.87-91 has been blanked out that it's impossible to know for sure but it looks as though GDS are talking about more than low-to-medium security. And so on, para.113, para.118, ...

Ms Figueras appears to be wrong. If GOV.UK Verify (RIP) is now required to provide only low-to-medium assurance as to people's identity, then, surprisingly, the specification has been quietly changed since October 2014.

Suppose for a moment, though, that she's right. CSW talk about GOV.UK Verify (RIP) "allowing drivers to tell the DVLA about their medical conditions and allowing mortgage deeds to be signed through the Land Registry". They talk about "offering the service to NHS trusts and local authorities, as well as private sector organisations". Are DVLA and the Land Registry and NHS trusts and local authorities and private sector organisations happy to accept low-to-medium assurance as to people's identity?

"The fact is", says Ms Figueras, "that Verify is an incredibly ambitious programme and the fundamental concepts behind it were untested". Incredible? Untested? Is that meant to increase the confidence of DVLA, the Land Registry and the rest?

"Figueras said the main problem faced by Verify had been the 'wildly unrealistic expectations for roll-out' ...". Wildly unrealistic? With support like this, GOV.UK Verify (RIP) doesn't need any detractors.

C She is also supported by Daniel Thornton of the Institute for Government, who "explained why HMRC might opt for its own verification system". He's quite right, of course. GOV.UK Verify (RIP) can at best only verify the identity of natural persons, not legal persons like companies and partnerships and trusts and, as Mr Thornton says, that's no use to HMRC, they need "something that will work with businesses as well as individuals".

Was that always meant to be the case?

No. GDS used to hold out the prospect of their scheme verifying the identity of legal persons, please see Good Practice Guide 46, published by GDS on 18 October 2013: "This guide deals with proving the authenticity (identity) of a legal organisation, such as a business, partnership, charity, government body or other public sector organisation".

GOV.UK Verify (RIP) is shrinking and it is pointless to pretend otherwise. As it shrinks it is of interest to fewer and fewer organisations.

D Talking of untested fundamental concepts, is it feasible to verify millions of people's identities on-line and only on-line to a level of assurance satisfactory to the likes of the NHS and local authorities? The US National Institute of Standards and Technology (NIST) raise that question. Their answer seems to be no. They consider the identity-proofing work done in GOV.UK Verify (RIP) to be pointless. They class it as no better than self-certification.

Connect.gov in the US has been terminated. GOV.UK Verify. 821,000 self-certifications. RIP?

----------

Updated St Patrick's Day 2017

Verify service manager sought to lead GDS expansion ambitions, we read on 15 March 2017, and yesterday GDS to expand Verify team as pressure to increase user numbers mounts.

Last September we said "Jess McEvoy is standing in as interim programme director of GOV.UK Verify (RIP)", please see above. Isn't it Ms McEvoy's job to "lead GDS expansion ambitions" and to "increase user numbers"? Presumably not.

GOV.UK Verify (RIP) hasn't had a named senior responsible owner since Mike Bracken left GDS in September 2015. And it hasn't had a permanent programme director since Janet Hughes left. It's an orphan programme, unwanted and abandoned.

In the circumstances, how is some poor unfortunate service manager supposed to add 24 million verified GOV.UK Verify (RIP) accountholders in three years flat?


Updated 12.5.17

This time last year the Government Digital Service (GDS) won an award at KuppingerCole's EIC2016 conference for their innovative work on GOV.UK Verify (RIP), the national identity assurance scheme on which innovative staff are now working hard to reduce the level of assurance that a GOV.UK Verify (RIP) accountholder is who he or she claims to be.

GDS aren't up for any KuppingerCole awards this year as far as we know, but Adam Cooper, lead technical architect of GOV.UK Verify (RIP), is attending EIC2017 as we speak. What is the Trust Model of the Future?, he will ask. Good question.

Next Monday Mr Cooper will attend One World Identity's K(NO)W Identity conference, where GDS are finalists in not one but two K(NO)W Nodes awards, which "recognize the most compelling startups, individuals and identity innovations of the year" – they are nominated in the Identity Government Leadership and Trailblazer categories.

"Winners will be selected by ... [a] panel of distinguished judges", including Don Thibeau, chairman and president of OIX, the Open Identity Exchange. GDS are members of OIX and, although it's an uphill struggle, OIX do what they can to help.

Mr Thibeau will know better than most just how much the supposedly trailblazing GOV.UK Verify (RIP) has run into the ground.

And as to leadership? That's one of GOV.UK Verify (RIP)'s many problems. "GOV.UK Verify (RIP) hasn't had a named senior responsible owner since Mike Bracken left GDS in September 2015. And it hasn't had a permanent programme director since Janet Hughes left. It's an orphan programme, unwanted and abandoned", as we were saying, only the other day.

The excellent Dave Birch is speaking as well.

He is a member of PCAG, among other things, the Privacy and Consumer Advisory Group, whose co-chair, Jerry Fishenden, resigned the other other day and recommended that: "The government's Verify identity platform is not meeting user needs - it's time to step back and review how best to make online identity for public services work".

Mr Fishenden doesn't mention innovation or trailblazing in his review of GOV.UK Verify (RIP) but he does say: "We urgently need to see credible leadership and a viable strategy". Not impressed with leadership chez GOV.UK Verify (RIP), Mr Fishenden is also unimpressed with ex-Goldman Sachs man Kevin Cunnington's strategy for GDS.

GDS are used to winning awards, as you and Mr Birch k(no)w. But maybe not this time. This may be the end of the trail.


Updated 15.5.17

Not a moment too soon, please see above, the Government Digital Service (GDS) are trying to strengthen the GOV.UK Verify (RIP) management team by recruiting a service owner.

For £70,000 p.a., the successful recruit will supposedly "run and continuously improve a world-class digital service based on user needs". Mr Fishenden, please see above, says: "The government's Verify identity platform is not meeting user needs - it's time to step back and review how best to make online identity for public services work".

Nevertheless, the successful recruit is supposed to agree that the GOV.UK Verify (RIP) strategy is feasible and that the moribund service is "set to grow from a user base of 1 million users to 25 million by 2020". Hard to swallow.

Candidates reading the job advertisement may believe that GOV.UK Verify (RIP) is meant to support access to central government on-line services only. Why is there no mention of GOV.UK Verify (RIP)'s plans for local government services and the private sector? Shouldn't the owner of the service be told?

As usual with GDS, the successful recruit and all other candidates are invited to lose control of their personal information by sending their CVs to Jobvite.

On the plus side, at least this latest job advertisement has dropped the usual claim that all of GOV.UK Verify (RIP)'s "identity providers" are certified trustworthy – four are, three aren't and five have disappeared. It also omits the usual claim that GOV.UK Verify (RIP) is, without qualification, secure.

RIP IDA – "wildly unrealistic expectations"

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

"If Verify is the answer, what was the question?"

Take a look at New GOV.UK Verify [RIP] chief sets out stall after departure of Janet Hughes. That's a Civil Service World (CSW) article, 23 August 2016, and there's something in there for everyone.

"If there's a tricky job facing the Government Digital Service (GDS), or indeed an impossible job, what do they do? Call for Janet Hughes". That's what we said. Several times. Now the heroic Janet has left GDS.

Can she be replaced?

Saturday, 3 September 2016

GDS, the data centre for government

"The Government Digital Service [GDS] is the digital, technology and data centre for government ... Over the next 5 years, together with departments, we will be building new digital, technology and data platforms for the whole of government ... We will make better use of data to drive continuous improvement, ensure government has the right technology and that spending is controlled".

That's what it says in the job description for a new head of service design required at GDS. You've got until 13 September 2016 to apply.

And that's not the only job available. GDS, the "data centre for government", also want data scientists to build new "data platforms for the whole of government" and to make "better use of data".

Some time in 2013, it's hard to establish when, GDS and Warwickshire County Council investigated the question of Interoperability between central and local government identity assurance schemes. The project was "conceived by Warwickshire County Council, a medium-sized local authority, and involved the participation of the Government Digital Service (GDS), a team within the UK Government’s Cabinet Office tasked with transforming government digital services, and three Identity Providers – Mydex, PayPal and Verizon".

Three years later, Mydex is no longer an "identity provider". Neither is PayPal. Nor is Verizon.

Five
One of their findings back then, under the heading Use of a Social Media ID (p.12), was that "most users would be very reluctant to use their social media accounts with a government site, the prevailing view being that their social life is distinctly separate to doing 'business' with government. The issue of privacy and the feeling that government would be able to 'see my social life', or that government transactions would appear in their social media profiles, was of concern. That said, some users saw the benefit in forms being pre-filled with details held within their social media account".

How did GDS come to this important conclusion?

Answer, the data centre for government asked five people: "User experience testing was performed in a laboratory environment and involved 5 users on a one-to-one basis with an experienced research facilitator provided by GDS".

12
Now roll forward three years. GOV.UK Verify (RIP) wasn't meant to go live until it could verify-the-identity-and-therefore-register at least 90% of applicants. The registration rate remains stubbornly below that figure at about 70%. Despite that huge disparity, the data centre for government which is supposed to use data to drive continuous improvement declared GOV.UK Verify (RIP) to be live in May 2016.

In order to improve the registration rate, GDS continue to give the remaining "identity providers" access to more and more of your personal information.

GDS's 25 July 2016 blog post,Can online activity history help GOV.UK Verify [RIP] work for more people?, tells us that they have returned their attention to your social media accounts, "Facebook, PayPal, LinkedIn and others".

They undertook a new project and guess what: "Compared to the findings from 2013-2014, our recent research suggests that people appear to be becoming more amenable to using online activity verification and allowing certified companies access to their personal online accounts to acquire a verified identity that gives safer, faster access to government services".

How much more amenable? How much safer? How much faster? The data centre for government doesn't say.

How did they reach this unquantified conclusion? "The user research involved 12 one-to-one sessions with users" and "We had 86 people, from across participating organisations, testing the service using their real online accounts".

Not exactly big data, is that enough data to support GDS's otherwise unquantified conclusion? The data centre for government doesn't say.

38%
What they do say is that "if activity from such accounts could be used for activity history, GOV.UK Verify [RIP]’s demographic coverage of the adult population overall could increase by 9%, and for the 16-25 demographic could see a potential increase of up to 38%".

Suddenly we're being fed some numbers to work with. But don't get your budding data scientist's hopes up. We have no idea how these numbers were computed. We have no idea how much confidence we can place in them ...

... except that we have been here before. On 25 January 2016, to be precise, when GDS published Estimating what proportion of the public will be able to use GOV.UK Verify [RIP]: "Looking at the overall population of UK adults, we found that at least 73% of over 16s and 78% of employed people are likely to have the evidence and footprint needed to verify their identity using GOV.UK Verify [RIP]. This will increase to at least 91% of employed people and at least 88% of over 16s by April 2016. By July, coverage will increase to 95% of employed people and 93% of over-16s".

The tool shows that by July coverage will increase to 95% of employed people

That didn't happen. There is no reason to believe that GDS's touted 38% improvement will happen either. Any data scientist who joins GDS has their work cut out.

----------

Updated 12:44

The blog post above has been updated since publication. Some links have been added. Also, the reference to 86 people from across participating organisations being involved in testing.

Frowned upon in the world of professional journalism, this iterative primping will be instantly recognisable to GDS as "agile blogging".


Updated 9.12.16

5:12 a.m. yesterday, the Government Digital Service (GDS) tweeted the claim: "Our Standards Assurance team announce savings of £339 million through spending controls".

Presumably to support that claim, GDS provide a link to a blog post, A problem shared is money saved. There, the £339 million figure is described as "confirmed" and we learn that the confirmed savings were made in 2015-16.

The figure is unaudited and we don't have a breakdown but GDS do provide a further link, to Government saves £18.6 billion for hard working taxpayers in 2014 to 2015. That's obviously too early to provide any support for 2015-16 savings but we do learn that savings are calculated by comparing the year's figures against the same figures for 2009-10: "The government made savings of £18.6 billion in 2014 to 2015 against a 2009 to 2010 baseline".

You might think that a saving is a saving. Not for GDS. Change the baseline and you'll get a different figure.

You might think it's hard to make savings. Not for GDS. Propose a £1 billion project and let the GDS spending controls people turn you down. Savings have immediately increased by £1 billion.

12:25 a.m. yesterday, the Cabinet Office tweeted happy fifth birthday to GDS and said: "5 years of government digital transformation has saved the taxpayer over £3.56 billion". The Cabinet Office do not cite any source for this figure. And what happened to the £18.6 billion figure?

12:57 a.m. this morning, Helen Olsen Bedford tweeted: "GDS claims £4 billion savings for government IT". She cites an article on the UKAuthority.com website, GDS claims £4 billion savings for government IT.

That article provides no source but it looks as if these figures are all coming from Stephen Foreshew-Cain's How digital and technology transformation saved £1.7bn last year. Mr Foreshew-Cain replaced Mike Bracken as executive director of GDS and has now himself been replaced by Kevin Cunnington. Last time we looked at Mr Foreshew-Cain's blog post on savings we said:
… And there is no audited support for the £4 billion figure. Elsewhere, we read "in many ways GDS has been a success story ... with a claimed £1.7 billion cost savings" (Helen Margetts). After reading Government unveils £14.3 billion of savings for 2013 to 2014, turn to p.4 of End of year savings 2013 to 2014: technical note and you'll find claimed savings of £91 million + £119 million = £210 million or, to put it another way, £0.21 billion. Not £4 billion. Not even £1.7 billion. Which figure, if any, is correct? More research required, Mr Rooney. And Ms Margetts …
Savings? Think of a number …
There has been no progress in the three years since Mike Bracken told the Americans that relevant savings equivalent to 1% of the UK's GDP had been made whereas, on inspection, the correct figure looked more like 0.0138%.

GDS's claims to have made savings remain confusing and therefore unconvincing ...

... and on that basis they are not the obvious candidate to be the "data centre for government". The data centre centre for government needs to provide information that is reliable and comprehensible. GDS's figures for savings are neither.

GDS, the data centre for government

"The Government Digital Service [GDS] is the digital, technology and data centre for government ... Over the next 5 years, together with departments, we will be building new digital, technology and data platforms for the whole of government ... We will make better use of data to drive continuous improvement, ensure government has the right technology and that spending is controlled".

That's what it says in the job description for a new head of service design required at GDS. You've got until 13 September 2016 to apply.

Saturday, 27 August 2016

GDS & the banshees 3


The system is not set up to do stuff.
It’s set up, frankly,
to have an intellectual pissing match
around how its things should be.


On 1 August 2016 one man replaced another man as head of the Government Digital Service (GDS). Kevin Cunnington came. Stephen Foreshew-Cain left. People come and people go. It's not unusual but on this occasion there was an exorbitant keening and wailing and moaning from an international class of banshees.

The banshees failed to make it clear why they were upset. What would it matter if GDS had its terms of reference changed? Transformation begins at home. Come to that, what would it matter if GDS disappeared? The banshees couldn't tell us.

On or shortly before 5 July 2016, ex-Public Servant of the Year ex-Guardian man Mike Bracken MBE ex-CDO ex-CDO, ex-executive director of GDS and ex-senior responsible owner of the identity assurance programme now known as "GOV.UK Verify (RIP)", gave an interview to the Centre for Public Impact:



That's the interview in which Mr Bracken delivers himself of the opinion above, that Whitehall is set up for nothing more than "an intellectual pissing match" (around 11'16", see transcript).

On or shortly before 25 July 2016, there was another interview, this time involving not just Mike Bracken but also Francis-now-Lord "JFDI" Maude (around 8'18"), Mr Bracken's sometime political boss:



Where the banshees have failed, surely these two can explain what GDS has achieved and why it should continue to exist?

Let us for the moment resist the temptation to correct the scores of mistakes in the interviews.

The suggested answer to our questions about the value of GDS boils down to "internet era skills". Government must be reformed, it is alleged, to take advantage of the internet. Government needs more internet era skills.

What internet era skills? The ability like Google and Facebook to turn people's identity into money? Will we see GOV.UK adorned with advertisements? Will more and more government data disappear into internet era clouds, taken hostage by the likes of Amazon and Google?

Maybe. But those aren't the internet era skills Mike Bracken mentions.

What he's talking about is agile software engineering. Or even agile policy-making in Whitehall. Starting at around 19'00" in the 25 July 2016 interview, he asserts that GDS has deployed agile and that that cannot now be undone. Whitehall is henceforth agile. That won't change. It can't change. It's too late. Thanks to GDS there are now 10-15,000 people in Whitehall using agile and that's all they'll ever use, there's no going back to the bad old days.

With agile we will at last be able to make Government as a Platform work. That's the suggestion. No longer will taxpayers be "ripped off" by huge systems integrators. Instead, innovative small and medium-sized enterprises will deliver shared services cheaply and those services will meet users' needs.

Messrs Bracken and Maude are confident that GDS's agile legacy is here to stay. But Mr Bracken was ejected from Whitehall in September 2015, his successor Mr Foreshew-Cain only lasted nine ten months and Lord Maude is no longer in government. So the banshees have some reason not to share that confidence.

Never mind the fact that agile pre-dates the internet era. (To be more precise, never mind the fact that agile pre-dates the web era.)

And never mind the banshees. How about you? Do you believe that agile is the answer to everything?

Agile certainly didn't help the Rural Payments Agency (RPA), did it. Messrs Bracken and Maude argue that the RPA débâcle was the result of "sabotage" (22'31" onwards). Which implies to some people that, to make agile stick, GDS needs more power over the departments of state and their agencies. Are you happy with the idea of a centralised cadre of agile internet era persons with no experience of government having autocratic power over the rest of Whitehall?

While you're thinking about that, let's take a look at 100 rounds of user research on GOV.UK Verify [RIP], a post published on GDS's identity assurance blog on 2 August 2016:
100 rounds of usability testing is certainly a lot. Here are some numbers to put it into context:
  • 600 users
  • 600 hours in the lab
  • 500 hours of analysis
  • 200 hours of presenting results and prioritising issues
  • 30,000 sticky notes
And that’s not all: those 100 rounds are in addition to a range of other research we do: large scale remote usability testing, contextual research in users’ homes and job centres; customer support queries and feedback; analytics; A/B testing; accessibility testing ...
This is agile in action. This is what the banshees are keening for. This is what you are asked to grant GDS the power to impose on central and local government.

This is process. Get some users. Bang them up in the lab. Analyse what they say and do. Present the results to anyone else who's got a spare 200 hours. Write everything in felt tip on Post-it® Notes. That way you're doing your job.

GDS have become the thoughtless exponents of process. The fact that GOV.UK Verify (RIP) is a hopeless failure doesn't matter. Success isn't the point. The point is to follow the process.

"Here’s what GOV.UK Verify looked like in December 2012, before usability testing started", GDS tell us:


Cassidian have pulled out of GOV.UK Verify (RIP). So have Verizon. So have Mydex and Ingeus. And PayPal (not shown), they've pulled out twice. GOV.UK Verify (RIP) is being trounced by the venerable Government Gateway system – given the choice, that's what people in their millions use to interact with on-line government services, the Government Gateway, and not GOV.UK Verify (RIP).

And meanwhile, there's GDS iterating away in an "intellectual pissing match", doing "contextual research in users’ homes and job centres". They've become more like Whitehall than Whitehall.

One final question for you. Would you now give GDS £450 million?

----------

Updated 11:24

GDS's exclusive commitment to agile means that it is left with pathetically few methods to tackle the manifold diversity of the problems thrown up by the real world.

The US are said to have copied GDS when they set up USDS, "building a more awesome government through technology". Well things are moving on. “The tyranny of agile”, says Jennifer Pahlka in a not bad article, The Tyranny of Agile (hat tip: John Alty). "Never thought you’d hear me say that, did you?", she says, and she's right.

So the US has spotted the problem. So has local government in the UK, please see Socitm briefing warns over digital transformation “delusions”.

But GDS? Are they still hung up on agile? Kevin Cunnington, their new director general, is quoted in Bryan Glick's all-important 31 July 2016 Computer Weekly article as saying "we need to build services in an agile and collaborative way". Do we?

Mr Cunnington may want to put a little distance between himself and that unworldly safe space of agile when he finally addresses the public in his new GDS rôle.


Updated 2.1.17

Give GDS despotic power over the rest of Whitehall and they'll deliver public services quickly and cheaply. How? Using "agile" software engineering methodologies. That's what Mike Bracken said in the 25 July 2016 interview above.

Is he sure?

Yes, thousands of Whitehall staff have now been trained in agile techniques, the process has gone too far to be reversed, they will never use any other methodology. That's what Mike Bracken said.

That's why the banshees were keening. Agile. That's why GDS's terms of reference must never be changed. Internet era agile skills will perfect public administration.

An empty promise so far, it hasn't happened in the first five years of GDS. But it will. That's what Mike Bracken said. There is no alternative.

Except, what's this we now read?


So much for no-going-back. Whitehall IT failures in the ancien régime were all caused by the use of "waterfall" software engineering methodologies. That's what Mike Bracken said. Wrong again.

"Mr Cunnington may want to put a little distance between himself and that unworldly safe space of agile", we said back in August. It's almost as though he agrees.


Updated 2.3.17

It is six months since we noted that the Government Digital Service (GDS) follows process whether or not that delivers progress. 100 rounds of user testing had been conducted and yet GOV.UK Verify (RIP) was still dead.

Yesterday we learnt on Twitter that progress is at last being made: "If we continue at current rate we'll reach 200 rounds of research on @GOVUKverify by June 2018. There will definitely be cake and stickers!".


Updated 3.4.17

As noted above, in his ~25 July 2016 interview Mike Bracken declared his confidence in the legacy of the Government Digital Service (GDS). We paraphrased his words as follows: "GDS has deployed agile ... that cannot now be undone. Whitehall is henceforth agile. That won't change. It can't change. It's too late. Thanks to GDS there are now 10-15,000 people in Whitehall using agile and that's all they'll ever use, there's no going back to the bad old days .. With agile we will at last be able to make Government as a Platform work ... No longer will taxpayers be 'ripped off' by huge systems integrators".

Let's hope he's wrong. Please see Hundreds of millions 'wasted' on UK court digitisation scheme,
'Agile' Common Platform Programme is 'vapourware', say insiders.


Updated 15.9.17

12 September 2017, Francis-now-Lord Maude delivered a speech at Speaker's House on the future of the UK civil service.

In his speech, Lord Maude denounces the civil service. Officials lied to him, he says, they misinformed him and they disobeyed the instructions of their political masters. He lists a number of reforms that he attempted to institute. Some were blocked. The others, which worked, he says, have been reversed since he left office, most notably central spending controls.

These are serious charges. Lord Maude's speech is covered by the Times newspaper. There's nothing in the Telegraph. And nothing in the Guardian. Civil Service World magazine covers the speech ...

... and so does Computer Weekly magazine, GDS is ‘sidelined’ and government as a platform ‘is dead’, says Francis Maude. Perhaps if GDS had known something about government and something about the ultra-large scale IT systems required they could have provided Lord Maude with ammunition and failure could have been averted.

Maude-style success would have been represented by centralisation of the administration, standardisation and massive data-sharing. The UK could have been more like Singapore, he says in his speech, as though that is the ambition on everyone's lips over here. It isn't.

GDS & the banshees 3


The system is not set up to do stuff.
It’s set up, frankly,
to have an intellectual pissing match
around how its things should be.


On 1 August 2016 one man replaced another man as head of the Government Digital Service (GDS). Kevin Cunnington came. Stephen Foreshew-Cain left. People come and people go. It's not unusual but on this occasion there was an exorbitant keening and wailing and moaning from an international class of banshees.

The banshees failed to make it clear why they were upset. What would it matter if GDS had its terms of reference changed? Transformation begins at home. Come to that, what would it matter if GDS disappeared? The banshees couldn't tell us.