Tuesday 20 September 2016

RIP IDA – agile identity, now you are you, now you're not

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
"Congratulations!", they said in the email, "You have completed the registration process":


There he was, DMossEsq, all kitted up with a brand new on-line identity, provided by GOV.UK Verify (RIP) via Digidentity, one of the Government Digital Service's "identity providers".

Digidentity had collected all the details of DMossEsq's passport and driving licence, among other things, and here they were confirming that he is him, the person he claims to be. "Your registration has been completed" – that's what the email says. And polite to a fault, Digidentity even said: "Thank you for registering".

And yet yesterday, when DMossEsq tried to log in for the sixteenth time since that email, he couldn't get through to his personal tax account. There has been no communication from Digidentity since the email above but Digidentity now want more passport details before they'll confirm that DMossEsq is DMossEsq:


Digidentity want an image of the passport uploaded, using an app of theirs which has to be downloaded onto DMossEsq's mobile phone first:


The GOV.UK Verify (RIP) team make it all sound so easy. Register once and they'll vouch for you, they know who you are because you've already proved it and they'll tell HMRC or whoever yes, this is DMossEsq. You have to hand over an inordinate amount of personal information about yourself but at least you'll then be able to use public services on-line.

Not true.

The bargain has been broken. You've handed over the personal information. You still can't use public services on-line.

It seems that an "identity provider" can without warning decide that you aren't you after all and demand further proof without which you can't communicate with any government departments using GOV.UK Verify (RIP).

That could be serious. Suppose you were away from home without your passport, on a sales trip to the Northern Powerhouse, for example, selling gluten-free cupcakes to digital entrepreneurs, and you needed to pay your tax bill. You sit down in your hotel room confident that you can make this payment because you've got your trusty Digidentity on-line identity already set up ...

... only to find that your on-line identity has been taken away from you. Result? You have to pay interest on your tax and a penalty in addition. And there's no compensation. Thank you, GOV.UK Verify (RIP).

Even if you do have your passport with you in the hotel, why should you have to download an app from Digidentity? That's tantamount to deliberately installing a virus.

You never know where you are with GOV.UK Verify (RIP). That could be one reason no-one's using it.

How does this come about? How have the Government Digital Service (GDS) acquired the attitude that they can change the rules behind your back?

The answer is "agile".

Their agile software engineering methodology assumes that they can iterate. They can make changes to live public services all the time. That's what Google do with Chrome, for example. And Google embody the internet era. GDS want to transform government so that it becomes digital by default. And what does "digital" mean? Answer: "digital means applying the culture, practices, processes and technologies of the internet era to respond to people’s raised expectations". So that's what GDS can do with GOV.UK Verify (RIP).

They were warned about this, in January 2013, when four professors told them that: "there are risks that rapidly changing services will deter the takeup of digital services, not encourage it". They didn't listen.

----------

Updated 22.9.16

The matters above have been brought to Digidentity's attention and the Government Digital Service's.

GDS never respond, of course.

Digidentity have responded, please see tweets alongside.

In addition to those tweets, Digidentity also sent two identical emails saying "your identity document is accepted" (please see copy below).

Which document? They don't say.

Whatever their emails say, DMossEsq's GOV.UK Verify (RIP) account registered with Digidentity still doesn't work. He still can't use it to access his personal tax account.

Why doesn't the account work? It used to.

What's changed?

Are Digidentity allowed to withdraw the right to access public services from people to whom they have previously granted that right?

Should they notify people first?

Are they allowed to demand more and more intrusive access to people's personal information such as insisting on their app being installed on our mobile phones?

Can they change the rules as they're going along so that one day you are you and the next day you're not?

Are GDS comfortable with Digidentity creating people on-line and deleting them, wiping them out, so that they don't exist any more?

Do GDS even know it's happening or have they lost track?

These are general policy questions of interest to everyone. Digidentity's offer to discuss them in private won't do.

"We're building trust by being open" – that's GDS's claim. Time to prove it.

What identity document? No new document has been submitted.


Updated 12.6.17

DMossEsq has made no attempt to use his Digidentity GOV.UK Verify (RIP) account since 19 September 2016, please see above. Today, the following email was received:


"We're sorry but we couldn't verify your identity". Very odd. DMossEsq hasn't asked Digidentity to verify his identity. Perhaps someone else has. Who? Why?


Updated 14.6.17

It looked as though someone was trying to use one of DMossEsq's GOV.UK Verify (RIP) accounts, the one maintained by Digidentity, please see above.

An email to Digidentity elicited several prompt responses, please see below, for which they have been thanked.

In the event, it was not a third party but Digidentity themselves who were accessing the account, they were trying to do one of their periodic checks that the account is still kosher. It might improve the user experience in future to make that clear in the email automatically sent to the accountholder.
From: Support [mailto:helpdesk@digidentity.co.uk]
Sent: 13 June 2017 17:00
To: DMossEsq
Subject: [Digidentity] Re: Registration Query

##- Please type your reply above this line -##
Your request (8209) has been updated. To add additional comments, reply to this email.

Liz (Digidentity UK)
Jun 13, 18:00 CEST

Dear Mr Moss,

We have investigated your account further and it appears that our system went through some recent verification checks. These were automatically made on your account without you needing to log in. We require these checks from time to time in order to continue proving who you are.

As you did register quite a long time ago however, what I needed to do is reprocess your information so that we could still be sure that it was definitely you registering online. Now that I have done this, you are still fully verified.

I wish to apologise for any cause for concern. You should now be able to log into your Digidentity account in future and be redirected to the service you require.


Liz (Digidentity UK)
Jun 13, 17:24 CEST

Dear Mr Moss,

Thank you for your message.

What I have done is passed your account to the relevant team at the company in order to investigate further. I would like to thank you for your patience in the meantime. I will get back to you as soon as I have more information.


David Moss
Jun 13, 14:40 CEST

Sirs

I received the email below, “Your registration couldn’t be completed”. It’s a mystery. I have not attempted to use the account for many many months now. Is there any way you can investigate to see who was trying to use it?

Yours faithfully
David Moss

----------
From: noreply@digidentity.eu [mailto:noreply@digidentity.eu]
Sent: 12 June 2017 15:52
To: DMossEsq
Subject: Your registration couldn't be completed.

We’re sorry but we couldn’t verify your identity

Unfortunately we couldn’t verify your identity

Unfortunately your identity can’t be verified right now. Please go back to the GOV.UK Verify webpage or contact our helpdesk if you have any questions regarding your registration.

Kind regards,
Digidentity
Copyright © 2017, All rights reserved | https://www.digidentity.eu


This email is a service from Digidentity UK. Delivered by Zendesk
[N8O6PO-EPKO]
"CEST" turns up a lot in the correspondence with Digidentity. It stands for Central European Standard Summer Time, the timezone chosen by Zendesk, who provide user support services to the Government Digital Service and, so it appears, to Digidentity as well. As we were saying in March:
While claiming to put the user in control, GDS like us to spray our personal information all over the world when we register with GOV.UK Verify (RIP). Their heart really isn't in this privacy lark, is it. They use Eventbrite to organise events. They use Zendesk for user support. They use StatusPage for network monitoring. They use Survey Monkey for user feedback. All the personal information involved is stored and used beyond your control and now GDS want you to upload your CV to Jobvite.

Updated 20.5.18

In a re-run of what happened last year, 1 May 2018, DMossEsq got an email from Digidentity saying "Your registration couldn't be completed". Same day, DMossEsq brings this to Digidentity's attention and points out that he hasn't tried to register recently. Five more emails are exchanged over the next two days and then, 18.5.18, this email arrives from Digidentity:
From: Support <helpdesk@digidentity.co.uk>
Sent: 18 May 2018 10:09
To: DMossEsq
Subject: [Digidentity UK] Re: Account Query

##- Please type your reply above this line -##

Your request (999999) has been updated. To add additional comments, reply to this email.


Liz (Digidentity UK)
May 18, 11:08 CEST

Dear Mr Moss,

I wish to apologise for the delay in getting back to you regarding your query; I wanted to be clear on the matter before informing you.

Although I was not aware of this, it seems that you are well known to some of the Digidentity team. They informed me about some of your blogs where you have documented the GOV.UK Verify registration that we provide. One blog I want to draw to your attention is the following: https://www.dmossesq.com/2016/09/agile-identity.html. It seems that on this site, you posted your personal QR code.

The reason it took longer than expected for me to get back in touch with you is because I have been waiting on a response from another Digidentity user. In the end I did not get a reply from her, but from what we can gather, she may have searched for help online when uploading her own document via the app, possibly when she did not understand about how to scan a QR code. If you search for 'Digidentity QR code', your blog comes up in the image search.

What we can determine from this is that she scanned your own QR code instead, which was connected to your own account. As a result, her photo was uploaded to your account. Our system highlighted this mismatch in information, causing a registration rejection and sending the message you received. Although I did not understand this at the time, it is likely what caused the message to be sent last time you contacted us.

I suppose this is the consequence of posting a personal part of your registration online, which we strongly advise against users doing. Our system rightly detected when this occurred, but we are increasing security and have improved the scanning of the QR code process and it will only be possible to use the QR code as a one off (expires after use), meaning that this situation will no longer occur in future.

I hope that I have informed you sufficiently regarding the matter.

Kind regards,
Liz
Digidentity Customer Support
It seems that including the Digidentity QR code in the 20 September 2016 post above opened the door to people using it to try to register for a GOV.UK Verify (RIP) account.

The attempt(s) failed thanks to Digidentity's existing procedures. Digidentity have nevertheless, as a result of this incident, decided to enhance their procedures to make the use of their QR codes one-time only – a decent partial solution but note that DMossEsq didn't use the QR code so the first user would still be someone else not DMossEsq.

The QR code has now been obfuscated in the blog post above.

Search for 'Digidentity QR code' in Google images as Digidentity suggest and you will find the code Digidentity sent DMossEsq and several others.

In the interests of science, DMossEsq logged in to his Digidentity account to see the picture of the lady who tried to register using his QR code. Nothing doing, it's not there.

He then tried to log in to his personal tax account using his Digidentity GOV.UK Verify (RIP) account. Nothing doing, he's still not him:


The details provided on 23 February 2015 matched the information held by DVLA, HM Passport Office and Callcredit, please see above. Now they don't – now you are you, now you're not.

On the one hand, good work done by the Digidentity customer support team. And by Mr Marcel Wendt, the founder of Digidentity, whom DMossEsq bumped into at the Think.Digital Identity for government conference on 18 May 2018 and who knew all about the incident.

On the other hand, you don't get these problems with the Government Gateway. That's no doubt one reason why Her Majesty's Revenue and Customs don't recommend GOV.UK Verify (RIP). And why GOV.UK Verify (RIP) died.

RIP IDA – agile identity, now you are you, now you're not

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
"Congratulations!", they said in the email, "You have completed the registration process":


There he was, DMossEsq, all kitted up with a brand new on-line identity, provided by GOV.UK Verify (RIP) via Digidentity, one of the Government Digital Service's "identity providers".

Digidentity had collected all the details of DMossEsq's passport and driving licence, among other things, and here they were confirming that he is him, the person he claims to be. "Your registration has been completed" – that's what the email says. And polite to a fault, Digidentity even said: "Thank you for registering".

Sunday 18 September 2016

Ruminating about process

It's over two years since we looked at the achievements of the Government Digital Service (GDS). It looked to us then as though the big achievers digitalwise were not GDS at all, despite their noisy claims, but Her Majesty's Revenue and Customs (HMRC).

GDS aim one day to deliver something called "Government as a Platform (GaaP)". They have a publishing platform and a performance platform already up and running. They're working on at least three other platforms:
  • GOV.UK Verify (RIP) is meant to be a standard cross-government platform for identity assurance.
  • GOV.UK Notify is meant to be a standard way for government to send texts, emails and letters.
  • GOV.UK Pay is meant to be a standard way for government to collect payments.
GOV.UK Notify
Five days ago GDS published From pounds to pennies and months to minutes. They make a vague claim there to the effect that GOV.UK Notify could reduce central government costs and reduce the time taken to make changes. There's no guarantee that these reductions will be made. Just a claim.

"GOV.UK Notify now has 8 service teams sending texts and emails as part of our private beta", GDS tell us. That was 13 September 2016. Three days later, we learnt that it's not just government departments communicating with each other, government departments are communicating with some suppliers, too – Using GOV.UK Notify to communicate with suppliers. Presumably government departments and their suppliers have always communicated with each other. Is GOV.UK Notify an improvement? In what way? GDS don't tell us.

Back in July 2016, Civil Service World (CSW) magazine told us that GOV.UK Notify has "now begun sending messages to people applying for student finance and UK visas as part of the government’s invite-only public beta testing". There has been no update on the progress of this beta testing.

Cabinet Office minister Ben Gummer is quoted in the same CSW article as saying: "In GOV.UK Notify, we have developed an impressive, cost-saving product that can be used across any government department for lots of different services – making it easier for the public to interact with government and keep track of their applications and requests". There is no evidence to support these claims of his.

That's GDS.

Meanwhile the Daily Telegraph newspaper announces that HMRC have tested text messages with over 13,000 taxpayers and found that they increase tax payment rates by up to 7%. That looks like a properly constructed case in support of using texts, unlike the GDS claims.

What's more, there is no sign that HMRC are using GOV.UK Notify. They seem to have their own text-generating system. Bang goes GDS's hope of providing the single platform for government notifications.

GOV.UK Pay
"On Friday 2 September we took our very first live payment on GOV.UK Pay ... This is the first time we’ve processed a payment using a real card". That was GDS, in GOV.UK Pay is ready for business.

Would you describe a payments system that has processed one single solitary payment as "ready for business"?

Is that lonely only child of a payment enough evidence to support GDS's claim that "we're making it easier for citizens to make payments, and more efficient for civil servants to process these payments"?

GDS have four "beta partners" in the development of GOV.UK Pay – Companies House, the Environment Agency, the Home Office and the Ministry of Justice. HMRC isn't one of them.

According to GDS's UK government performance platform, HMRC received about 63 million payments in the year to September 2015. Quite why the statistics stop then is not clear.

What is clear is that we're talking about a lot of payments. HMRC have to think commercially and responsibly about how they collect these payments.

HMRC publish the methodology by which they calculate the cost of collecting each payment, 19p on average. GDS provide no methodology and no unit cost.

It would be worrying if HMRC entrusted their 63 million receipts p.a. to GOV.UK Pay on the basis of GDS's hot-headed claims about a single payment. But they haven't. Neither has anyone else.

GOV.UK Verify (RIP)
GDS's foray into the world of identity assurance is a disaster.

Meanwhile, HMRC added millions of users to their new personal tax accounts service this year, using the old Government Gateway.

And that's not their only on-line service by any means. HMRC processed 1.19 billion stamp duty reserve tax (SDRT) transactions, for example, in the year to September 2015 (digital take-up = 100%). Who is paying this SDRT? GOV.UK Verify (RIP) doesn't tell HMRC the answer because GOV.UK Verify (RIP) isn't involved.

Then there are the 412 million PAYE transactions (95.8%) and the 146 million customs transactions (100%) and the 63 million payments HMRC receive every year, please see above, etc ...

That's a lot of users and they all have to be identified. GOV.UK Verify (RIP) involvement? Nil.

HMRC v. GDS
It was an embarrassing mistake for Sir Jeremy Heywood, the Cabinet Secretary, to promote GDS as the organisation to deliver government transformation. As GDS themselves put it, "this page is no longer being updated".

It was a mistake for Matt Hancock, the previous Cabinet Office minister, and it's a mistake for Ben Gummer, the current one, please see above. It was a mistake for Stephen Foreshew-Cain, GDS's last executive director, and it would be a mistake for Kevin Cunnington, its first director general ...

... but he hasn't made that mistake. Instead, with John Manzoni, chief executive of the civil service and permanent secretary at the Cabinet Office, he's taking GDS in another direction, GDS promised 'national presence' as it takes over DWP's Digital Academy and leaves Aviation House.

That may be more up GDS's street. They are obviously happy ruminating about process – please see Using Activity Theory to build effective personas, for example, or 100 rounds of user research on GOV.UK Verify [RIP].

There's no doubt two years after the previous review that HMRC remain the great achievers when it comes to delivering on-line government transaction systems.

----------

Updated 5.3.17

A triumphant Government Digital Service (GDS) announced the other day on 1 March 2017 that GOV.UK Notify is now open for use.

"Back in May last year GOV.UK Notify sent its first messages as part of our invite-only beta phase", they said. "Now - after 9 months, 3.5 million messages, 32 live services, 850 code deployments, and 500 hours of user research — we’re making Notify available to all of central government".

GOV.UK Notify is a GDS service for central government departments to "send emails and text messages to [their] users". About time, too, you may say. What took them so long?

It's not quite like that.

It may have taken GDS until now to make a notification service "available to all of central government" but DVLA, for example, the driver and vehicle licensing agency, have been sending emails for more than 10 years now:
From: Vehicle Licensing Online [mailto:donotreply@vehiclelicence.gov.uk]
Sent: 19 April 2006 17:12
To: <DMossEsq>
Subject: Confirmation of Tax Disc Application

THIS IS AN AUTOMATED EMAIL - PLEASE DO NOT REPLY AS EMAILS
RECEIVED AT THIS ADDRESS CANNOT BE RESPONDED TO.

Confirmation of Tax Disc Application

Thank you for using DVLA Vehicle Licensing Online. Your application for a new
Tax Disc has been successful.

Reference Number: 1031 0163 9722 1190
Application made on: 19/04/2006 17:08:02
Tax Disc Period: 12 months
Tax Disc Duty: £175.00

The Tax Disc and receipt should arrive in the post within 5 working days.

Should your tax disc not arrive after 5 working days, then please phone us on 0870 850 4444 and choose option 4 then option 1 and be prepared to quote the Reference Number.
GDS tell us that "we expect to start offering Notify to local government by late 2017, once we’ve sorted out the pricing model". But even the dear old London Borough of Merton have been sending emails for at least the past four years:
From: Permitsnoreply@merton.gov.uk
Sent: 22 January 2013 13:05
To: <DMossEsq>
Subject: Payment Confirmation

This is an e-mail from London Borough of Merton.

Your payment has been processed successfully. The details of your payment are :

Payment Reference : 28040
Permit Number : RPP11937
Amount Paid : 65.00 pounds
Date Paid : 22-Jan-2013

This message has been generated automatically. Please do not reply.
Neither Merton nor DVLA are likely to share GDS's excitement about GOV.UK Notify.

Nor Companies House. Here's a notification they sent over 13 years ago:
From: web-filing@companies-house.gov.uk
Sent: 02 January 2004 10:41
To: <DMossEsq>
Subject: Companies House WebFiling Service

This message has been generated in response to your request for a Security Code for use on the Companies House WebFiling service.

Your Security Code is <security code>.

This code will be automatically linked to the e-mail address <DMossEsq>, and any company transactions received under this code will be confirmed to this address.

Additional security codes can be requested for alternative e-mail addresses.

Thank you for visiting the Companies House Website. Contact Centre tel: 0870 33 33 636 or e-mail: enquiries@companieshouse.gov.uk
GDS list 33 central government services currently testing GOV.UK Notify on their performance dashboard. Guess who's not on the list.

That's right.

Her Majesty's Customs and Excise Revenue and Customs (HMRC). The big one.

Just how big is made clear in an interview given to Derek du Preez, please see HMRC Digital Chief – ‘This transformation is the biggest in our history’: "Hardik Shah, Deputy Director, Chief Digital and Information Officer group, HMRC, ... explained that £536 billion of revenue is collected by HMRC every year and that this is the amount that flows through its IT systems ... HMRC processes more than 2 billion transactions every year and Shah said that 90% of those happen online already ...".

HMRC have had automated notification operating for years. Here they were last year for example telling DMossEsq that it's time to submit one of his VAT returns:
From: vatnotifications@eprompts.hmrc.gov.uk
Sent: 24 July 2016 02:30
To: <DMossEsq>
Subject: Reminder to file your VAT Return


Hello Subscriber

You need to submit a VAT return for the period 01.05.16 to 31.07.16 for <Company name>, VAT registration number <VAT no.>.

To submit the return go to the HMRC Services: Sign in or register page on GOV.UK to sign in.

Alternatively, if you use accounting software, in most cases you can use it to quickly prepare and submit your VAT return directly to HMRC.

You'll need to pay your VAT bill by the deadline shown on your VAT return. You may have to pay a surcharge if you don't pay on time.

For details of the due date for returns and payments go to the VAT Returns guide on GOV.UK.

The easiest way to avoid missing a payment deadline is to pay by Direct Debit.

Don't reply to this email as it's an automated reminder.


HM Revenue and Customs
HMRC send texts as well as emails, as noted in the Daily Telegraph article referred to above and in their guidance note on how to recognise phishing attacks. GDS will have to produce similar guidance for their users when GOV.UK Notify finally goes live. (The service is currently still in beta.)

HMRC don't need GOV.UK Notify. Or GOV.UK Pay – they're already used to collecting hundreds of billions of pounds p.a. Famously, they don't need GOV.UK Verify (RIP) either. That's three platform services for GDS's Government as a Platform strategy that HMRC aren't using (excluding a bit of grudging use of GOV.UK Verify (RIP)).

GDS are trying to get government departments to stick all their applications and all their data in the cloud. That's the strategy. There's a long way to go. But not for HMRC. They're already well on the way, as they told Mr du Preez:
When we started our transformation in 2015, we realised our IT infrastructure was not suitable. That’s when we started our virtualisation programme. Some 50% of our IT estate is already virtualised, and given the size of our estate, that’s not a small thing. And we did that in less than 2 years.

Almost 90% of our SAP estate is virtualised, in a private cloud. It wasn’t easy, technologies were developing, security isn’t easy, so we had to do a lot of work with our partners to get the right solution. But it’s now 90% virtualised. All of our SAP apps were virtualised in about 9 months.

We are now in the final stage of database virtualisation, and we only have three databases left. Hopefully by the end of the financial year we will be 100% virtualised on our SAP estate.
Who is leading whom here? You can notify whoever you like with your answer by email, text, tweet or letter, but from where we're sitting it looks as if GDS aren't so much devising the government's transformation strategy as trying breathlessly to keep up with HMRC.


Updated 13.4.18



The Government Digital Service's job is to transform government. Instead of doing that, they ruminate about process.

Katy Arnold, the head of user research at the UK Home Office, posted a tweet yesterday morning about storing and sharing the results of user research.

User research is one of the processes government transformers are meant to go through to achieve their objectives.

Lorna Wall is the user research lead for GOV.UK Verify (RIP), the inanimate pan-government identity assurance scheme still being promoted hopelessly and pointlessly by GDS.

Ms Wall commented (or ruminated) on Ms Arnold's tweet. Not once. But twice.

There have been about 150 rounds of user research into GOV.UK Verify (RIP) and it's a "challenge", she says, to store the results accessibly.

This research has been going on for nearly five years she says in her second tweet and, what with changes in personnel, it's hard to keep track of which research findings led to which design decisions. That, too, is a "challenge".

You'd think that the user research profession might have solved this problem by now. Apparently not.

At GDS, they continue to conduct user research into GOV.UK Verify (RIP), they've done it about 150 times, they've been doing it for nearly five years and they're still "struggling" to maintain the relevance of all this work. Meantime, GOV.UK Verify (RIP) has failed.

That was the real challenge – to make pan-government identity assurance work. They've failed. But work continues to be done on cataloguing their user research results.

Have you ever seen a clearer example of missing the point? Of continuing the process because the process must be continued even though it's not working?

What was GDS's objective?

To deliver an identity assurance scheme?

Or to maintain an accessible set of research results?

Neither has been achieved.

In this instance, GDS have lost the plot.

Let that be an example to others, who are supposed to be guided in their attempts to transform government by the syllabus taught at GDS's academy. 5 years. 150 iterations. No cigar.


Updated 17.4.18

According to the Autumn Budget 2017 (p.5) the UK government expects to receive payments of about £769 billion in 2018-19:


The Government Digital Service's payments platform, GOV.UK Pay, collected its first payments on 13 November 2016 – £170. During fiscal year 2017-18 it collected a total of £38,653,834.

That's 0.005% of the 2018-19 figure. At this rate 99.995% of all receipts will not involve GOV.UK Pay.

On 31 March 2016 GDS described GOV.UK Pay as a "greenfield project". They provided a link explaining that "the term greenfield project is used in many industries, including software development where it means to start a project without the need to consider any prior work". Two years later, the result of not considering any prior work is a system which collects 0.005% p.a. of the government's receipts.

How did GDS get into this ridiculous backwater?

Their March 2016 blog post says that "user research showed us how frustrating payment pages can be". Good old user research. GDS's favourite process. It doesn't seem to have helped GOV.UK Pay any more than it helped GOV.UK Verify (RIP), please see above.

The blog post says also "we’ve had the freedom to make good technical choices that address user needs". Good old user needs. GDS's lodestar. But they're not the only ones, Her Majesty's Revenue and Customs and others must be quite good at working out user needs, perhaps better than GDS are, given that 99.995% of receipts don't rely on GOV.UK Pay.

The natives are getting restless about claims to be uniquely guided by user needs, please see the tweet alongside.

"... we’ve built a consistent and reliable user experience hosted securely on GOV.UK", GDS say. Maybe. But 99.995% of the time that experience is irrelevant.

Nowhere in their March 2016 blog post do GDS say how much money will be saved by using GOV.UK Pay nor when the savings can be expected to start. That's no way to mount a business case.

But of course GDS aren't trying to mount a business case. They're trying, ineffectually as it turns out, to bring about a callow vision they have of government as a platform. It's ideological. An "intellectual pissing match", as Mike Bracken would say.

How much longer will GDS be allowed to ruminate? When will they be expected to deliver something?

Ruminating about process

It's over two years since we looked at the achievements of the Government Digital Service (GDS). It looked to us then as though the big achievers digitalwise were not GDS at all, despite their noisy claims, but Her Majesty's Revenue and Customs (HMRC).

GDS aim one day to deliver something called "Government as a Platform (GaaP)". They have a publishing platform and a performance platform already up and running. They're working on at least three other platforms:
  • GOV.UK Verify (RIP) is meant to be a standard cross-government platform for identity assurance.
  • GOV.UK Notify is meant to be a standard way for government to send texts, emails and letters.
  • GOV.UK Pay is meant to be a standard way for government to collect payments.

Friday 16 September 2016

Why no-one can devise @gdsteam's strategy

“It reminds me of that old joke – you know, a guy walks into a psychiatrist's office and says, hey doc, my brother's crazy! He thinks he's a chicken. Then the doc says, why don't you turn him in? Then the guy says, I would but I need the eggs.

Last heard, the Government Digital Service (GDS) were due to publish their strategy yesterday, 15 September 2016. That was the deadline. Not for the first time, they missed it.

Instead of a strategy explaining what GDS are going to do with £450 million we were treated to a press release, Government Digital Service announces plans to run a national digital academy, which includes this:
GDS director general Kevin Cunnington said:

" More and more we are going to make the work from GDS about transformation - not just digital.

" We have a superb team and I want our UK strategy to not only reflect the bold ambition that we have across Government, but the new challenges that now face us. We will have an updated and complete Digital Transformation Strategy before the end of the year."
What's all this about "the new challenges that now face us"?

According to the press release:
The Government’s Digital Transformation Strategy is also going to be updated to match the new and larger remit of GDS and to take into account the EU referendum vote and the challenges that the Civil Service now face.
Someone would have us believe that GDS, who couldn't even computerise farm payments, have a transformative rôle to play in bringing about the UK's exit from the European Union.

You may find that unlikely ...

... in which case you must put forward another explanation for the long delay in agreeing GDS's strategy. If the delay isn't caused by working out GDS's crucial contribution to Brexit, what is it caused by?

Here's one possibility:
  • The UK government continues to want all public services to be digital by default.
  • In order for that to work everyone must have an on-line identity.
  • GDS have come up with GOV.UK Verify (RIP), an identity assurance platform that doesn't work.
  • You try writing the GDS strategy in that case – you'll be delayed well beyond "the end of the year".
GDS's bosses know that GOV.UK Verify (RIP) is dead and that digital-by-default as currently envisaged is a dead duck. But they continue to want digital-by-default so they continue to pretend that GOV.UK Verify (RIP) is viable.

It's hard in this case to disagree with the first head of GDS, Mike Bracken, whose recent gritty pronouncement on Whitehall is:
The system is not set up to do stuff. It’s set up, frankly, to have an intellectual pissing match around how its things should be.

Why no-one can devise @gdsteam's strategy

“It reminds me of that old joke – you know, a guy walks into a psychiatrist's office and says, hey doc, my brother's crazy! He thinks he's a chicken. Then the doc says, why don't you turn him in? Then the guy says, I would but I need the eggs.

Last heard, the Government Digital Service (GDS) were due to publish their strategy yesterday, 15 September 2016. That was the deadline. Not for the first time, they missed it.

Instead of a strategy explaining what GDS are going to do with £450 million we were treated to a press release, Government Digital Service announces plans to run a national digital academy, which includes this:
GDS director general Kevin Cunnington said:

" More and more we are going to make the work from GDS about transformation - not just digital.

" We have a superb team and I want our UK strategy to not only reflect the bold ambition that we have across Government, but the new challenges that now face us. We will have an updated and complete Digital Transformation Strategy before the end of the year."
What's all this about "the new challenges that now face us"?

According to the press release:
The Government’s Digital Transformation Strategy is also going to be updated to match the new and larger remit of GDS and to take into account the EU referendum vote and the challenges that the Civil Service now face.
Someone would have us believe that GDS, who couldn't even computerise farm payments, have a transformative rôle to play in bringing about the UK's exit from the European Union.

You may find that unlikely ...

Monday 5 September 2016

RIP IDA – "wildly unrealistic expectations"

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

"If Verify is the answer, what was the question?"

Take a look at New GOV.UK Verify [RIP] chief sets out stall after departure of Janet Hughes. That's a Civil Service World (CSW) article, 23 August 2016, and there's something in there for everyone.

"If there's a tricky job facing the Government Digital Service (GDS), or indeed an impossible job, what do they do? Call for Janet Hughes". That's what we said. Several times. Now the heroic Janet has left GDS.

Can she be replaced?

A, B, C and D below say no, she can't be. E, F, G and H are waiting in the wings.

Are GDS advertising for a replacement? You take a look.

A Jess McEvoy is standing in as interim programme director of GOV.UK Verify (RIP). CSW say: "According to McEvoy, Verify has now been used to verify more than 800,000 individual identities, with more than three quarters of users reporting that they are either satisfied or very satisfied with the service". Is she right?

GDS have three ways of measuring user satisfaction on the GOV.UK Verify (RIP) performance dashboard. 84.11% of respondents say that they are satisfied or very satisfied from the point of view of security. That figure falls to 72.17% from the point of view of certified companies and 64.97% from the point of view of verification.

Never mind what these categories mean – security, certified companies and verification – in each case there have been about 11,100 respondents out of 821,000 or so GOV.UK Verify (RIP) accountholders. That's a 1.35% response rate.

About 821,000 accounts have been created. They have been used about 844,000 times, i.e. about once each:
  • How many accountholders are there? GDS provide no answer. If each accountholder has seven accounts, one with each of the remaining "identity providers", we could be talking about only 118,000 people, not 821,000.
  • Are these people using GOV.UK Verify (RIP) or just trying it out once and then going back to the Government Gateway? That is, is Ms McEvoy right to refer to them as "users"?
  • Why are the user satisfaction statistics four weeks out of date at the time of writing?
  • Less than three-quarters of respondents are satisfied or very satisfied in two of the user satisfaction categories, where does Ms McEvoy get more than three-quarters from?
  • Do the respondents constitute a representative cross-section of the population from which it is legitimate to extrapolate? Or would it be better to say that 64.97% of 1.35% = 0.88% of users, if that's what they are, are satisfied or very satisfied with GOV.UK Verify (RIP) from the point of view of verification?
  • Do the respondents understand the question? Do they each understand the same thing by the question? Or are they all answering different questions?
GDS are meant to be the experts in data analytics. If this is how they handle statistics, they are in danger of suffering the same fate as the pollsters who get referendum and general election results hopelessly wrong – no-one will believe them.

B Ms McEvoy is supported in the CSW article by Jessica Figueras, chief analyst for technology consultancy Kable: "Figueras said it 'should not come as any surprise' if HMRC was considering other options for identiy verification, because the original plan for Verify was for it 'to provide low to medium security ID assurance for citizens, and this hasn’t changed' ...". Is she right?

Presumably Ms Figueras is talking about low-to-medium assurance, not low-to-medium security. GDS claim to offer nothing but unqualified high security.

Take a look at the 9 October 2014 IPV Operations Manual published by GDS. That document covers identity-proofing and verification for GOV.UK Verify (RIP). Para.5 on p.5 specifies registration requirements at both identity assurance level 2 (civil courts) and level 3 (criminal courts). Para.58 also includes level 3 requirements. So does para.71. So much of paras.87-91 has been blanked out that it's impossible to know for sure but it looks as though GDS are talking about more than low-to-medium security. And so on, para.113, para.118, ...

Ms Figueras appears to be wrong. If GOV.UK Verify (RIP) is now required to provide only low-to-medium assurance as to people's identity, then, surprisingly, the specification has been quietly changed since October 2014.

Suppose for a moment, though, that she's right. CSW talk about GOV.UK Verify (RIP) "allowing drivers to tell the DVLA about their medical conditions and allowing mortgage deeds to be signed through the Land Registry". They talk about "offering the service to NHS trusts and local authorities, as well as private sector organisations". Are DVLA and the Land Registry and NHS trusts and local authorities and private sector organisations happy to accept low-to-medium assurance as to people's identity?

"The fact is", says Ms Figueras, "that Verify is an incredibly ambitious programme and the fundamental concepts behind it were untested". Incredible? Untested? Is that meant to increase the confidence of DVLA, the Land Registry and the rest?

"Figueras said the main problem faced by Verify had been the 'wildly unrealistic expectations for roll-out' ...". Wildly unrealistic? With support like this, GOV.UK Verify (RIP) doesn't need any detractors.

C She is also supported by Daniel Thornton of the Institute for Government, who "explained why HMRC might opt for its own verification system". He's quite right, of course. GOV.UK Verify (RIP) can at best only verify the identity of natural persons, not legal persons like companies and partnerships and trusts and, as Mr Thornton says, that's no use to HMRC, they need "something that will work with businesses as well as individuals".

Was that always meant to be the case?

No. GDS used to hold out the prospect of their scheme verifying the identity of legal persons, please see Good Practice Guide 46, published by GDS on 18 October 2013: "This guide deals with proving the authenticity (identity) of a legal organisation, such as a business, partnership, charity, government body or other public sector organisation".

GOV.UK Verify (RIP) is shrinking and it is pointless to pretend otherwise. As it shrinks it is of interest to fewer and fewer organisations.

D Talking of untested fundamental concepts, is it feasible to verify millions of people's identities on-line and only on-line to a level of assurance satisfactory to the likes of the NHS and local authorities? The US National Institute of Standards and Technology (NIST) raise that question. Their answer seems to be no. They consider the identity-proofing work done in GOV.UK Verify (RIP) to be pointless. They class it as no better than self-certification.

Connect.gov in the US has been terminated. GOV.UK Verify. 821,000 self-certifications. RIP?

----------

Updated St Patrick's Day 2017

Verify service manager sought to lead GDS expansion ambitions, we read on 15 March 2017, and yesterday GDS to expand Verify team as pressure to increase user numbers mounts.

Last September we said "Jess McEvoy is standing in as interim programme director of GOV.UK Verify (RIP)", please see above. Isn't it Ms McEvoy's job to "lead GDS expansion ambitions" and to "increase user numbers"? Presumably not.

GOV.UK Verify (RIP) hasn't had a named senior responsible owner since Mike Bracken left GDS in September 2015. And it hasn't had a permanent programme director since Janet Hughes left. It's an orphan programme, unwanted and abandoned.

In the circumstances, how is some poor unfortunate service manager supposed to add 24 million verified GOV.UK Verify (RIP) accountholders in three years flat?


Updated 12.5.17

This time last year the Government Digital Service (GDS) won an award at KuppingerCole's EIC2016 conference for their innovative work on GOV.UK Verify (RIP), the national identity assurance scheme on which innovative staff are now working hard to reduce the level of assurance that a GOV.UK Verify (RIP) accountholder is who he or she claims to be.

GDS aren't up for any KuppingerCole awards this year as far as we know, but Adam Cooper, lead technical architect of GOV.UK Verify (RIP), is attending EIC2017 as we speak. What is the Trust Model of the Future?, he will ask. Good question.

Next Monday Mr Cooper will attend One World Identity's K(NO)W Identity conference, where GDS are finalists in not one but two K(NO)W Nodes awards, which "recognize the most compelling startups, individuals and identity innovations of the year" – they are nominated in the Identity Government Leadership and Trailblazer categories.

"Winners will be selected by ... [a] panel of distinguished judges", including Don Thibeau, chairman and president of OIX, the Open Identity Exchange. GDS are members of OIX and, although it's an uphill struggle, OIX do what they can to help.

Mr Thibeau will know better than most just how much the supposedly trailblazing GOV.UK Verify (RIP) has run into the ground.

And as to leadership? That's one of GOV.UK Verify (RIP)'s many problems. "GOV.UK Verify (RIP) hasn't had a named senior responsible owner since Mike Bracken left GDS in September 2015. And it hasn't had a permanent programme director since Janet Hughes left. It's an orphan programme, unwanted and abandoned", as we were saying, only the other day.

The excellent Dave Birch is speaking as well.

He is a member of PCAG, among other things, the Privacy and Consumer Advisory Group, whose co-chair, Jerry Fishenden, resigned the other other day and recommended that: "The government's Verify identity platform is not meeting user needs - it's time to step back and review how best to make online identity for public services work".

Mr Fishenden doesn't mention innovation or trailblazing in his review of GOV.UK Verify (RIP) but he does say: "We urgently need to see credible leadership and a viable strategy". Not impressed with leadership chez GOV.UK Verify (RIP), Mr Fishenden is also unimpressed with ex-Goldman Sachs man Kevin Cunnington's strategy for GDS.

GDS are used to winning awards, as you and Mr Birch k(no)w. But maybe not this time. This may be the end of the trail.


Updated 15.5.17

Not a moment too soon, please see above, the Government Digital Service (GDS) are trying to strengthen the GOV.UK Verify (RIP) management team by recruiting a service owner.

For £70,000 p.a., the successful recruit will supposedly "run and continuously improve a world-class digital service based on user needs". Mr Fishenden, please see above, says: "The government's Verify identity platform is not meeting user needs - it's time to step back and review how best to make online identity for public services work".

Nevertheless, the successful recruit is supposed to agree that the GOV.UK Verify (RIP) strategy is feasible and that the moribund service is "set to grow from a user base of 1 million users to 25 million by 2020". Hard to swallow.

Candidates reading the job advertisement may believe that GOV.UK Verify (RIP) is meant to support access to central government on-line services only. Why is there no mention of GOV.UK Verify (RIP)'s plans for local government services and the private sector? Shouldn't the owner of the service be told?

As usual with GDS, the successful recruit and all other candidates are invited to lose control of their personal information by sending their CVs to Jobvite.

On the plus side, at least this latest job advertisement has dropped the usual claim that all of GOV.UK Verify (RIP)'s "identity providers" are certified trustworthy – four are, three aren't and five have disappeared. It also omits the usual claim that GOV.UK Verify (RIP) is, without qualification, secure.

RIP IDA – "wildly unrealistic expectations"

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

"If Verify is the answer, what was the question?"

Take a look at New GOV.UK Verify [RIP] chief sets out stall after departure of Janet Hughes. That's a Civil Service World (CSW) article, 23 August 2016, and there's something in there for everyone.

"If there's a tricky job facing the Government Digital Service (GDS), or indeed an impossible job, what do they do? Call for Janet Hughes". That's what we said. Several times. Now the heroic Janet has left GDS.

Can she be replaced?

Saturday 3 September 2016

GDS, the data centre for government

"The Government Digital Service [GDS] is the digital, technology and data centre for government ... Over the next 5 years, together with departments, we will be building new digital, technology and data platforms for the whole of government ... We will make better use of data to drive continuous improvement, ensure government has the right technology and that spending is controlled".

That's what it says in the job description for a new head of service design required at GDS. You've got until 13 September 2016 to apply.

And that's not the only job available. GDS, the "data centre for government", also want data scientists to build new "data platforms for the whole of government" and to make "better use of data".

Some time in 2013, it's hard to establish when, GDS and Warwickshire County Council investigated the question of Interoperability between central and local government identity assurance schemes. The project was "conceived by Warwickshire County Council, a medium-sized local authority, and involved the participation of the Government Digital Service (GDS), a team within the UK Government’s Cabinet Office tasked with transforming government digital services, and three Identity Providers – Mydex, PayPal and Verizon".

Three years later, Mydex is no longer an "identity provider". Neither is PayPal. Nor is Verizon.

Five
One of their findings back then, under the heading Use of a Social Media ID (p.12), was that "most users would be very reluctant to use their social media accounts with a government site, the prevailing view being that their social life is distinctly separate to doing 'business' with government. The issue of privacy and the feeling that government would be able to 'see my social life', or that government transactions would appear in their social media profiles, was of concern. That said, some users saw the benefit in forms being pre-filled with details held within their social media account".

How did GDS come to this important conclusion?

Answer, the data centre for government asked five people: "User experience testing was performed in a laboratory environment and involved 5 users on a one-to-one basis with an experienced research facilitator provided by GDS".

12
Now roll forward three years. GOV.UK Verify (RIP) wasn't meant to go live until it could verify-the-identity-and-therefore-register at least 90% of applicants. The registration rate remains stubbornly below that figure at about 70%. Despite that huge disparity, the data centre for government which is supposed to use data to drive continuous improvement declared GOV.UK Verify (RIP) to be live in May 2016.

In order to improve the registration rate, GDS continue to give the remaining "identity providers" access to more and more of your personal information.

GDS's 25 July 2016 blog post,Can online activity history help GOV.UK Verify [RIP] work for more people?, tells us that they have returned their attention to your social media accounts, "Facebook, PayPal, LinkedIn and others".

They undertook a new project and guess what: "Compared to the findings from 2013-2014, our recent research suggests that people appear to be becoming more amenable to using online activity verification and allowing certified companies access to their personal online accounts to acquire a verified identity that gives safer, faster access to government services".

How much more amenable? How much safer? How much faster? The data centre for government doesn't say.

How did they reach this unquantified conclusion? "The user research involved 12 one-to-one sessions with users" and "We had 86 people, from across participating organisations, testing the service using their real online accounts".

Not exactly big data, is that enough data to support GDS's otherwise unquantified conclusion? The data centre for government doesn't say.

38%
What they do say is that "if activity from such accounts could be used for activity history, GOV.UK Verify [RIP]’s demographic coverage of the adult population overall could increase by 9%, and for the 16-25 demographic could see a potential increase of up to 38%".

Suddenly we're being fed some numbers to work with. But don't get your budding data scientist's hopes up. We have no idea how these numbers were computed. We have no idea how much confidence we can place in them ...

... except that we have been here before. On 25 January 2016, to be precise, when GDS published Estimating what proportion of the public will be able to use GOV.UK Verify [RIP]: "Looking at the overall population of UK adults, we found that at least 73% of over 16s and 78% of employed people are likely to have the evidence and footprint needed to verify their identity using GOV.UK Verify [RIP]. This will increase to at least 91% of employed people and at least 88% of over 16s by April 2016. By July, coverage will increase to 95% of employed people and 93% of over-16s".

The tool shows that by July coverage will increase to 95% of employed people

That didn't happen. There is no reason to believe that GDS's touted 38% improvement will happen either. Any data scientist who joins GDS has their work cut out.

----------

Updated 12:44

The blog post above has been updated since publication. Some links have been added. Also, the reference to 86 people from across participating organisations being involved in testing.

Frowned upon in the world of professional journalism, this iterative primping will be instantly recognisable to GDS as "agile blogging".


Updated 9.12.16

5:12 a.m. yesterday, the Government Digital Service (GDS) tweeted the claim: "Our Standards Assurance team announce savings of £339 million through spending controls".

Presumably to support that claim, GDS provide a link to a blog post, A problem shared is money saved. There, the £339 million figure is described as "confirmed" and we learn that the confirmed savings were made in 2015-16.

The figure is unaudited and we don't have a breakdown but GDS do provide a further link, to Government saves £18.6 billion for hard working taxpayers in 2014 to 2015. That's obviously too early to provide any support for 2015-16 savings but we do learn that savings are calculated by comparing the year's figures against the same figures for 2009-10: "The government made savings of £18.6 billion in 2014 to 2015 against a 2009 to 2010 baseline".

You might think that a saving is a saving. Not for GDS. Change the baseline and you'll get a different figure.

You might think it's hard to make savings. Not for GDS. Propose a £1 billion project and let the GDS spending controls people turn you down. Savings have immediately increased by £1 billion.

12:25 a.m. yesterday, the Cabinet Office tweeted happy fifth birthday to GDS and said: "5 years of government digital transformation has saved the taxpayer over £3.56 billion". The Cabinet Office do not cite any source for this figure. And what happened to the £18.6 billion figure?

12:57 a.m. this morning, Helen Olsen Bedford tweeted: "GDS claims £4 billion savings for government IT". She cites an article on the UKAuthority.com website, GDS claims £4 billion savings for government IT.

That article provides no source but it looks as if these figures are all coming from Stephen Foreshew-Cain's How digital and technology transformation saved £1.7bn last year. Mr Foreshew-Cain replaced Mike Bracken as executive director of GDS and has now himself been replaced by Kevin Cunnington. Last time we looked at Mr Foreshew-Cain's blog post on savings we said:
… And there is no audited support for the £4 billion figure. Elsewhere, we read "in many ways GDS has been a success story ... with a claimed £1.7 billion cost savings" (Helen Margetts). After reading Government unveils £14.3 billion of savings for 2013 to 2014, turn to p.4 of End of year savings 2013 to 2014: technical note and you'll find claimed savings of £91 million + £119 million = £210 million or, to put it another way, £0.21 billion. Not £4 billion. Not even £1.7 billion. Which figure, if any, is correct? More research required, Mr Rooney. And Ms Margetts …
Savings? Think of a number …
There has been no progress in the three years since Mike Bracken told the Americans that relevant savings equivalent to 1% of the UK's GDP had been made whereas, on inspection, the correct figure looked more like 0.0138%.

GDS's claims to have made savings remain confusing and therefore unconvincing ...

... and on that basis they are not the obvious candidate to be the "data centre for government". The data centre centre for government needs to provide information that is reliable and comprehensible. GDS's figures for savings are neither.

GDS, the data centre for government

"The Government Digital Service [GDS] is the digital, technology and data centre for government ... Over the next 5 years, together with departments, we will be building new digital, technology and data platforms for the whole of government ... We will make better use of data to drive continuous improvement, ensure government has the right technology and that spending is controlled".

That's what it says in the job description for a new head of service design required at GDS. You've got until 13 September 2016 to apply.