Wednesday 18 April 2018

GDS & the banshees 4 – in defence of silos


The system is not set up to do stuff.
It’s set up, frankly,
to have an intellectual pissing match
around how its things should be.


Easter 2018 will be remembered briefly for the epic querulous caterwauling of the banshees when data was taken away from GDS and given to DCMS.

The passionate tweet alongside was emitted in response to a 29 March 2018 announcement on the machinery of government by the Prime Minister: "This written statement confirms that the data policy and governance functions of the Government Digital Service (GDS) will transfer from the Cabinet Office to the Department for Digital, Culture, Media and Sport (DCMS). The transfer includes responsibility for data sharing (including coordination of Part 5 of the Digital Economy Act 2017), data ethics, open data and data governance".

No surprises there:
  • The Department for Culture Media and Sport changed its name to "The Department for Digital Culture Media and Sport" back in July 2017.
  • 18 months before that, in December 2015, DCMS issued a consultation document on the UK's digital economy making it clear that it was in their remit and not GDS's.
Nine months before that, in March 2015, there was a real surprise when GDS acquired responsibility for data in some unspecified way but they didn't do anything with this responsibility and their attempt in May 2016 to produce an ethical framework for data science confirmed that they had nothing to offer.

Nevertheless, in solidarity with Mr Bracken, Stephen Foreshew-Cain dutifully feigned indignation at the loss of power to DCMS, please see the tweet alongside.

You should know that Mr Foreshew-Cain took over as Executive Director of GDS in September 2015, replacing Mr Bracken. Also, that he only lasted 10 months, after which he was replaced by Kevin Cunnington, ...

... who has remained silent on the DCMS issue, no public wailing from him, no gnashing of teeth and not a single garment has been rended (rent?).

No such restraint from Mr Bracken. He was back on banshee duty on 4 April 2018 in the New Statesman magazine: "To elicit government-wide institutional reforms in a digital age, one needs three levers – digital, data and technology – to be in one place aligned to the financial levers of government ...To take data policy out of the centre and move it without mandate or clear explanation to a weak departments with no track record of delivery or cross-Whitehall power ... doesn’t make sense ... Last weekend, the UK seems to have made government a little bit slower, more siloed, harder to reform and more complex. Without a clear statement of motivation, you have to ask: what is the user need?".

It all sounds quite plausible at first but you have to ask how does Mr Bracken know that digital, data and technology have to be in one place, that's a rule he's just made up, suppose he's wrong. They were in one place in GDS and nothing was happening. After no time at all the argument starts to degenerate into what he himself refers to as "an intellectual pissing match". GDS has a poor track record of delivery and suffers from much-diminished cross-Whitehall power. And its claims to be driven only by user needs do not stand up.

Sometimes these banshees spoil it by wailing just a bit too much. Take a look at "last weekend, the UK seems to have made government a little bit slower, more siloed, harder to reform and more complex". Whitehall departments as currently established are "silos", in his language, and Mr Bracken doesn't like silos.

Nor does Mr Foreshew-Cain as we discovered two years ago, please see the tweet alongside.

The suggestion is that a collection of reactionary old permanent secretaries sit around Whitehall defending the entrenched entitlement of their departments against all-comers, standing in the way of internet era progress offered to them by the enlightened likes of Messrs Bracken and Foreshew-Cain.

Well that won't wash, will it – "one needs three levers – digital, data and technology – to be in one place" is exactly what you'd expect a selfish and benighted silo-defender to say, followed by the threat that change would make "government a little bit slower, ... harder to reform and more complex".

The comparison isn't exact. The long gone Messrs Bracken and Foreshew-Cain never were permanent secretaries and and they don't have the decades of public service behind them that normally go with the job. But the petulant cry from the sidelines that disruption is all very well for other departments but keep your hands off GDS sounds pretty authentically reactionary. Some silos are more equal than others?


Silos in Acatlán, Hidalgo, Mexico.

----------

Updated 12.6.18

Major government initiatives are announced on television, on the radio and in the national newspapers and periodicals. There are people who remember when they were even announced on the floor of the House of Commons.

Minor matters like medical reports on the latest ailments of the Government Digital Service (GDS) used to merit a press release. There was a time when GDS would write endless self-congratulatory blog posts and carpet bomb Twitter with their awesome news.

Long gone now. The GDS blog posts have all but stopped. Their Twitter timeline is like one of those ghost towns in cowboy films – tumbleweed, a hyena or two, and the odd crazed old gap-toothed prospector.

Last March saw the nadir of this PR curve, with news being whispered to a few selected journalists in the margins of a conference, please see above.

Except that now the nadir has sunk even lower, with the briefing involving apparently just one single journalist, Bryan Glick, the editor of Computer Weekly magazine. GDS loses digital identity policy to DCMS, he told us yesterday, 11 June 2018: "The Government Digital Service (GDS) has lost responsibility for digital identity policy, with the Department for Digital, Culture, Media and Sport (DCMS) taking over".

An 1861 painting of Mary Celeste
(named Amazon at the time),
by an unknown artist
Apparently "GDS will still be developing Gov.uk Verify [RIP], its in-house digital identity assurance system, but wider policy now rests with Matt Hancock, secretary of state at DCMS. The move took place last month, without any public announcement, but was revealed by Hancock during a press briefing last week".

Mr Glick is the only journalist known to have reported this move. Was he the only journalist at the press briefing? That's what it looks like.

All the hot air has escaped. The party's over ...

... and all that's left of GOV.UK Verify (RIP) is a wrinkly old dusty bit of a deflated balloon while GDS comes to resemble nothing more than the Mary Celeste.

GDS & the banshees 4 – in defence of silos


The system is not set up to do stuff.
It’s set up, frankly,
to have an intellectual pissing match
around how its things should be.


Easter 2018 will be remembered briefly for the epic querulous caterwauling of the banshees when data was taken away from GDS and given to DCMS.

The passionate tweet alongside was emitted in response to a 29 March 2018 announcement on the machinery of government by the Prime Minister: "This written statement confirms that the data policy and governance functions of the Government Digital Service (GDS) will transfer from the Cabinet Office to the Department for Digital, Culture, Media and Sport (DCMS). The transfer includes responsibility for data sharing (including coordination of Part 5 of the Digital Economy Act 2017), data ethics, open data and data governance".

No surprises there:
  • The Department for Culture Media and Sport changed its name to "The Department for Digital Culture Media and Sport" back in July 2017.
  • 18 months before that, in December 2015, DCMS issued a consultation document on the UK's digital economy making it clear that it was in their remit and not GDS's.

Friday 23 February 2018

Thursday 18 January 2018

Making a difference

We volunteer because we want to make a difference - HMRC digital
The difference maker
We’re delivering reform – and starting to make a difference
Design that Makes a Difference exhibition
Teachers dedicated to making a difference

That's the first five hits returned by a Google search just now for "making a difference". We could go on. For some time. There are about 1,775 more hits where those five came from.

That's if you restrict your search to just UK government blogs, blog.gov.uk. Extend the search to the whole gov.uk domain, and Google gets 6.72 million hits. The civil service is clearly fascinated by making a difference.

Take the brake off, search across all domains, and Google offers you 320 million articles to read.

Making a difference is a big subject.

Too big to tackle in its entirety.

Let's restrict our scope to just the UK Government Digital Service (GDS). They have spotted the making-a-difference fashion and adopted it for their endless and compulsive recruitment drive:


The examples could be multiplied. There's this – We're looking for an inspiring Service Manager: "We want someone who is as committed to transformation as we are, and in return we will offer a friendly, supportive working environment full of people who want to make a difference". And there's the Ross Ferguson tweet alongside. You will have no problem finding further examples.

Is it really such a good idea for GDS to market themselves on the basis that they make a difference?

Catching flu makes a difference to millions of people and presumably GDS don't want to suggest that they're a debilitating virus but that possibility is not excluded from their glib marketing.

Does the flap of a butterfly’s wings in Brazil set off a tornado in Texas? Any event must have a cause. That's how we think. Rightly or wrongly. Every action of ours must have an effect. Trivially, it follows that it is impossible not to make a difference. What is the non-trivial point that GDS are trying to make?

Presumably GDS want you to understand that they know what they're doing, they know what difference it is that they are trying to bring about, they're not just a Brazilian butterfly unwittingly bringing destruction to Texas. But what is it that they know? How do they know it? And why don't they tell us?

When President Clinton demanded back in 1992 that mortgages be made available to everyone he caused the credit crunch of 2007/2008. What is there to protect GDS from the law of unintended consequences? Nothing.

The public sector ethos is an appealing idea. The suggestion is that public servants are uniquely altruistic and motivated only by increasing the public good. Piffle. Anyone working in the private sector, whether or not they are inspiring and talented and committed and passionate, could do more good and/or less harm than a GDSer. That's a hypothesis. What is GDS's counter-argument? How do GDS measure the public good? They don't say.

GDS hold themselves out as being bathed in the glow of making a difference. But making a difference is an empty claim without a lot of supporting definition and evidence and argument. Potential recruits are recommended to ask at interview what this difference is that GDS claim to have made in the past and promise to make in the future.

Making a difference

We volunteer because we want to make a difference - HMRC digital
The difference maker
We’re delivering reform – and starting to make a difference
Design that Makes a Difference exhibition
Teachers dedicated to making a difference

That's the first five hits returned by a Google search just now for "making a difference". We could go on. For some time. There are about 1,775 more hits where those five came from.

That's if you restrict your search to just UK government blogs, blog.gov.uk. Extend the search to the whole gov.uk domain, and Google gets 6.72 million hits. The civil service is clearly fascinated by making a difference.

Take the brake off, search across all domains, and Google offers you 320 million articles to read.

Making a difference is a big subject.

Too big to tackle in its entirety.

Thursday 14 December 2017

What does the BBC mean by "control"?

A charming email arrived from the BBC the other day. They want to make it easier for DMossEsq to sign in to his account. And they want him to be able to sign in orally – no more fuddy-duddy typing.

So the subject of the email is "Talk your way into the Beeb"? No. It's "Important changes to the BBC Privacy and Cookies Policy".

Bit boring. But let's take a look:
Hello,

We’ve made some changes to the BBC’s Privacy and Cookies Policy. We’ve done this so that we can introduce new features, while protecting your data and putting you in control of what happens to it.

You can view the updated Privacy and Cookies Policy by going to bbc.co.uk and searching for our Privacy and Cookies Policy or by clicking on the link below.

View updated Privacy & Cookies policy

...
The BBC Privacy and Cookies Policy turns out to be 5,000 words long and to comprise 20 clauses.

Clause 4 lists 11 uses to which the BBC may put DMossEsq's personal information. Most of these are unimpeachable.

For example, the BBC may use DMossEsq's personal information for analysis and research to assist with marketing and strategic service development. DMossEsq has no objection to this use of his personal information. But it is odd to describe this as a case of him having "control of what happens to [his personal information]".

It would make sense for the BBC to say "thank you, DMossEsq, for providing us with the data to help us with our strategy". It makes no sense to say that DMossesq is "in control of that data".

On those rare occasions when the hermit DMossEsq leaves his mountaintop eyrie in Merton and goes abroad, the BBC warn him at clause 4 that he may be subjected to "online behavioural advertising". Which suggests that the BBC are forever monitoring his behaviour so that they are ready to offer him appropriate advertisements as soon as he is overseas. DMossEsq has no control over that monitoring. The BBC know that and it is silly of them to pretend that he has.

Clause 7 says that the BBC "may use information which we hold about you to show you relevant advertising on third party sites (e.g. Facebook, Google, Instagram, Snapchat and Twitter)". And clause 8 says "we may share [some data] with third party sites (e.g. Facebook, Google, Instagram, Snapchat and Twitter)".

DMossEsq can opt out of this sharing. Good. But hang on a minute. Facebook, Google, Instagram, Snapchat and Twitter don't display advertisements for free. They like to be paid. Presumably by the BBC. Are they being paid with money taken from DMossEsq's licence fee? Or with DMossEsq's personal information? Or both? And what else are Facebook, Google, Instagram, Snapchat and Twitter doing with his personal information?

Clause 13 assures DMossEsq that he can always find out what personal information of his is held by the BBC on the sole condition that he give them even more of it. Specifically his passport details, driving licence details, birth certificate, ..., and £10. It's hard to see any way round this. But again it seems peculiar to describe it as DMossEsq being in control.

Clause 15 tackles cookies. The BBC's own cookies. And third party cookies:
To support our journalism, we sometimes embed content from social media and other third party websites. These may include YouTube, Twitter, Facebook, SoundCloud, Vine, Instagram, Pinterest and Flickr. As a result, when you visit a page containing such content, you may be presented with cookies from these websites and these third party cookies may track your use of the BBC website. The BBC does not control the dissemination of these cookies and you should check the relevant third party's website for more information.
"The BBC does not control the dissemination of these cookies". Oh good. DMossEsq isn't in control and neither is the BBC.

DMossEsq could delete these cookies. If he remembered to. And had the time. But then the service wouldn't work, more than likely. Or it might work today but not in a year's time.

DMossEsq's "control" could rely on not having a BBC account at all. But then what does he do when the BBC say, as they inevitably will, that, in order to protect the children or stop tax evasion, DMossEsq can only avail himself of BBC services if he has an account?

Perhaps there's no alternative. But that's not the point. The point here is that DMossEsq is obviously not in control of his own personal information whereas the BBC say that he is.

"Aha", says the bright girl in the second row, "you can use the do-not-track (DNT) option in your web browser, that'll put you in control". Nice idea but no silver star – the BBC tell us at clause 16 that "this website does not currently respond to DNT requests".

Mind you, that could change. As we learn at clause 18. In fact the whole privacy and cookies policy could change at any time, "so you may wish to check it each time you submit personal information to the BBC". Very amusing. DMossEsq wants to search iPlayer for an hour or two of Lucy Worsley but before doing that he'll just quickly plough through 5,000 words looking for any changes since the previous version. Who is controlling whom?

Does anybody remember where we started? It seems hours ago but the BBC wanted to tell DMossEsq how to log in more conveniently.

----------

Updated later that same day, 11:37

As per the above, someone in the BBC sent all us accountholders an email saying "we’ve made some changes to the BBC’s Privacy and Cookies Policy. We’ve done this so that we can introduce new features, while protecting your data and putting you in control of what happens to it" whereas an examination of the BBC Privacy and Cookies Policy quickly establishes that we accountholders have no control over the personal information we give the BBC.

If that email had been written by BBC News DTrumpEsq would have been all over it. Control? Fake news.

"Control" is just the wrong word.

The BBC are not normally imprecise. What causes them to be imprecise in this case? Let's allow ourselves two guesses.

Firstly, the BBC want to sound nice. They're paying us the compliment of pretending to be controlled by us. Give it another day or two and, who knows, the BBC may go further and tell us that we have been "empowered" by handing over our personal information to them.

Second, almost everyone else pretends that their identity management scheme allows the user to be in control of their own personal information, so why shouldn't the BBC join in, follow the herd, take cover in the crowd and do the same?

Take Mydex, for example. It's been years since DMossEsq has bothered to look at Mydex. They never could answer the question how handing over your personal information to other people gave you control of it and they still can't but they still make that promise: "Complete control You decide what you store, see and share". Perhaps the BBC are copying Mydex.

Or take the Government Digital Service's GOV.UK Verify (RIP), for example. "Users are ... in control of when their information is passed to a government service" – no we're not. Nor are we in control of our own personal information when GOV.UK Verify (RIP)'s "identity providers" send our personal information all over the world to their subsidiaries and sub-contractors and agents. Perhaps the BBC are copying GDS.

GDS pretend that GOV.UK Verify (RIP) abides by the nine sets of privacy principles devised by the UK's Privacy and Consumer Advisory Group. In fact it flouts the lot of 'em. Including no.1, user control, "I can exercise control over identity assurance activities affecting me and these can only take place if I consent or approve them".

No-one can make good on that promise. Not Mydex. Not GDS. And not the BBC. So it's silly to make the promise in the first place. Control is not on the menu. Stop pretending that it is.

It's just as silly as GDS's other pretence that GOV.UK Verify (RIP) is, without qualification, "secure". It can't be and everyone knows that it can't. The pretence undermines confidence and trust ...

... like GDS's other other pretence, that "frictionless" means good. It doesn't. It means voluntary enslavement.

And then there's the other other other pretence that apps are good for you. They aren't. Not necessarily. A lot of the time, an app is just a virus by another name.

Our guesses as to the aetiology of the control promise may be wrong but the promise is anyway misleading and demeans the BBC. It's nearly Christmas. Can we look forward to a BBC retraction?

If the BBC want another example to follow, they could do worse than Barclays Bank, whose terms and conditions say:
If you, or someone with authority over your account, asks us to share your information with third parties, we're happy to do so, but it's important you know that we, as your bank, will have no control over how that information is used. You will need to agree the scope of use directly with the third party.
And the Barclays privacy policy, which says:
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
GDS and the BBC don't have much experience of managing personal information. Or of talking to their parishioners like grown-ups. They could learn a thing or two from Barclays, who do.


What does the BBC mean by "control"?

A charming email arrived from the BBC the other day. They want to make it easier for DMossEsq to sign in to his account. And they want him to be able to sign in orally – no more fuddy-duddy typing.

So the subject of the email is "Talk your way into the Beeb"? No. It's "Important changes to the BBC Privacy and Cookies Policy".

Bit boring. But let's take a look:
Hello,

We’ve made some changes to the BBC’s Privacy and Cookies Policy. We’ve done this so that we can introduce new features, while protecting your data and putting you in control of what happens to it.

You can view the updated Privacy and Cookies Policy by going to bbc.co.uk and searching for our Privacy and Cookies Policy or by clicking on the link below.

View updated Privacy & Cookies policy

...
The BBC Privacy and Cookies Policy turns out to be 5,000 words long and to comprise 20 clauses.

Wednesday 13 December 2017

Open banking, PSD2, GOV.UK Verify (RIP) and the end of civilisation as we know it

Open banking starts in the UK in four weeks time on Saturday 13 January 2018. The competition is keen. Who will be the first little old lady to be cheated out of her life savings? And can she lose the lot by close of play on Monday 15 January 2018 or will we have to wait until Tuesday?

What, we hear you ask in your millions, is DMossEsq talking about?

By way of an answer, consider this email kindly sent by Barclays Bank at 21:34 on 25 September 2017. You will have received similar communications from Barclays and other banks and ignored them:
...

Why are we making changes?
From time to time, we need to update our agreement to reflect changes in banking legislation, new technological developments, and changes to the way we use information. One example is the introduction of a number of new laws which are known as 'Open Banking'. This will enable you to share your data and make payments through third parties ...

Open Banking – new services are coming soon
Open Banking will enable you to share your bank account data with other companies if you give permission. This means you will be able to see multiple bank accounts and transactions in one place (for example on your Barclays Mobile Banking) even if they're from different banks. You will also be able to allow other companies to give payment instructions from your account. If you don't want to use these new services, you won't notice any differences in the way you bank, as you will always have to provide permission for the new services.

The safest way is to create a secure connection ...

An alternative option, is to share your bank account login details directly ...
Open Banking is a UK initiative promoted by the Competition and Markets Authority (CMA). People are paying too much for payments, the retail banks constitute a cartel, the market must be opened to competition from different organisations, innovation will drive prices down and quality up. That's the theory ...

... but.

Is it really a good idea for our little old lady to "share [her] bank account data with other companies"? Or to "share [her] bank account login details"? If she can "see multiple bank accounts and transactions in one place", who else can? What are they luring the old girl into? What have the CMA got against her?

Leaving those questions for another day, consider now the scale of what's happening. "I can’t stress enough just how big a deal the UK’s transition to Open Banking is", says the estimable Dave Birch. "Open Banking is 'a new way of dealing with the twenty-first century's most sought-after resource, personal data' ... Identity is the new money. Banks are about to be transformed from places that store Sterling into places that store Digital Identities ... [Banks could] let this slip through their fingers and hand digital identity to Apple, Facebook, Google, Amazon and Microsoft ... the internet giants who already have the customer relationships".

RIP IDA – if you've got nothing to say, say it
TUESDAY, 11 FEBRUARY 2014

When GDS's David Rennie spoke at the US Identity Ecosystem Steering Group conference in January, he said that the reason there are none of the big retail banks signed up to IDA [the old name for GOV.UK Verify (RIP)], the identity assurance programme, is that they've been too busy sorting out the aftermath of 2008's credit crunch (32'10"-32:35").

That's silly. Identity assurance is what retail banks do all day every day – they can't be "too busy" to do it.
It's not just Mr Birch and DMossEsq who think open banking is a major event. As noted the other day, so does Don Thibeau of the Open Identity Exchange.

Unlike us, Mr Thibeau believes that open banking is a great opportunity for the Government Digital Service's dead cat, GOV.UK Verify (RIP). Apple, Facebook, Google, Amazon, Microsoft and the other internet giant GOV.UK Verify (RIP)? No. Is Mr Thibeau revealed as one of the greater deadpan comedians?

And it's not just open banking. According to Payments UK: "The requirement from the CMA coincides with the EU legislation, the revised Payment Services Directive (PSD2), which requires all payment account providers across the EU to provide third party access". The EU, too, want our little old lady to use PISPs (payment initiation service providers, since you ask) and AISPs (account information service providers).

Payments UK ("We represent the payments industry in the UK") say that open banking and, by extension, PSD2 "will give customers more control over their data and will support an emerging market of new, exciting third party products and services, such as tailored price comparison websites ... It will keep customers safe and secure, enhancing the opportunities for enhancing customer propositions".

Finextra, the fintech house mag, write in even purpler prose: "After PSD2 ... open banking apps and services from third parties will flood the European market and offer users never-before-seen levels of choice and variety in payment, loyalty, behaviour-based and user-friendly data-oriented services".

The PSD2/open banking prospectus sounds like midata re-heated. PSD2 gives credence to the flaky mass consumer biometrics industry. If Don Thibeau isn't joking perhaps the UK's banks really will try to rely on GOV.UK Verify (RIP). That's all three lemons in a row. Jackpot. The pied pipers will be calling the tune.


----------

Updated 5.1.18

Just one week to go now before the start of Open Banking, please see above.

Who's in charge?

The Competition and Markets Authority (CMA). Who have set up an implementation entity called "Open Banking". Which has a trustee in charge, an Ernst & Young partner called Imran Gulamhuseinwala. OBE. Who gave a talk at the Open Identity Exchange's 17 November 2017 conference on the Economics of Identity:



It's only a short talk, 16½ minutes, and yet Mr Gulamhuseinwala manages three times – at 3'45", 5'30" and 12'45" – to tell us that Open Banking will allow people to take control of their own personal information. This we shall achieve by giving our personal information to strangers. The BBC understand how this amounts to taking control. The rest of us don't. To us, it looks like losing control.

Open banking relies on identity assurance. Identity assurance and Open Banking are converging, Mr Gulamhuseinwala says. How does this relationship between Open Banking and identity assurance work? It looks like something to do with the economics of identity but twice – at 2'55" and then again at 14'55" – Mr Gulamhuseinwala, the man in charge, tells us at length that he doesn't know, he's not sure, he hasn't got all the answers and that's not his job.

He does know that Open Banking will allow us to review our bank accounts and switch to better ones. Ditto energy accounts, mobile phone deals and insurance policies. He just doesn't know how. He also knows somehow that unnamed Open Banking apps (viruses) will securely review all our personal information and improve our well-being.

This is the hoary old midata prospectus, beloved of the LibDems who ran the Department for Business Innovation and Skills during the UK's 2010-15 coalition government. They promised that nanny-state-on-a-chip apps (viruses) would nag us to stop wasting money on take-away meals or some such. Vince Cable, Ed Davey, Norman Lamb and Jo Swinson could never convince anyone of midata's virtues.

Obviously it's not his job but good luck to Mr Gulamhuseinwala when it comes to explaining how the putative little old lady above's being cheated out of her life savings is all for her own good.


Updated 7.1.18

10 p.m. today, the Daily Telegraph newspaper warns its readers 'Open banking' revolution could lead to scams and pricing rip-offs, experts warn. Better late than never.


Updated 11.1.18 #1

Less than 48 hours to go. Soon Open Banking will be up and running in the UK. Without GOV.UK Verify (RIP).

As we were saying, please see above, "unlike us, Mr Thibeau [of the Open Identity Exchange] believes that open banking is a great opportunity for the Government Digital Service's dead cat, GOV.UK Verify (RIP)". Open Banking relies on on-line identities. GOV.UK Verify (RIP) can't provide them ...

... not in bulk, not for companies which might want to use Open Banking, not securely and not while preserving privacy.

Open Banking should have been GOV.UK Verify (RIP)'s great opportunity. As it is, all Open Banking does is to point up the failure of GOV.UK Verify (RIP).

Bryan Glick, the estimable editor of Computer Weekly magazine, writing last week in Five things in tech to watch out for in 2018, says: "Getting digital identity right is the key to unlocking so many online opportunities, from public service delivery to open banking. The government has tried to crack this with Gov.uk Verify [RIP], but has gone down a dead-end ...".

GOV.UK Verify (RIP)?

Dead.

End.


Updated 11.1.18 #2

After all the excitement on Saturday morning when Open Banking starts in the UK, the public jubilation here and the jealousy in the rest of the world, you may find yourself at dinner and in need of saying something knowledgeable about it.

Eighteen months ago the Open Data Institute published The open future of banking. There's your cribsheet.

"... an Open Banking Standard will help banks and innovators to collaborate and rise to the challenge of providing a first-class service that still keeps the regulators happy" – cue discussion of the need to keep regulators happy.

If the conversation flags, try "this is not just about open data, but other aspects of open such as open source, open culture and open innovation".

And if that doesn't do it, go for the jugular: "it’s not just the customer that will benefit: banks will also benefit from efficiencies in time and money. They will also encourage greater interactions from orthogonal areas (e.g. insurance, pensions, accountants)".

As dessert approaches, garnish with Google or Facebook or Apple or Microsoft ... or Amazon, Will Amazon Lending Disrupt, Displace, or Prop Up Banks?.

This is your chance to mention that the banks use artificial intelligence, AI, to process each accountholder's transaction data to calculate customised terms and conditions for loans and other financial products. If the banks no longer have access to that data because one of Mr Gulamhuseinwala's payment initiation service providers or account information service providers has got it instead, then the banks could fail, a warning issued by Dave Birch, who knows a thing or two, Forget banks, in 2018 you'll pay through Amazon and Facebook:
... AI in 2018 will be a kind of event horizon for financial services. No one can see what is on the other side. But when Google feeds all the data from someone's bank accounts into their advertising engines it's fairly certain that bank profits - based on information asymmetries, product friction and brand loyalties - will vanish.

... 2018 will be the start of a fundamental realignment as banks become heavily regulated pipes for tech giants to use for their profit.
You may never be invited to dinner again.


Updated 12.1.8

UK retail banks are exceptionally big and powerful. They may face some competition as a result of Open Banking. That competition is unlikely to bring them down.

You may not like the retail banks but that doesn't mean that you do like their Open Banking competitors. In fact you may find those competitors even more unpleasant.

The UK retail banks' Open Banking competitors may offer reduced costs for a while but that wouldn't last for long. Insert Facebook/WhatsApp, say, into your banking arrangements with Lloyds Bank and you may soon find that the financial benefit has evaporated and you're left worse off because Lloyds now charge more for their other services and because a lot of your personal information is now stored out of your control God knows where on the planet with an unregulated supplier operating beyond the jurisdiction of any UK ombudsman.

But suppose for the sake of argument that these titans, the UK retail banks, are hollowed out by Open Banking.

What then?

Among other implications, consider what might happen to the credit rating agencies.

At the moment the credit rating agencies enjoy several extraordinary and generally unremarked entitlements. They are allowed to collect all sorts of information about us and then sell it to interested parties, including political parties, please see Time for someone to take the personal information economy seriously.

Experian, Callcredit, Equifax et al collect a lot of their data from the retail banks. If Open Banking deprives the retail banks of that data, the credit rating agencies will be left high and dry. A political party wanting to identify floating voters with their good news message during a general election would have to approach Microsoft/LinkedIn instead of Experian. Ditto an entrepreneur looking to launch a new product who needs to know first how much demand there is and where it is.

The risks to the UK's retail banks posed by Open Banking are threats just as much to our credit rating agencies. That is a major issue. You may not like the credit rating agencies any more than you like the retail banks. That doesn't alter the fact that it would represent a major change, not necessarily for the better.

Less portentous, just think what would happen to poor old GOV.UK Verify (RIP). What is a person? According to GOV.UK Verify (RIP) a person is just a credit history. All the "identity providers" to GOV.UK Verify (RIP) need the credit rating agencies to do their identity proofing and verification (IPV). Except Experian. Which is a credit rating agency. No IPV, no GOV.UK Verify (RIP).

Open Banking could cause GOV.UK Verify (RIP)'s completion rates to plumb even more miserable depths.


Updated 1.10.18

It was 13 December last year, 2017, when DMossEsq brought the attention of its millions of readers to Open Banking, please see above. The revolution was coming one month later – 13 January 2018 was going to see the UK's payments infrastructure liberated, heralding a new dawn of hope for humanity with the UK in the lead.

13 January 2018 was 261 days ago and nothing's happened. No Open Banking. Why not? No answer. Lots of hype. Nothing to show for it. The squib is damp.

We noted the nexus between Open Banking and midata, the turkey farmed at the Department for Business Enterprise Energy and Industrial Strategy (BEIS). The DMossEsq millions were first advised of midata back on 16 November 2011. 2,511 days ago. Benefit of midata to the consumer so far? Nil.

Does this nexus exist? 28 September 2018, and what do we read in a government press release?  "The government’s recent green paper ‘Modernising Consumer Markets’ announced that the government will conduct a Smart Data Review ... [which] will build upon existing interventions such as Open Banking, midata, and the UK’s new data protection laws".

2,511 days into the midata project and already the busy bees have launched a review to see if anyone's interested. Smart.

What busy bees? On 29 March 2018, 186 days ago, the Prime Minister told us that "the data policy and governance functions of the Government Digital Service (GDS) will transfer from the Cabinet Office to the Department for Digital, Culture, Media and Sport (DCMS)".

So it's the busy bees at DCMS?

Yes, but not just DCMS. BEIS, too. The press release is issued jointly by BEIS and DCMS, with BEIS in the lead, we assume, given that "we encourage all organisations that would like to be involved in the Smart Data Review to register their interest at smartdatareview@beis.gov.uk".

midata needs national identity assurance. And midata is Open Banking. No national identity assurance, no Open Banking.

It was 13 September 2011 when Computer Weekly magazine published the government's promise to get national identity assurance working. Today, 2,575 days later, we still don't have GDS's national identity assurance. GDS's national identity assurance programme is GOV.UK Verify and GOV.UK Verify is dead, remember. RIP.

In Whitehall, this is what BEIS/DCMS/GDS call "modernising consumer markets". You may be able to think of another name for it.

Open banking, PSD2, GOV.UK Verify (RIP) and the end of civilisation as we know it

Open banking starts in the UK in four weeks time on Saturday 13 January 2018. The competition is keen. Who will be the first little old lady to be cheated out of her life savings? And can she lose the lot by close of play on Monday 15 January 2018 or will we have to wait until Tuesday?

What, we hear you ask in your millions, is DMossEsq talking about?