When IT contracts become a "once in a generation" thing--why do councils continue to sign long outsourcing deals with single suppliers?

| No Comments
| More

While central government is increasingly moving away from outsourcing deals with single suppliers with a clear view of creating agile services that respond to the changing needs of both government and the public, the picture is very different in some local authorities

Earlier this week, I reported on the news that Scottish Borders Council has signed a £92m contract with CGI. While the deal will bring 200 new jobs in the area-- great news for locals-- it's also a 13 year contract with a single supplier.

But what struck me the most, was council leader David Parker's comment that it was a landmark deal that would "offer a once in a generation transformational opportunity".

Should IT contracts really be a "once in a generation" event?

3 years is a very long time in a digital world that's changing quicker than most can keep up with. What is the likelihood of the council's requirements being the same in 13 years' time?

Central government has acknowledged that many existing outsourcing deals have proved bad for taxpayers but while government departments such as HM Revenue & Customs, the Ministry of Defence and the Department for Work and Pensions have, or are in the middle of, moving away from large outsourcing deals, outsourcing is far from dead. 

In fact, a survey by Nelson Hall for Arvato, published in February 2016, showed that there was £5.67bn worth of deals across the UK public and private sector in 2015 with a 26% increase in public sector spending compared to 2014, reaching £3.8bn.

Scottish Borders isn't the only one preferring to go down the outsourcing route. In August 2015, City of Edinburgh Council signed a seven year, £186m outsourcing deal with CGI. In September, Burnley council signed a 10 year contract with Liberata in a bid to save money, and in October, Gloucester City Council extended its outsourcing deal with Civica until 2021.

Despite government targets for councils to increase spend with SMEs, the number of local authorities signing deals with smaller companies remains relatively low. If fact, in the North of England, a survey found that more than half of councils spent nothing with SME IT suppliers and 85% had no plans of increasing spend with SMEs.

Of course there are those that do it differently. Cornwall Council finally got the green light to bring its IT back in-house after its botched outsourcing deal with BT, and Adur and Worthing Councils have decided to buy its own, low-code government-as-a-platform. Local authorities get a hard time and are often left on their own to figure things out. 

Support from the centre is limited and with chancellor George Osborne announcing in yesterday's budget that by the end of this parliament, 100% of local government resources will come from local government, it becomes increasingly important to get technology right.

They are stretched to the limit, and although most realise they must embrace digital transformation, tight cost-cutting targets mean some find outsourcing the best way to do that. But what happens in two years, when the long-lasting contract doesn't seem to fit in with what you need? In five years? In ten years?

While not all outsourcing deals are bad, and many outsourcing suppliers are both innovative and agile, one day, I would really like to never again hear the phrase "once in a generation" and IT contracts in the same sentence.

GDS: the devil is in the detail

| No Comments
| More

While the Government Digital Service's (GDS) annual Sprint conference showed that there is still great enthusiasm and drive for getting digital "right" across Whitehall, this year's event lacked a crucial element.

Without relying too heavily on clichés:the devil is in the detail, and the detail was what I found most lacking.

Sprint 16 did have some new announcements, such as Matt Hancock telling Computer Weekly about the launch of a Digital Leadership Academy, and announcing the work on creating open data sources, or "canonical registers", ensuring data is stored once, and kept up to date centrally.

And GDS boss Stephen Foreshew-Cain re-iterated the point that GDS, and digital transformation across government , is moving towards a model of increased shared responsibility by telling the audience "we won't build them all," and rather provide the support to make sure the right tools get built.

This point, however, was already signalled heavily last autumn by the now newly-appointed deputy chief technology officer, Andy Beale, saying that GDS would be in "a different mode" and that the future of GDS lies in a "more collegiate and inclusive way of working".

Previous Sprint events have usually given a very clear picture of exactly what and how GDS plans to do over the next year. And a strategy, or detailed plans on its delivery of a digital government, was certainly what was expected.

In October last year, parliamentary secretary George Bridges told the House of Lords that GDS would announce its strategy going forward by Christmas 2015.

"Plans will be announced before Christmas that will set out our strategy," he said.

Christmas came and went without any further clarification and Computer Weekly got clear signals from several Whitehall sources that a strategy was most likely to be announced at Sprint 16.  

The centre's detailed plans are not the only ones missing. Last month, civil service chief exec John Manzoni told the Public Accounts Committee that single departmental plans, likely to provide more detail on each department's digital strategy, were due to be published on 22 January. Fast forward a month and no plans have been made public.

The delay setting out clear plans begs the question of why. The most likely answer, although this is merely speculative, is that GDS is still working out how to spend its £450m budget, generously handed to them by George Osborne as part of the autumn spending review.

As revealed by Computer Weekly last year, GDS plans £3.5bn in efficiency savings on the back of its budget. As far as my understanding goes, the three core components that budget will be spent on are Government as a platform (GaaP), Common Technology Services (CTS) and the identity verification scheme Verify.

As previously reported, GDS aims for £1.3bn in savings from the GaaP programme, and £1.1bn in savings each from CTS and Verify. Should GDS accomplish these savings, it will certainly be a significant feat.

Getting this right is hugely important, not just because there are plenty of taxpayer's money involved, but because GDS can't afford to fail. If we are to have the digital revolution that's so often talked about, Whitehall needs to lead the way. 

In order to get people on board and to drive the culture change, both the public and departments need to know exactly what, when and how GDS plans to do this.

I for one, am waiting in suspense to seeing more a detailed strategy from  the centre.                                                                  

While local government falls outside GDS's remit, don't forget that councils need support too

| No Comments
| More
The New Year has started off highlighting an old problem: Lack of central support for local government's digital transformation.  

Mostly filled with delegates from local councils, the room at the first government IT event of the year, the Government ICT conference, was buzzing. the event saw several central government department heads speaking of re-design of services, Government-as-a-Platform (GaaP) and other technology initiatives. 

One can hardly deny that the Government Digital Service (GDS) and departments such as the Home Office and HM Revenue & Customs (HMRC) have come a long way in forward-thinking digital strategies with a clear focus on building systems and services that meet user needs. And (for the most part) they're doing a good job. 

HMRC is working hard to respond to last year's criticism of its poor customer service performance. IT director for development, test and operations Peter Schofield, told the conference by April this year, every individual tax payer will have access to their own digital tax account. 
Whether GDS is solely responsible for government departments' move away from long, overpriced outsourcing deals, is hard to say, but at least they have a central body to support them. The same can't be said for local government, arguably the part of public sector with the most to gain by making services digital, which has zero support from GDS. 

In early 2015, former Cabinet Office minister Francis Maude promised local government a fair share of GDS support. In the 2015 Budget a few months later, the promise was made yet again, with the Budget Book saying that local government would be under GDS's remit.  

Since then, the government has made no further attempt to follow up on this, and today, GDS boss Stephen Foreshew-Cain confirmed what we had all concluded: that local government is still not part of GDS's responsibility. 

While central government was given a £1.8bn boost for digital transformation, GDS was handed a significant budget of £450m for which it has to show £3.5bn in savings. During the conference, someone in the audience suggested that with a proper investment in local government, the savings ratio could be "significantly better" than GDS's expected £3.5bn, which I am rather inclined to believe.  

As it is, local government is stretched to the limit, and although most councils realise they must, and are, working to embrace digital transformation, there is little doubt that with a bit more help they could be doing a lot more. If today's conference was anything to go by, there is certainly will and desire among local government leaders to bring council services into the 21st century. 

So what's the solution? Extending initiatives such as GaaP and Common Technology Services to cover local councils? Create a dedicated digital team for local government? It's obvious that GDS in its current form is by no means big enough to cover all councils, but without proper support, skills and investment, it'll be no easy feat for local authorities to keep up.

Councils want medical records to feed government ID scheme

| No Comments
| More
Blue Badge.jpgGovernment identity experts want to tap NHS medical records to tell if people are entitled to get benefits and use public services.

Warwickshire County Council has been in talks with NHS England and other public bodies that hold data it needs for a local government trial of the government's next generation ID scheme, with backing from the Cabinet Office, which has overseen development of the scheme and branded it "Verify".

The NHS plan is part of an effort to get the ID scheme adopted nationally, so all private companies use it to check people's credentials, as well as public bodies. But the government needs to persuade private companies and public bodies not only to use it, but to participate in it as well, by helping create an "ecosystem" of databases that all share data about who's who and who's entitled to what.

Ian Litton - Warwickshire County Council.pngIan Litton, programme manager at Warwickshire, which has led development of data sharing for Verify, demonstrated a prototype of the system at an identity software sales conference in London's Russell Square Hotel on Wednesday 11 November. But it would only work partially unless it could make checks against NHS patient records, he told the audience.

The prototype, which made almost instant database checks on people applying to get 'Blue Badge' concessions for disabled car parking, showed how councils could use Verify to cut costs.

Blue badge

Some in the audience of technocrats and industry suits gave an audible gasp of amazement when Litton demonstrated his Blue Badge system making instantaneous checks against Department for Work and Pensions databases, and tapping the Driving and Vehicle Standards Agency database for an applicant's photograph.

He told them how the ID scheme would help councils do the "transformation" the government had proscribed to accommodate its budget cuts: transforming from Town Halls employing people who process forms like Blue Badge applications and check over proofs of address, driving licenses and other casual tokens of people's identity, to a public-private ecosystem of chattering databases.

But the prototype could only verify the disabled status of about 40 per cent of people because its assessment relied solely on DWP records of those already registered disabled, Litton told the conference. The other 60 per cent of Blue Badge applications might be processed automatically if they could get confirmation of someone's disabled status from NHS records.

Warwickshire was leading the Cabinet Office effort to get the NHS and other government departments to sign up to the scheme under the umbrella of the Open Identity Exchange, a US body that has overseen development of the ID system in the UK and other countries so that, ultimately, people would be correctly identified with the same credentials shared wherever they travelled among participating countries. Those credentials - snippets of personal data called attributes, which said someone had blue eyes or was a member of the cricket club and had a history of exam cheating and expulsions in a regression of schools - would make the ID system tick.

Whitehall Media - CROPPED.png"There are ongoing discussions with NHS England at the moment around what we can do with NHS data," Litton told the conference, "because we reckon that of the 60 per cent of people who don't meet the eligibility criteria from DWP, there will be a significant number who could be eligible based on their medical history."

"We are having active discussions with [Cabinet Office] Government Digital Service, with the Department for Transport, who owns the Blue Badge process, DWP, who owns the attributes required for Blue Badge eligibility, and we are also talking to the Department of Health and the Department for Communities and Local Government."


The NHS had already agreed to join the data sharing scheme before January 2011, when the Cabinet Office published its first blueprint, and was to become one of the first public bodies to start using it, in 2012. But the system wasn't ready. (Cabinet Office had originally intended to use it for electoral registration in this year's general election. That was one IT bodge the coalition government managed to slip past the electorate).

Warwickshire was nonetheless leading talks to get a variety of government departments to connect their databases to the ID ecosystem, according to Litton.

"That would feed into a whole number of other local government services around housing, council tax benefits and those sorts of things," he said.

Part of Litton's job, he told Computer Weekly after his demonstration, was to promote the identity data system to other local authorities. His sales pitch, to his peers at the conference, was a journey through the reasoning that led an ID ecosystem to be conceived.

20151026 - Prime minister David Cameron - opening Chiltern railways and Network Rail line at Oxford Parkway station.pngBut speaking as news spread that prime minister David Cameron had berated the Conservative leader of his native Oxfordshire County Council for neglecting its own transformation, Litton's pitch relied on a pretence.

That was that Warwickshire had been been working through the problems of how to do transformation and had come to the conclusion, in collaboration with the Cabinet Office and other departments, that they might crack it by some carefully-managed data sharing and some form of online identity verification like the one built into Verify.

Warwickshire was however merely implementing an ID system designed long ago and elsewhere. The mechanism wasn't even original in 2011 when the Cabinet Office published its blueprint. It was first described in detail formally by a working group chaired by then US president George Bush, in the 2008 report of an Identity Management Task Force for the US National Science and Technology Council (NSTC), then already after many years of concerted effort by US government and industry; and picked up again in April 2011, in president Barack Obama's  National Strategy for Trusted Identities in Cyberspace (NSTIC).

Warwickshire and the Cabinet Office built their system of attribute exchange using software developed by ForgeRock, a US/Nordic software company that also powered the US federal next-gen ID system on its launch this year and is being deployed elsewhere around the world. Verizon, the company that implemented the Warwickshire/Cabinet Office prototype, has been prominent among those building the identity ecosystem infrastructure for the US government.

Blue blood

US President George W Bush.jpegThat did not necessarily mean Warwickshire's story was complete hokum. US reports recounting ongoing work companies such as Verizon have done to develop the US identity ecosystem note that development is ongoing. Verizon played a leading role in developing the system of attribute exchange under direction from the US government. Litton claimed to be leading development of attribute exchange for the UK. It was not inconceivable that the Warwickshire pilot would inform Verizon's reports back to the US NSTIC about its latest insights into the problem of implementing Bush's ID programme.

Nor was the true origin of Warwickshire's ID system cause, necessarily, to reject it as the infrastructure of a colonial administration. The US premise was that a universal ID system was a necessary development for the internet, at a time when 50 per cent of people close a website when it asks them to enter yet another password.

And the next-gen assumption was that some countries are so alike in trade, culture politics, security and catastrophic, offensive military interventions that it would be sensible to knit their populaces together in an interoperable ecosystem of citizen identity and management as our real-world structures of social administration and security are rendered in software, lest they separate into "stovepipes" (to pick a phrase from Bush's 2008 strategy) of incompatibility that prevent people's medical records, financial history and security risk-rating travelling with them from country to country. As Europe's Schengen system shakes on its foundations, a different sort of free-movement regime is being created.

But Litton's story about the way Warwickshire came to its own conclusion about attribute exchange might be given salesman's license.

His pitch, repeating much of the one Bush made in 2008, went like this:

Councils need to do transformation to cut costs. That involves putting services online. Online services need good data. But other organisations have the data you need. You can't just get them to share their data with you. Because data sharing has long been a toxic political issue, and a staple of tabloid stories. So you must do data sharing carefully. That means primarily knowing who you are dealing with online. You need an identity assurance system to do that. And because you are nice, you will create a system that puts people in control. So you always ask people's permission before using the identity data system to check their credentials against DWP records or medical records and so on. And you make sure you always grab only enough data for immediate purposes, such as checking someone is entitled to a Blue Badge. But the system would have to be universal or you would end up having to develop bespoke software and legal agreements every time you wanted to get data from a different organisation. So you do attribute exchange. And you ask people for direct consent for pulling their attributes from the ecosystem when they come to you for some service. They want a Blue Badge, you say okay but I need to get your data to process your application: Yes/No?

Attribute Exchange Network - AXN - 20130618 - ICAM Day Attribute Exchange Panel.pngLitton pitched the ID ecosystem architecture set out by Bush in 2008 as well, which the software, telecoms, banking, security and military industries have been building ever since and since long before, and was instilled in government ID systems launched in the UK, US and elsewhere this year. He didn't quite put it that way.

Oxfordshire leader Ian Hudspeth and prime minister David Cameron at election 2015 vote count.pngEfficiency was the big sell for next-gen ID. Litton's Blue Badge transformation would save only a modest £12m a-year if all councils took it up. But Litton reckoned there were 50 local government services that could be similarly transformed. He reckoned they could save millions of pounds. That was the business case Cameron was making when he admonished Oxfordshire leader Ian Hudspeth, his election campaign buddy, in press leak that day: why accommodate Conservative cuts to council budgets by closing children's centres when you could transform your back office? For councils, the Verify ID scheme would drive the transformation.

Blue light

Just imagine the the possibilities, Litton urged his audience. Think about where this might lead: "Think about the right to work".

Employers have been forced to check people's identity papers since 2008 when the government made it illegal for them to employ foreigners without checking they had a permit. But it was always part of the ID plan to do these checks against Home Office databases, ever since the Labour government proposed identity cards in 2002, and again put the ID Cards Bill before parliament in 2005, when the Crosby review made the case in 2008 for a market of private companies to operate the ID scheme, and again when the coalition Cabinet Office published its plan for market-based ID in 2011. Officials had a desire to track foreigners no less urgent in 2002 when the UK helped launch the belligerent wars that continue to today.

In keeping with the US strategy, Litton reckoned the system would be monetized, and would have "huge benefits" for the private companies doing the work as well as the public companies reaping the cost savings. The case for next-gen ID was then not merely that it would help the government administer the subjects of its civil intelligence system more efficiently, but it would tighten national security and create wealth for private companies.

Bus lane sign.gifFor people though, this world of automated checks and balances might be a different matter. For anyone who has while driving strayed into a bus lane and subsequently found a road camera notice on their doormat, with its no-mercy demand from their local council for payment of a Waitrose-class fine with barely more than few days to pay, with no accommodation of misunderstandings of a confusing road system and poor signage and obscure, inconsistent rules; and no courtesy, concession, discretion, protest, and *or else* the state gets really heavy, will learn how humanity is being designed out of the system as it gets more efficient and more secure. It leads far from the days where you would drive the wrong way up a one-way street and someone would shout, 'It's a one-way street!', and you and your passengers would gasp in cheerful alarm as you do when you breach of some commonplace rule with which you have no disagreement and which ultimately justifies little concern and rarely any penalty. "Oh no!" you would cry. "Thank you!". And relieved, you would stop the car and turn it round. These days though, you would have to pay near enough a hundred pounds in fines, drawn up automatically by the security software behind some unblinking camera.

Bush's ID plan, and the UK's own later versions of it, had from its earliest iterations in 2002 always stressed it would protect people's privacy. That's what they say now in Warwickshire and Whitehall as well. So theoretically, you shouldn't worry about your medical records getting poked by the ID system.

Feelin' blue

But they never professed to want a system that preserved those parts of a human administration that made it tolerable to be governed. That is, its humanity: the compassion and mercy latent in human discretion. They would make government administration more efficient by removing discretion. As Bush's principles of civil security were implemented in places like Warwickshire, that would mean people who ticked boxes would be passed more efficiently, as though they were containers on a well managed trade route. But simplistic, software-driven logic, combined with petty officialdom and private sector profiteering would make it more likely that those anomalous cases who didn't fit what the system architects had determined to be patterns of normal behaviour, or behaviour deemed least obstructive to the efficient running of the system, would be taken as verminous: to be dispatched efficiently, and sharply, with severe penalties.

220px-Vehicle_activated_sign_(VAS)_speed_limit_enforcement.pngThey might have put as much effort into building a software administration that helped people avoid penalties in the first place: the difference between courteous traffic speed management on rural roads in Wales, where digital signs are effective in reminding drivers when they drive over 30 miles per hour in a 30 mile zone, and the penal road cameras somewhere like the Canterbury ring road in Kent, where cameras trap people unawares in obscure speed spots and punish them with penalty points on their driving licence and an uncomfortable fine.

So flashing indicators might warn drivers they had strayed onto a part of the road where they were not permitted. Parking indicators might sent a friendly text message reminding your car had over-run its parking permit where you had put it - 'better go and move that'! People who ignored the courtesy would get warnings; people who ignored the warnings would get poked; people who dodged the poke would get fined. That is how a civil authority would do it. But the system was designed for security and sold as efficiency. It was built by security contractors, implemented by petty bureaucrats, and managed by accountants. It assumed mistrust and leaves the wrongfully penalized to beg their case afterwards. It is the pernicious instinct of booted officialdom rendered in software. It strove for the same sort of efficiency by which the banks implemented a direct debit system of automated payments that fined people when they didn't have money to pay their bills that month: it fined people who interrupted the efficient running of the payment system, when there was no sound reason why the payments software could not check again later and no cost or loss to anyone. The penal nature of the direct debit system became so instinctive to others with petty powers that companies who don't receive a payment scheduled by direct debit will issue sharp fines as well. Everybody takes their cut. Everybody takes their spiteful little bite. Direct debit fines like parking and traffic fines were always a scam.

Whitehall Media - CROPPED 2.pngJust think of the possibilities, Litton told his audience.

Computer Weekly had been thinking about the possibilities and asked Litton after his talk if he would stop to answer some questions about them. He was rushing to see a talk ForgeRock was giving about how its system would respect people's privacy. Litton said he was happy to talk later.

But a few moments later, conference organiser Whitehall Media arrested your correspondent with an unusual request: would you ask our permission before you speak to anyone else? Refusing to be held to despotic terms, and wondering about the possibilities of digital government, your correspondent was shown the door.

High-risk courts reform to give 25m people records access

| No Comments
| More
Constantly on red alert since work began in 2012, the government's high-risk reform of the courts has come up against mistrust.

With 43 police forces, 67 prosecuting authorities, 300 criminal aid firms, as well as courts, government departments, lawyers, judges, defendants, witness and victims being given access to criminal justice records, the most challenging part of programme was learning to trust others, lead Ministry of Justice architect Adam Gwinnett told a conference in London on 8 October.

"We are talking about a constrained user base of less than 100,000 and a potential user base of more than 25m for the new services we are deploying," Gwninnet told the Identity Summit in London.

Asked what kept him up at night, Gwinnett said: "Establishing the appropriate identity trust framework, where we can [work with] legal firms, learn to trust other government agencies we might previously have kept at arms length, is one interesting challenge.

But the MOJ was also worried about simply getting good enough security to control who got access to sensitive legal records, he suggested.

The MOJ, which embarked on building its Common Platform system in November 2012 to create a single store of legal records to be used across the entire criminal justice system, had intended to use the government's "Verify" identity system to control who got access to what. But the Cabinet Office has admitted it has had trouble collecting enough data to make the system identify people well enough to give them access to sensitive or even just personal records. With Verify set to identify people by collating commercial sources of data that described "attributes" of their lives, the Cabinet Office has claimed it expected to have even more trouble identifying those people at the fringes of society who don't have much of a credit history or much digital social capital and might be over-represented among those who become victim to the criminal justice system.     

It was hard, said Gwinnett, "to a certain extent, just identifying authoritative attributes."

Emergency measures

The Cabinet Office had been involved in an emergency redesign of the MOJ's Common Platform since 2013, just as it had done more infamously for Universal Credit, the Department for Work and Pension's computer-driven reform of the social security system.

But the MOJ's IT crisis persisted, despite adopting a raft a Cabinet Office reforms meant to fix its problems, and again like Universal Credit, its IT system design has consequently looked as uncertain as it was when work began in 2012.

The Cabinet Office Major Projects Authority put the MOJ Common Platform programme on Amber/Red alert after a September 2013.

The MOJ claimed its poor rating was due to the programme being at an early stage. It's business case was still "under development", as were "controls", which referred to cost-saving measures Cabinet Office was imposing on departments' IT projects and their spending with suppliers.

"Therefore," said the MPA review. "Successful delivery of the programme is unclear."

The alert meant there were so many "major" issues  that it was doubtful even if they could be fixed, so "urgent" action was needed, according to the MPA's standard blurb on its traffic light ratings.

The MOJ said in May 2014 that it had done "a great deal... to expand and clarify the vision and blueprint and... business case". Cabinet Office GDS was however helping MOJ reassess the programme using "agile" design methods.


But the MPA gave put another amber/red warning on the MOJ Common Platform in September 2014. And in May 2015 it said its business case was had still not been formally signed-off.

The rating reflected the programme's "scale and complexity", and adoption of the Cabinet Office's agile reforms, said the MPA report.

MOJ developed its own identity system "with future compatibility" with the Cabinet Office scheme in 2014, according to a report in January.

MOJ decided to control access to some legal records by merely presuming some users in some locations, connected to some particular networks, or using some known devices could be trusted to a certain degree.

"We've got a lot of enthusiasm for context and location-sensitive controls, so [we are] looking at where they can infer security, infer credentials based on point of access, based on devices," said Gwinnett.

UK ID consultation depicts applause

| No Comments
| More
The British government has been trying to persuade companies to ditch their home-grown ID systems for one it helped design under an international collaboration driven from Silicon Valley and the White House.

Now nearly five years after the coalition government ditched the infamous National Identity Card, it is attempting to replace it with a US-designed, government-led, international alternative operated by a market of private companies.

The initiative got a boost last night when 10 governments joined a White House working group to ensure their implementations of Silicon Valley ID technologies would be compatible, and that governments and corporations would be able to check the same people reliably no matter what country they were in or what they were trying to do.

But it got set back a little yesterday too, when a UK consultation with telecoms corporations was cancelled at short notice and without explanation.

Mobile phones have been earmarked to take the role once reserved for identity cards under the ID regime: a physical token that people can use to prove who they are better than if they used a password alone.

Sue Dawes - UK programe manager, Open Identity Exchange - CROPPED.pngBut the UK meeting was cancelled suddenly, according to Sue Dawes, who was running the consultation for the Cabinet Office as UK Program Manager at the Open Identity Exchange, a body that has led international and inter-industry co-ordination of the White House effort. Dawes said she did not know why the meeting had been cancelled.

Higher powers

The GSM Association (GSMA), which had been due to host the consultation meeting, had already developed a global scheme for mobile identity control, and already proven it as a pilot under the White House initiative, which is called the National Institute of Standards and Technology (NSTIC). US telcos including Verizon, which is one of the companies behind the UK's "Verify" identity scheme, designed their Mobile Connect Initiative to be compatible with the US government programme, the White House agency said in April. Experian and Morpho, two other companies behind the UK programme, took part in the US pilots as well.

OIX itself launched a global identity hub in April, where different industries and governments could exchange the technical and business principles necessary for their ID systems to be compatible. The systems themselves have been constructed largely according to designs produced by Silcon Valley tech standards bodies such as OASIS and the Kantara Initiative, where many large computing, telecoms, military and banking firms, and numerous governments including the UK have collaborated since the start of the last decade. Their work was finally implemented in identity systems such as the UK's Verify and the US government's Connect.gov, both of which launched in limited capacity earlier this year. The OIX model envisaged these "federated" identity systems would form into a global ID "ecosystem", with uncountable numbers of governments and corporations all sharing data in order to better identify people. The once-dreaded national identity system built on single database would become international, based on a distributed set of inter-operating databases.

Another of these bodies, the OpenID Foundation (OIDF), yesterday launched an international "iGov Working Group" where governments would make sure their different ID schemes remained compatible. NSTIC, OIDF and OIX said 10 governments had joined the scheme. They were unable to say which governments had joined.

Li'l ol' England

The UK consultation has meanwhile tried to sell the principles of identity federation to those sectors most likely to have developed digital ID systems but less likely to be familiar with the nearly two decades of work that has gone into the US-led scheme for identity federation.

OIX and Cabinet Office billed it as a "discovery" exercise: "to understand the extent to which the capabilities government... developed for UK digital identity could usefully be applied to meet needs in the private sector".

But it would instead ask whether companies had considered the costs and inconveniences of their own ID systems were so great that they really ought to adopt the government's federated one.

They launched the effort in September with a report that laid out the consultation's modus operandi. It would run workshops where it would present companies with a set of problems that happened to be those the OIX model and the Cabinet Office Verify scheme were designed to solve. It would then ask participants which they preferred: the problems or the solution.

A preliminary consultation meeting in May reached a consensus agreement that the solution was preferable to the problem. Yet most organisations at the meeting appeared to be either directly involved or closely associated with either Verify, OIX or GSMA Mobile Connect.


OIX and Cabinet Office have not published precisely who attended their consultation meetings, or minuted what they said. But they put a promotional spin on the May meeting in OIX's September report.

"Senior representatives of some of the UK's biggest organisations from a wide cross-section of industries", had "identified that their organisations would like to explore a cross-sector approach to identity needs in the UK", it said.

The problem, as OIX and Cabinet Office set it out, was that different industries had developed a hotch-potch of approaches to checking people's identities, leaving gaps were fraudsters thrived, and making users mistrustful and frustrated because they had to juggle too many different log-ins while companies kept their personal data locked out of their reach. The solution was an ID system just like the one they had developed, federated to work across all industrial sectors.

The "wide cross-section of industries" that gave OIX and Cabinet Office their applause included "financial services, telecoms, retailers, online gambling, central government, local government, sharing economy, identity providers and subject matter experts", said the OIX report.

Those the report implied had thus applauded comprised of Verify and OIX programme members (Barclays, Digidentity, Experian, Timpson and Warwickshire County Council), others that have been associated or allied in various ways before (Lloyd's Bank, Payments UK, RBS, SOCITM, Telefonica O2, and TISA, an association of companies running savings schemes) and those running the workshop or one the programmes it was seeking to promote (OIX, KPMG, Cabinet Office, Innovate Identity, GSMA).

Alex Letts, Founder and CEO, Ffrees.jpgOnly two of those cited in the report had no overt, direct connection with the programme before: Malta-based gambling company Unibet and PASS, an association of Microsoft professionals. Microsoft is however prominent among those companies behind the federated ID initiative. At least one other organisation was present - an alternative bank called Ffrees Family Finance Ltd, whose CEO Alex Letts often grabs opportunities to promote his business and got a quote in this report as well.

OIX officials were not able to produce formal records of its meetings when Computer Weekly requested them, including a full list of those who took part and what they said. The Cabinet Office has insisted its work through OIX would be open and transparent.

Don Thibeau.jpegSpeaking to Computer Weekly on Friday, Don Thibeau, who has led international development of the scheme as director of both OIX and OIDF, said the consultation records would be written into another report. He refused to accept the consultation was a marketing exercise for technology and business models already well established.

"I see it as joint R&D," he said. "Technology is a moving target. There needs to be some capacity for governments and their suppliers to say this technology is not relevant, this one might be helpful," he said.

David Rennie and Chris Ferguson on UK Cabinet Office Identity Assurance team on visit to Washington - May 2012 - CROPPED 2.pngDavid Rennie, head of industry engagement for the Cabinet Office, said earlier this month it commissioned OIX to do the consultation because the ID federation was failing to get enough support.

"We need to engage with the private sector. So to that end we are doing a consultation through the Open Identity Exchange. We've got an open and transparent process for collaborating between the public and the private sector," Rennie told a conference, echoing earlier statements his office had made about OIX.

Government cries for help over floundering ID scheme

| More
The government is failing to get enough help from the private sector to make its next generation identity scheme work at full speed.

It has tried to gathering details of about people's use of social media to make up a deficit of data its needs to operate its next generation identity scheme. And it has been talking with mobile phone companies about taking part in its ID scheme as well.

David Rennie, head of industry engagement for Verify, the private sector ID scheme the Cabinet Office is building to replace last decade's dreaded, "big brother" public sector ID Card, said it had launched a public consultation to find out where it was going wrong.

"The biggest challenge - and the one that surprised us - is we have difficulty verifying identities to a high standard - all the way across the spectrum," Rennie told a conference last week.

"That's because we haven't got a data ecosystem where we can actually get to trustworthy sources of data," he said.

Verify was designed to rely on the private sector to prove who people where. Its operation would depend on companies putting little bits of evidence of people's daily activities - such as bills paid, transactions completed - into a sort of personal data market. Verify would throw a net into this sea of data and pull out a life history so detailed it would be tough for a forger to make it up. But private companies have not been prepared to give the data up.

"That's our biggest challenge," Rennie told private sector IT specialists at the Identity Summit conference in London.

"How do you explain that they need to make that data available to their users, to verify an identity that will allow them to use that identity to go to a competitor?

"We have found it's actually difficult getting trustworthy data that meets the high government standard.

"So we've done projects looking at social network data, for example. Could that be used as part of the evidence?" he said.

Cabinet Office had meanwhile been relying on the Home Office passport database to verify basic credentials such as people's date of birth and passport number. But Government Digital Service, part of the Cabinet Office developing Verify, said last month it would on its launch in 2016 only be able to meet a standard of proof called Level 2: less than necessary to guarantee someone's identity beyond reasonable doubt. It was expected to be useful only for low security transactions. It has been providing ID services at that level to 300,000 people already under a pre-launch beta-phase prototype system.

Rennie said GDS had been working with mobile phone operators and banks to get its data ecosystem set up. It reckoned that mobile data, banking data and social media data would between them cover the three areas where it expected to find what it needed to prove someone's identity.

"We talk to the banks a lot. And there are some very rich data sources there. So we are working with the mobile network operators to understand how mobile plays into identity. It's a very interesting proposition when you start juxtaposing government data, banking data and mobile data, with the user's consent and control. So there's some very interesting possibilities," he said.

But the Cabinet Office still wasn't making enough progress: "So we need to engage with the private sector around where their pain points are, and where the government should be working with the private sector to address their pain points. So to that end we are doing a consultation, so we have a comprehensive understanding of how government and private sector should work together to address this problem."

Cabinet Office had always expected Verify would have difficulty establishing the identities of people "at the perimeter", or the fringes of society, because corporate records of the "financially excluded" would be scant. But it was having as much trouble getting hold of data for everyone else as well.

"It is the intention that we should get the private sector to engage in this and realise the benefits of making their data available for users. So the more data points you can go to the better.

"No two users are going to have the same profile of data points. 80 per cent of people have passports. A very high percentage of adults have mobile phones, so that's why we've been particularly interested in getting to that data source, and have been speaking to mobile operators," Rennie told the conference.

Universal Credit was right on schedule, shows 11th-hour project plan

| 1 Comment
| More
Universal Credit Programme Plan - 13 April 2012.jpgUniversal Credit was doing fine and right on time as the Department for Work and Pensions began rolling out its IT system in April 2012, according to a project schedule released under Freedom of Information rules last month.

Campaigners have been arguing in a Freedom of Information case that still drags on after three-and-a-half years and has gone to the highest court of public affairs, that Universal Credit was a shambles in April 2012, that DWP officials knew this, and that they hid the awful truth from public eyes.

But DWP was right on plan with 98.8 per cent of Universal Credit's components, according to a milestone schedule DWP project managers captured on 13 April 2012, and cleared for release by a Tribunal Judge under Freedom of Information law last month.

DWP produced the schedule just when parliament had approved the final terms under which Universal Credit would combine various social security schemes into a single payment of financial support to underprivileged people. It had already begun work in preparation for combining the various computer systems involved at least 12 months before, when a Cabinet Office Major Projects Agency review said the department had made such an "impressively strong start" that it had a "high degree of confidence" it would succeed. Now with a final green light from parliament and a head start established, it was free to proceed to the final stages of the build. The Milestone Schedule released last month showed just how well DWP was doing with the programme.

Six months after DWP produced the schedule, in November 2012, DWP major programmes director Steve Dover told Computer Weekly he had finished his work overseeing the design and delivery of Universal Credit. Everything had gone according to plan, on budget and on-schedule. The project was moving into "operational mode". Newspaper reports that it was in trouble had no basis in reality, he said. Dover, and Universal Credit programme director Malcolm Whitehouse, both stood aside claiming their work was done.

But then Cabinet Office, led by public sector reformer Francis Maude, produced its Digital Strategy for the wholesale automation of public sector work. Within three months, Cabinet Office had taken over Universal Credit, torn up its plans and even scrapped the software DWP had produced to run Universal Credit.

The National Audit Office later confirmed that DWP had implemented almost all of Universal Credit before early 2013. The only part then missing was the Identity Assurance system, which was being built under instructions from the Cabinet Office, but was itself behind schedule. DWP and HMRC had planned to build a dedicated fraud detection system. But it was decommissioned before being rolled out and its functions taken over by the Cabinet Office Identity Assurance system. So that wasn't finished either.

That didn't stop DWP being blamed for the delay though, and Universal Credit getting flack for being the sort of failure people had been taught to expect from public computer projects.

Privatization by software starts with Her Majesty's Revenue & Customs

| No Comments
| More
Thumbnail image for Treasury financial secretary David Gauke cuts ribbon at HMRC Digital Delivery Centre in Telford with Lucy Allan MP - 1 September 2015.pngHMRC's plan to dissolve its core operations and have them reproduced as standard features of common business software will hollow out one of the largest departments of state and could lead to 80 per cent of 57,000 staff being made redundant.

The unheralded plan, outlined in HM Revenue and Customs "API Strategy" last week, goes further even than the last coalition government imagined in its 2012 Digital Strategy, which proposed automating 80 per cent of government jobs by having software programs do the work instead of people. Government jobs won't just be automated by government software. They'll become banal features of common business software. Back-office central government jobs will, with the computer systems they use to do their jobs, become back-end processing in accounting software produced by the likes of Sage.

HMRC's API Strategy showed how digital privatization would cut HMRC back office work about 80 per cent. It said this would benefit HMRC by reducing its back office costs. But it did not spell out how.

The way digitization would cut costs was spelt out in an aside Cabinet Office wrote into its 2012 Digital Strategy: it would reduce employment costs by about 78 per cent, including the cost of buildings to house them and computer systems to help them do their work.

Thumbnail image for How HMRC's API Platform will form part of our Multi-Channel Digital Tax Platform - MDTP - from HMRC API Strategy - 1 September 2015.png.pngHMRC's API strategy illustrated this by way of a Fischer Price diagram that showed almost a third of its dealings with the public were being conducted through each of three conventional channels: face-to-face, paper, and telephone. By 2018, third party software would be doing 80 per cent of this work.


But the API Strategy was little more than a promotional brochure to introduce business software developers to their new role at the vanguard of the government's privatization programme.

For the real-world effect of digitization, you have to dig the numbers out of the publications HMRC is required by law to produce for adults.

Thumbnail image for HMRC staff numbers - 2011 to 2015 - from National Audit Office commentary in HRMC 2014-15 accounts.pngHMRC cut about 11,000 staff from its personal tax department between 2011 and 2015, according to National Audit Office commentary on HMRC's annual accounts. This coincided with an increase the in the number of people filing their tax returns using HMRC's online self-service, from 78 per cent in 2011 to 86 per cent this year.

Its staff levels otherwise stayed roughly unchanged in all other areas (click to enlarge chart). Staff processing benefits and credits declined by 641 between 2011 and 2015. But those processing business tax went up by 538, enforcement and compliance were up by 747 people, and in other areas by 457.

Personal tax staff accounted for almost 40 per cent of HMRC's employment roll in 2011. Their numbers were cut almost two thirds. The API strategy would now automate work done in enforcement and compliance: the other single largest area of employment in HMRC, which with 26,222 people last year accounted for another 46 per cent of all HMRC staff.


HMRC's own 2012 Digital Strategy, produced under orders from the Cabinet Office's Government Digital Service, skirted the question of jobs, though it promised to build "digital services" - mobile phone and website apps through which people could use public services instead of telephoning a call centre or walking in to a tax office.

HMRC would make "digital" mobile phone apps the "channel of choice", as opposed to the telephone and walk-in "channels" it typically used when dealing with people, said its 2012 strategy.

Things have evolved since then. HMRC will now make third party software the first choice, it said in its API strategy. It would do so by allowing business software developers to re-use the organisational logic it had already rendered in its own software systems. They would get at it through its software interfaces - its application programming interfaces (APIs) - which it would beef up for the purpose.

Whereas before - as far as HMRC was concerned and, on the face of it, as far as the Cabinet Office Digital Strategy was concerned - first choice was self-service "digital" apps, built and operated by the public bodies themselves.

And yet still, there seems little public acknowledgement of the fact that the government's Digital Strategy has effectively been a programme of privatization by software.


The API strategy portrayed this as inevitable. It said third party software was already the channel of choice for business tax payers. By allowing those software suppliers to take over its own functions, it was just giving people what they wanted, and meeting its own austerity targets by cutting its own costs as well.

This contrasted with the US, where the Inland Revenue Service never built its own digital services in the first place. Business software suppliers lobbied the IRS not to build them. After the world started migrating from paper to digital in the 80s and 90s, the IRS would consequently give up those roles previously only performed by its own staff. The software companies took over. The IRS compensated people on low incomes by forming an alliance with business software suppliers to do their services free of charge.

HMRC's primary justification for its API Strategy was the boom it would be for tax software suppliers. It would still maintain its own digital services for individuals and "micro-businesses" - those whose resources and needs were too small to justify the expenditure on accounting software. But HMRC would henceforward treat its own software developers no more favourably than any private-sector supplier. Its APIs, which are literally interfaces between one software system and another, would treat all comers as equal.


An HMRC spokesman denied the API Strategy depicted how digitization would lead to redundancies. It showed only how fewer people would need to use its conventional channels of face-to-face, post and telephone.

"The diagram demonstrates the digital choices we believe will be made by individuals and businesses," he said. "It does not represent the volumes of transactions we might receive during that time."

But he said in a written statement: "Digitisation will change how we work in HMRC, automating many processes that are currently done manually. This will reduce the need for some roles and create new roles, with new skills and new flexible ways of working.

"Our digital strategy stated that we would see a change in the way that we work, as I imagine any organisation would over time," said the spokesman.

But it could not be assumed the API Strategy would lead to 80 per cent job cuts in keeping with the Cabinet Office Digital Strategy, he said. He would not say what HMRC staff would be doing instead when they were no longer needed to answer telephones and collect the post.

Treasury financial secretary David Gauke at official opening of HMRC Digital Delivery Centre in Telford with Lucy Allan MP - 1 September 2015.pngSuch questions would be answered at a conference HMRC held with business software developers yesterday, he said. Press were uninvited.

Select members of the press were invited however, to witness a stunt David Gauke, financial secretary to the Treasury, staged on the day HMRC published its API Strategy. He officially opened a digital services centre employing 200 people in Telford.

The headlines declared how HMRC was creating jobs around its API strategy.

Plan for government-by-software unfurls at inland revenue

| No Comments
| More
The 21st Century state begins to take shape today at a meeting of software developers whose business applications will be taking over functions of central government.

HM Revenue and Customs called the meeting to tell them how to fulfil its "vision" for parts of central government to be dissolved and automated by a distributed software infrastructure, built into financial software used by the nation's businesses and their accountants.

The incredible vision was slipped out in a technical report about the ongoing computerization of tax operations at HM Revenue and Customs last week.

It involved business software producers building government checks into their applications. So enforcement and compliance work currently done by about 26,000 tax inspectors would be taken over by the software used by people's accountants or in the finance department of their employer.

As well as a radical privatization of central government, HMRC's distributed software automation would subvert the defamed conventional model of outsourced government, whereby big government departments employed big outsourcing companies to build central computer systems that tens of thousands of staff would use to conduct transactions with millions of people across the country.

The plan proposed instead a sort of outsourcing for the networked age: every business and accounting firm in the country doing a little bit of tax processing that would otherwise have been handled by some of the 60,000 people employed at HMRC on computer systems built under a sole contract it signed with Capgemini for £8.5bn in 2004.

HMRC said it developed the plan to make sure people paid their taxes. It missed opportunities to collect £34.5bn in taxes last year through avoidance, criminals, the black market, legal loopholes, evasion and neglect, according to the National Audit Office.

The department said it envisaged a business software industry that was booming after taking over central government functions, and of their customers benefiting in unforeseen ways from a greater variety of software producers competing (it was imagined) more intensely over the opportunity to build tax inspecting functions into their systems.

It did however continue other work to combine the software of business and government into a single distributed financial system - effectively, the infrastructure of a decentralised state.

HMRC has since 2010 built links with banks and employers to check people's pay packets in its Real Time Information system (RTI). It has also built links with the card payment industry and credit agencies to track people's lifestyle habits in an effort to catch crooks, cheats and bumblers in the act of doing other than paying tax. It has also built more intimate links with businesses by getting their tax returns as data feeds.

Its latest vision grew from this and other work to build "Application Programming Interfaces" (APIs) on top of its own systems, so business software producers could feed and draw from its databases to process things like corporation tax, export controls, and VAT returns, without having to employ whole offices of people to shuffle, stamp and shuttle paper.

HMRC's vision - drearily titled as its 'third party tax software and application programming interface (API) strategy' - would turn its own software interfaces into more than mere portals through which business software producers communicated with its administrative systems, as they had been till now. HMRC's software interfaces would distribute "business rules" and more intimate data from people's tax records so employers could take over compliance checks done by HMRC.

"Through better APIs, third party software will be able to use the same rules and logic that HMRC services use," said the strategy document.

Its APIs would "prepopulate" the nation's business applications with HMRC data. This would for reasons unexplained tighten HMRC's grip on non-compliants. Software producers would "build risking capabilities into their software", it said. The document was vague, repetitive and promotional. HMRC said it would elaborate its vision to members of the software industry at a meeting in London on Monday. Members of the public or their representatives in the press would not be invited.

It had identified 600 software companies it would encourage to modify their software to do its work. These would no doubt include Sage, the accounting software firm that recently took as its CEO Stephen Kelly, who ran the Cabinet Office programme to reform big, central government departments by curbing their spend on big outsource contacts and "digitizing" their back offices by farming their functions out to computer software producers.

UK companies data leaves public in dark

| No Comments
| More
"What century is that from?," is the natural reaction upon getting a set of accounts from Companies House, the UK's public register of company records.

If you get a chance to put this question to Companies House, you might be surprised to find the explanation as unsatisfying as the experience.

Computer Weekly put it to Companies House CEO Tim Moss in 2012, at a conference put on by the open data reformers then operating out of the Cabinet Office. They were trying to get public bodies to publish their records as data.

People had been labouring for years over the old-fashioned way Companies House published company records: as scanned images of paper documents that companies sent in the post, which it stuck in PDF files on its website. You could download company records from the public register. But since the documents were effectively photos of documents you could get information from them only if you copied it by hand. You couldn't copy-and-paste a company's tax record, for example, or directors' salaries, offshore shareholders and so on, unless you copied it out by hand. It was backwards Steam-Punk: 19th Century technology delivered in a 21st Century wrapper.

It was after nearly 20 laborious years of this that Computer Weekly put the question to Moss:

"So what century is that from?"

Moss's answer was data.

Companies House was preparing then to publish company accounts as data. It did so in 2014. But it still put "photo" PDFs on the public register.

You could get the data if you went round to the registrar's tradesman's entrance, as it were. Its bulk data downloads of company records were unsuitable for anyone but computer experts or users well endowed with time, computer skills and resources.


The general public tend to use the registrar's front desk - the conventional companies registry, where you ask for details of a company and get a list of its records. That's where you would expect people to go. When they do, they still get "photos" of documents.

Companies House has been absorbed instead by data, which it publishes as zip files containing tens of thousands of company records at a time. Its recent company data releases were published as daily downloads of up to 10,000 files amounting to 500Mb a-time. It puts up to 200,000 files a-time in downloads for records more than a few months old, which it zips by the month-load. Its data serves the business information industry, not the general public.

Companies House claimed on 22 June it had reached a milestone in its modernization of company records when it let software developers get at its data through an application programming interface (API). Computer experts could use the API to build software applications that referred to its company records.

"This makes the UK register one of the most open in the world and the UK economy one of the most transparent," Moss insisted in a statement in June.

And Mike Bracken, who was then director of the Cabinet Office modernization unit, insisted: "This is the model for registers of the future."

But the general public still got photos of company records on its public-facing register.

So two weeks ago, CW put to Companies House press office the same question it put to Moss in 2012.

"Photocopied PDFs? What century are we in?"

We have given people data downloads, it said.

Do not try this at home though, people.

Let's say you did though, because you wanted a company report you could utilise by simply cutting-and-pasting.


You would first have to find the Companies House data download that had the file you were looking for. That's like finding a haystack before you know which one has the needle in it.

You might have to get every single daily and monthly download from the last twelve months - 80 zip files totalling approximately 90Gb of data in upwards of 7m company records. It would take an inordinate amount of time just to download them, and then to unzip them.

Then you would need to find which file among 7m contains the report for the company you were looking for. But to search them you would have to convert them, from the iXBRL data format the registrar keeps them in, into an XML format that can be processed using standard computer programming tools...

You following? Good. Because you would need a computer expert to do this. You would first need skills to search the XML data. That would not be straightforward. And data derived from XBRL moreover is notoriously complex.

And that is not all. With so many files, in order to search them you would first have to index them, or to stuff them into a database system that would do the indexing for you, neither of which you could do unless you had an intimate understanding the XBRL data's underlying structure, or unless you paid for specialist software that did, and a specialist to do it.

So really, you aren't going to do that. You might write some computer code to query the Companies House API. But as a member of the general public, you aren't going to do that either are you?

Let's just say you found a clever way round this though.


You would need to know the registration number of the company you were looking for. And you would need to know on which day it had filed the document you were looking for. You could get this by looking it up in the public register, where its accounts are given as a photo PDF. Ignore the PDFs for now. Just get the details and come back here: we want the data.

Let's say for example you were looking for the last published accounts for Methods Advisory Limited (formerly Methods Consulting Limited) - a firm operated by two of the architects of the government's 'transformation' of the public sector, and which has profited them handsomely. You would see from the public register its registered number was 02485577 and that its last annual accounts were published there on 12 Feb 2015.

To get the data for Methods Advisory Limited you would need to get the Companies House data download for that day. It comes as a zip file of 115,937 files. The zip is so big it takes 10 minutes to download, almost three hours to unzip and contains so many files that it takes a whole minute just to open the folder (on a freelance journalist's not-overly-creaky computer).

But if you got this far, you might have noticed that the data filenames contain within them the registered number for the company concerned. So to find the file you were looking, you would need merely use your local file browser's search facility to find the file with a name containing '02485577'.

There is a big problem though. Methods Advisory Limited's accounts aren't in the February 2015 download where they should be. There's no choice but to go back to the public register's front desk to check.

Only if you download the photo PDF will you learn that Methods directors actually filed their accounts on 30 January 2015. The registered date is merely the date Companies House loaded their accounts into system.

So you would get the January download as well: 10 minutes to download, 3 hours to unzip and 133,228 files. It's been more than six hours and 13Gb. And you've only got two months of data.


Worse still, Methods Advisory Limited's accounts aren't in the January download either. They are simply not there. In fact, 40 per cent of companies haven't filed their accounts with Companies House as data. Methods just happens to be one of them.

So the only way to get Method's accounts is to download the photo PDF from the public registry.

Then - if you copy it out by hand - you could relay the following information:

"On 1 May 2014, [Methods] demerged into 5 separate legal entities: Methods Advisory Limited, Methods Analytics Limited, Methods Digital Limited, Methods Enterprise Limited, and Methods Professional Services Limited."

Many companies have such complex structures that the only way to find the records of the corporate entity it uses primarily to account for its business is to actually open the accounts and look at them.

Fortunately, the public register already contains all the company records. Companies House has even indexed them. So you only need ask the registrar to give you a copy. You just go to the registrar's website and do a search. It takes milliseconds. This is the purpose of Companies House - officially called its 'public task': to keep a reliable record of companies so members of the public don't have to climb a mountain just to hold a single company to account for a single year.

Moss, the public registrar, was talking about this when Computer Weekly raised the question of electronic documents with him in 2012. Companies House did not have a misguided belief that it was only there to serve corporate interests. It had an official duty to serve the public interest, by giving the public the means to get company information about private companies.


"Our public task is very simple," said Moss.

"It's based on the Companies Act which is, incorporate the company, record all the events during its life, dissolve it, and make all the information available to the public."

Yet the registrar is still publishing company records as photos.

What explanation did Moss have for a member of the public fed up with his photo PDFs in 2012?

"We have a big move now to iXBRL. We are now getting about 50 per cent of that data in and we are in the process - we have a board meeting this month on how we are actually making that available," said Moss.


The registrar subsequently made it available to the general public, but only with the limitations described above.

Even though iXBRL, a data format HM Revenue and Customs developed to store company records, doubles both as data and as a document people can actually cut-and-paste from a web browser. So it needed only point people's web browsers at the iXBRL files when they go to its website looking for company records.

It instead turned the iXBRL back into "photo" PDFs and put those on its website instead - going out of its way to limit the public access to proper electronic company records.

Companies House press office said in response to this that it did plan to put iXBRL versions on its website, possibly within two months. But it was a low priority. It first declared a strategy to publish company records in such a format in 1995. It has since served the business information industry very well.

iXBRL inventor: my algorithm turns UK company data into 'useless PDFs'

| No Comments
| More
The UK business registrar has been rendering its revolutionary company data useless to anyone without computer skills thanks to software written by the very man who invented the principle way to make it meaningful.

It has taken Companies House more than a decade to implement its modernisation plan, to get businesses filing their accounts in its register electronically instead of on paper. Yet it has denied the general public the benefit of its modernisation by turning the data they submit back into a form of document labelled by critics as "useless PDFs" or "paper under glass": scanned images of documents that can't normally be processed by computer, and that force people to copy by hand if they want to use the information contained in them.

Philip Allen - chairman - CoreFiling - black and white.jpgPhilip Allen was contracted by one branch of UK government to invent the iXBRL data language in 2009, to render company data into a form of electronic document people could actually use. But another branch of government paid him to invent a way to re-render the iXBRL back into PDFs.

"When [Companies House] first started doing XBRL they came to us and said can you produce for us a program that will take the XBRL filings and turn them into TIFF [format]?" Allen told Computer Weekly.

"We were doing all the stuff behind the scenes, running the XBRL handling, and they said, 'On day one, with only a small number of people filing in XBRL we will still need to meet our general obligation, to allow people to use the existing service.

"The existing service, as you know, is for graphics. So all the stuff coming in XBRL is still made available in TIFF through the old mechanism.

"Converting stuff back to TIFF was the simplest possible way of making sure they continued to meet their obligations," said Allen.


Companies House had been scanning documents companies filed on paper since 1992, turning them into TIFF (a format for storing images on computer) and embedding them in a PDF file for publishing on the public register.

It began trying in 2003 to design a way for companies to file their accounts electronically, so the documents on its register weren't so limited. That was a three-year programme.

It was 10 years before it finally started getting a substantial proportion of companies filing their accounts as data. But it still published them on its register as PDFs, denying the general public a means to get at the data.

Ironically, HM Revenue and Customs contracted CoreFiling, Allen's XBRL software business to make XBRL comprehensible to ordinary people in the noughties as well.

HMRC had been looking in 2002 at XBRL (eXtensible Business Reporting Language - then becoming the standard way to describe company finances as data). But the accounting industry was deterred by its being incomprehensible to anyone but computer experts.     


The result of Allen's work was iXBRL, a form of hybrid data document he released to the world in 2009. Depending how you looked at it, a company accounts in iXBRL would either appear as an electronic document that could be read by humans, or a set of data that could be read by computer experts.

That was good for tax inspectors, who wanted to read electronic documents. But Companies House kept those same data documents back from the general public using the algorithm it commissioned Allen to write to revert the electronic documents back into PDFs.

Companies House says that up to a million PDF documents are downloaded each day, having been produced by an automated process as part of companies filing their data.


Some experts believe it has put the interests of the business information industry before its own mandate to serve the public interest. The businesses in that industry - data aggregators such as the powerful Bloomberg and Britain's Dunn & Bradstreet - might lose custom if Companies House did not release its data as "paper under glass".

Professor Joanne Locke - Head of The Open University Business School Department of Accounting and Finance and Professor of Accounting.jpg"Companies House also provides data-to-data aggregators for a fee," said accounting professors Joanne Locke, Andy Lymer & Alan Lowe in 2010.

"They seek to add value to the data for re-selling. If Companies House provides the tagged data direct to the public, it will effectively be in competition with its data aggregator clients."

Andy Lymer is professor of accounting at The Birmingham School Of Business.

Companies House, however, said it no longer charges for its bulk download service, and that it has made all electronically filed accounts data available, for free, for anyone to access as a bulk download, since November 2013.

The US Securities and Exchanges Commission has been publishing company accounts as electronic documents since 1995, after mandating in December 2004 that companies send them by email or computer disk.

CoreFiling has been publishing itself those iXBRL documents that Companies House has been holding back, on its own website.

Companies registrar reverts electronic documents to photocopies

| More
In a bizarre reversal of the government's digital-by-default policy, Companies House has been receiving company accounts as data but turning them into PDFs often containing poor-quality, low resolution images, before releasing them to the general public on its website.

The UK registrar, celebrated as a pioneer of electronic company accounts, has been sticking scanned images of company accounts on its website since the 1990s. The British tradition was that companies filed on paper. The registrar initially adapted to the internet age not by getting electronic documents but by effectively taking photographs of the paper ones. Members of the public were able to re-use company information if they were willing to copy it out by hand.

The ConDem coalition government changed all that in 2011 when it started making companies file their tax returns as data. But while Companies House has since got two-thirds of company accounts as data as well, it has still been converting that data into image files before sticking them up as PDFs on its website.

The bizarre thing is most companies don't send paper documents to Companies House when they file their accounts electronically. Yet the registrar has still been creating images saved as PDFs as if they were scanned from paper documents, and sticking them up on the public register. It received 1.4 million company accounts electronically last year -  yet the British public still only got the equivalent of copies of paper documents when they went to the public companies registry.

Most incredible still, companies have been filing their accounts with the registrar in a data format (called iXBRL - short for 'inline eXtensible Business Reporting Language') - that displays automatically in anyone's web browser as a document. Finance and computer experts can harvest the data with specialist software. But it would appear to most people as a common 'html' web page that looks identical to a paper set of accounts. Yet when a member of the public goes to Companies House to search for a company's accounts, they still get an image that cannot either be harvested for data or copy-and-pasted by people who want to use it in a document.

The registrar has been generating scanned copies of other company documents it doesn't get on paper as well. It got 6.8 million company filings as electronic documents in all last year - 80% of all company filings - including mortgage documents and annual returns of directors and shareholders. Yet it still put them on its website as PDF-based images, rather than the iXBRL-based data.

It has meanwhile been promising to cut the £60m cost of its old, paper operation since 2003, when it first started planning to make companies file their accounts electronically.

Gail Cobley - practice director of accounting and tax experts Blue Dot Consulting.jpgGail Cobley, practice director of accounting and tax experts Blue Dot Consulting confirmed that accounts she had sent to Companies House electronically for her clients were being displayed in the same PDF format as if they were scanned paper copies on the registrar's website.

"That's bizarre because we do it all through software," she said. "So Companies House are photocopying it. It seems like a waste of time."

Dr Paul Booth - technical manager - Institute of Chartered Accountants in England and Wales -ICAEW - retired.jpgDr Paul Booth, who retired this week as technical manager for the Institute of Chartered Accountants in England and Wales (ICAEW), confirmed by querying the public register himself that Companies House was publishing images of documents it received electronically. But the situation left him baffled.

"I can't see any purpose to creating an image file when you've already got the HTML," said Booth.

"I can't think of any advantage in having the PDF," he said, referring to the PDF files that Companies House uses on its website.

"It looks like one of those useless PDFs that is indistinguishable from an image. If it's iXBRL, you've already got something that will display. You don't need to put it through another process. If you file in iXBRL then that's it."

John Turner - chief executive officer of XBRL International.jpegJohn Turner, chief executive officer of XBRL International, the standards body responsible for overseeing the data format, said he was aware Companies House had been publishing XBRL company reports as "paper under glass", his derogatory phrase for public records published as images of paper documents.

Yet he defended Companies House, which among all financial institutions and businesses around the world received his association's award for innovation in iXBRL and open data last year.

"I'm sure there's a very good reason for it. It is in the interests of the public that the information is available," he said.

Turner insisted people could still get the electronic filings through bulk downloads of Companies House data, though he conceded, "that's not something that someone on the street would typically do". Companies House downloads deliver thousands of iXBRL files every day to people with the computer resources and skills to handle them. Some companies had begun building copies of the Companies House registry from that data. Turner said members of the public should go to those firms instead of Companies House.

Chris Taggart - chief executive of OpenCorporates.jpgChris Taggart, chief executive of Open Corporates, one of the companies that has been republishing Companies House data, said the old system by which companies sent their filings to the registrar on paper was "ridiculous".

"Filings were normally created electronically, stored as data, printed out, sent to Companies House as pieces of paper. Companies House then scan it. And in order to use that as data you have to get someone to re-key all that. Often, the credit reference agencies will send it to Sri Lanka or to the Philippines to get it re-keyed. That is what is happening at the moment. And it's data in the first place. We think this [process] is just ludicrous," said Taggart.

Companies House images were even of such poor quality that they couldn't be re-scanned and put through optical character recognition software to turn its images into text, he said.

He defended the registrar, however, for turning electronic documents into scanned images. It might have other priorities and may not have wanted to change its existing workflow, he said. Open Corporates has been publishing the iXBRL versions itself.

Olive Brown - iXBRL expert - PWC.jpgOlive Brown, an iXBRL expert with accountants PWC, said Companies House had to turn electronic company filings into PDFs because the business information industry had grown accustomed to gleaning its data from them.

Columbia University Business School academics Trevor Harris and Suzanne Morsfield said in 2012 that business data aggregators like Bloomberg and Thomson Reuters had been using "labour-intensive" input processes prone to error. Yet they had snubbed iXBRL because they trusted their own data more, and not all companies were yet filing with registrars electronically. They also perceived iXBRL as a threat. Regulators and registrars around the world such as the US Securities and Exchanges Commission nevertheless stuck with iXBRL as a universal way of describing business information. Business aggregators use data languages defined for their own advantage rather then the common good.

Tom Davin - senior vice president and managing director - Software and Information Industry Association - Financial Information Services Division.jpgTom Davin, senior vice president & managing director of the Software & Information Industry Association's Financial Information Services Division, said the large data aggregators had not wanted to collaborate on a data standard.

"My general observation is the big aggregators like Bloomberg and Thomson Reuters are so competitive they are wary of doing anything together, unless their customers are forcing them into it," he said.

Computer Weekly asked Companies House to explain why it still turns data into image-based PDFs rather than making them available as iXBRL data to view online. The registrar only said that it has no power to mandate electronic filing.

Companies House said in a written statement it received 60 per cent of company accounts electronically and 40 per cent on paper.

"We intend to make accounts data available within the next two months subject to priority issue where it has been filed with us as data," it said.

A Companies House spokesman initially refused to say how it had turned those electronic filings into PDF copies. Companies House subsequently said they are produced automatically as part of the data filing process.

"The formats we present are the formats customers like to see them in. Our customers like to see it in these formats. So we produce it in these formats," he said.

"Data is one of those things not available on the Companies House Service. But it is one thing we intend to put on. We launched a new beta service and the data isn't available on that.

"What you are raising is not considered a high-priority issue. People are not crying out for this material to be changed so it's not high on our agenda," said the spokesman.

Companies House employed 854 staff to handle the collection, conversion, validation and publication of company documents last year at a cost of £61m. It cut 311 staff since 2010, and cut by 80 per cent the number of company filings it received on paper.

Google privacy check gives greater cause for concern

| 1 Comment
| More
Google raised fresh cause for concern today when it offered an opt-out of its web tracking by changing the privacy settings in Gmail.

I took up its offer to opt out of various schemes it has to track people's web browsing and to use the content of my email communications to tailor its advertising and shape what they see when they use its search engine.

The last point is the most pertinent. It has been disconcerting for a while to see both Google and Twitter appear to shunt things in front of you that happen to coincide with topics of private email conversation.

Google's privacy opt-out confirmed for people too busy to check if the blogosphere had already nailed the question: does Google tailor results according to the content of your emails?

The opt-out was most welcome - commendable, really - because it gave hope that such behavioural profiling as might grow from Google's tailored search results in other areas of life might after all become an option and not an imposition. It might even be possible that the coming age of behavioural and psychological profiling will deliver tools we can choose to put in our hands rather than a tyranny wielded by others.

Then Google offered to install a 'Google Analytics Opt-out Browser Add-on' to stop my web browsing being tracked by websites that use Google software for just that purpose. On installation, Firefox said 'don't install this add-on if you don't trust its author'.

Dick Dastardly

Some Firefox add-ons get certified by Mozilla, Firefox's publisher. To the casual user, this is a guarantee that the add-on software has been analysed to ensure it doesn't steal your personal information or leak your browsing history to some tracking service or another.

As a journalist, this is a source of niggling fear.

...As it might be for campaigners who take on powerful corporations or states, or for revolutionaries disgusted by entrenched poverty and inequality of opportunity, or anyone who irritates comfortably powerful people. So you use Firefox add-ons cautiously. Partly because Firefox tells you to. And when an author like Google who especially needs to convince you it can be trusted says, 'install my add-on: it's good for you', you expect really to see that it is certified.

Whether you trust the author is an interesting question in respect of Google. Firefox's community of add-on authors has produced numerous blockers designed to stop Google and other web analytics software from tracking what you do when you browse the web.

They are are like a bunch of Heath Robinsons all offering slightly different ways of getting to the moon. You don't really expect any of them to get there. But you are glad they are having a go. You meanwhile browse the web with the expectation that you could be tracked by anyone who cared enough to do it.

Then Google enters the Heath Robinson Race to the Moon with its 'Google Analytics Opt-out Browser Add-on'. It is as though Dick Dastardly had appeared with an Acme Rocket Car, beckoning: 'Hey kids - don't waste your time with those bozos! Come along with me!'.

The result of all this has been a genuine cause for concern. One of the most welcome settings in Google's privacy options this morning offered to stop it tailoring its web search results to your behavioural profile.

"Our automated systems analyse your content (including emails) to provide you with personally relevant product features, such as customised search results, tailored advertising and spam and malware detection," says its privacy policy.

Befooling users

While it might encourage some that Google works to give them search results related to their prior behaviour before they see anything else, it also raises the possibility that there is information it excludes from results.

It raises the possibility that there are parts of the net invisible to anyone deemed not to have the authority to see it, just as there are services denied people without the credit history to use them.

If they haven't driven before, it's hard even for a middle-aged woman to get insurance to learn in a Golf GTI. It sounds silly that someone might learn to drive in a GTI. But really it is ridiculous to stop someone doing so if that happens to be the car they have. As blunt instruments, insurance algorithms are inherently unjust.

Door men

The injustice inherent in algorithm-driven social systems will cause greater concern in years to come when the likes of the government's 'Verify' online ID system become established. It works by assessing people's entitlement to do something according to the behavioural history and biographical credentials attached to their identity. If your name is on the list but it doesn't have ticks by the right boxes with the credit reference agencies and data aggregators, you aint gettin in.

So what do you get to see when you do a Google search nowadays? While doing extensive web research on the global network system that drives military drone strikes in the Middle East last year, it became apparent to me that Google search results where tailored according to the specificity of your search terms.

So Google might deliver no results at all if you searched for 'Rocket Car'. But it would give results if you searched for 'Dick Dastardly Rocket Car v.1.54 Specifications and Patented Chuff Propulsion Schematic'.

Specific search terms that contained key words unique to a particular domain of knowledge produced results, while more general search terms did not, even when they should because they logically encompassed everything that might appear in the more specific search.

Google showed what you were looking for if you knew what you were talking about - if you could use the language of a domain expert - of an insider.

Less than trustworthy

So Google's offer today of an opt-out from tailored search results offers a little less assurance than certainty of trust.

What might Google exclude from your search results if you opted out of its service to filter them according to your behavioural profile?

What might it exclude if you opted in?

Exploration of this question may lead one to the conclusion that Google's database must be turned into a public asset that can be searched without condition. Or users must simply be given power to set the search conditions themselves.

That wouldn't negate the utility of a tool that filtered results according to the domain in which a user operated. A bus driver searching for 'engines' might prefer to see different results than a computer programmer.

But Google will have broken Silicon Valley's promise of a classless, democratic society if it has not one day, hopefully soon, given all users the means, regardless of their own biographical credentials, to adopt the identity of any class of user to see what they see, and commit search terms such as:

'show me what a bus driver sees when he searches for information about engines'

... or ...

 'show me what the prime minister sees when he searches for information on the error rate of drone strikes targeted against suspected insurgents in the Middle East'.

These are hypothetical examples. Still, if Google fails to deliver such tools then the time may have come for peer-to-peer search engines that operate beyond the reach of corporate and political control.

As it happens, the sort of algorithm-driven assessments that determine a government ID system's decision whether the sum of someone's biographical credentials amount to enough of an entitlement to give them access to some service or some domain of privilege were originally designed by a collaboration of tech companies that included Google. They were designed to give states and corporations the means to assess within a given range of probability whether someone's claim for some service or privilege was genuine.

Similar assessments determine whether the network of evidence against some suspected insurgent is great enough to guarantee within a range of probability that they are indeed a dangerous terrorist bent on causing imminent harm to the people around them, and that it would be safer for the people around them, given also the range of error inherent in any given missile strike under given mission conditions and so on, that they should be executed immediately, without trial, with a missile fired from a drone. The Whitehouse has refused to state what it has deemed an acceptable rate of error to be in these operations. Computer Weekly asked. It said no comment.

Ironically, the people-powered information revolution promised long ago by our present prime minister hand-in-hand with Google, has not yet given the people the same algorithmic assessment of the probability that their results were complete and their entitlement lacking.

Data retention emergency was a fake

| No Comments
| More
The government appears to have a habit of passing anti-terrorism legislation in an emergency. Human rights lobby Liberty complained outside the High Court this month that the Home Office fabricated an emergency to pass a dubious snooping law. For Liberty, this was just a megaphone slur to catch people's attention. But the emergency was indeed a fake.

The emergency had stopped MPs scrutinizing the snooping law when home secretary Theresa May pressed them to approve it last summer. This Data Retention and Investigatory Powers (DRIP) Act had been permissible under EU law since 2006. But the European Court of Justice had decided last April it was impermissible after all. It should have been a formality for May to recast the same powers under UK law. The European Court hadn't been opposed to data retention per se. It had just called foul because the UK and other countries had drafted the EU template in contempt of human rights.

The home secretary had no cause for an emergency on the face of it. The national data retention regimes had not drawn their powers directly from the EU law - the Data Retention Directive. The Directive merely obliged them to create a regime in the mould it gave them. Now the Directive law had been revoked, national legislation such as the UK's Data Retention Act still stood. Its powers were still in force.

Two things had changed though. First, the European court said the Directive was invalid for its lack of restraint. It allowed police to search records of people's communications with less concern for people's privacy than human rights law demanded. The home secretary was trying to recast the retention law without imposing this restraint. So she might have been wise to rush it through. That lack of restraint was what Liberty was challenging at the High Court.

The other change was the reason May gave for passing her legislation in an emergency. It had been three months since the European court had revoked the Data Retention Directive when May called her emergency. Now May's office was saying it needed emergency powers because there was a danger the UK would lose them over the summer while everyone was on holiday.

Parliament was being asked to restate a discredited law without proper scrutiny, just in case that law's authority evaporated in the six weeks of July and August when parliament was in recess. It had been fine for three months. What was the rush now? May's office couldn't say why. It insisted May's emergency statement contained all their was to say of its justification.

May's reason was "growing uncertainty among communication service providers about our interception powers". She couldn't provide details, she said, because it was a state secret privy only to members of the security services and certain members of parliament who had been briefed behind doors.

Internet industry opposition had stopped the UK and other EU countries imposing data retention regimes in the early noughties when they first started trying to do it. It had taken an EU-wide law to get it implemented at all. Data retention relied on telecoms providers storing records of millions of customers for up to two years at great cost just in case police wanted to search them. Any country would put its own industry at a disadvantage unless everyone else's telcos were obliged to do the same. That was the theory.

Now the EU law had been undone, May implied the telcos were trying to avoid carrying the cost of retention if they could.

"Communication service providers that serve the UK but are based overseas need legal clarity about what we can access," May told parliament.

"It is clear that we have reached a dangerous tipping point. We need to make sure that major communication service providers co-operate with the UK's security and intelligence and law enforcement agencies when they need access to suspects' communications," she said.

With the pan-European law now revoked, telcos might revive their old opposition to data retention. They wouldn't retain comms data for customers in other countries if the law didn't demand it. It was even possible to imagine people putting their comms through a non-UK telco to avoid the state keeping records of their activities.

That might be disastrous for UK telcos. It would give them motivation to oppose retention at home as well. And they now had a legal basis for opposing it. The ECJ ruling set a precedent a national court would follow in any case brought against a national data retention regime. The ECJ found numerous ways the EU Retention Directive was contemptuous of human rights, and the UK had not corrected all of them when it transposed the powers into national law. Since UK police were doing about half a million searches on peoples comms records every year, it looked that way too.

This seemed to explain May's emergency. Her legislation would stop the regime falling apart by requiring overseas telcos operating in the UK to co-operate with police requests to retain and search their customers' comms records.

But it didn't justify her emergency. If the law was invalid then May had no cause to restate it without correcting the fault that invalidated it. Her police were operating illegally. She hitched their procedures up under cover of an emergency until a more permanent fix could be found.

Her justification assumed police should continue using illegitimate powers to search people's comms records. The emergency was justified to protect them against legal challenge. But the legislation was illegitimate. Restating it in an emergency was therefore unjustifiable. The emergency was fake.

That is unless you believe the police should be trusted to use illegal measures to investigate crimes because they can be trusted not to abuse their power when operating beyond the reach of the law; that there are people so horrible that the police should use all means necessary to catch them; and so, as a friendly bobby might excuse you a speeding ticket in extenuating circumstances, you might excuse an entire national police force the routine use of illegal powers to search people's comms records. That's what parliament did.

Home secretary gives odd speech on Investigatory Powers

| No Comments
| More
Speech given by Theresa May, home secretary, in parliament on Thursday*

"My right honourable members of parliament have been so taken in by this scandal over state snooping that they have even demanded we debate it here in the House of Commons today. Well let me tell you, I agree. It's an outrage that the intelligence services don't have more snooping powers than they do.

"So I'm glad for this opportunity to see who can invent the most frightening justification for ever more maniacal surveillance. And as I have said many times in the past, I can imagine some pretty gruesome things. So you'd better have your sick bags.

"But let us not forget these are sensitive matters. That's why I've got some of our most artful establishment entertainers working on it, like the former deputy prime minister and our pals down at the RUSI club for ex-servicemen. We will all have a good laugh when they do their routine later in the summer.

"I have meanwhile asked for more serious proposals to drawn up and presented in secret. I trust you understand that you will not be allowed to see them. But I can assure you it will show the security services have come up with some ingenious ways to watch the poor to make sure they stay in their place. We are doing all we can to ensure you are safe from them. But we must also ensure these safeguards are necessary and proportionate. Because its not necessary that we snoop on the honourable members of this house. But we will have increase the proportion of snooping we do on that lot outside.   

"As I have said before, these essential powers are essential. If you need any more proof than that, I would like to point out there are more terrorists than ever. We are certainly arresting more terrorists suspects then ever. And that's not just because we are hoovering up more surveillance data than ever.

"As has been shown by the latest figures from our twenty-year campaign bombing rag-heads, the threat from terrorism is serious and it is growing. And now, a little more than 10 years after our armies really started wreaking havoc in the Middle East, the prospect of our deranged victims inflicting retaliatory attacks is better than ever.

"This is great news for a our security services, who have been waiting for just such an opportunity to show how well their latest surveillance apparatus tracks malcontents and outsiders. And its great news for the contractors who run our internment and immigration camps too.

"Although this does suggest we are deranged lunatics who shouldn't be trusted with power, it is important to note that it is we who hold power. It is therefore entirely predictable that we will regulate that power only very loosely. I hope therefore the honourable members, who mew appreciatively whenever anyone mentions the security services, will be especially pleased to learn I have put one of the Old Boys from the Club in charge of regulating our power. He has assured me he will do it very loosely.

"As he said, getting this stitched up will just be a formality. He has already written a very long and reassuring report that will raise few objections. Because should anybody really be bothered to read it, they will find its silken verbiage so mesmeric that they will have forgotten about it entirely the moment they put it down.

"It is worth remembering, however, the key recommendation from his report: "These essential powers are essential for maintaining our essential power, which is essential, because it is essential that we maintain our essential power."

"That is why, alongside the reassuring noises I am making today, I have slipped through a package of measures that will allow our spooks to do as much snooping as they have grown accustomed to doing, which is essentially as much as they can get away with, which was quite a lot because it was secret, and quite a lot more than they ever thought was going to be legal.

"On the legislative framework, our spooks have communicated through our Old Boy from the Club that it is about time we made it legal so they can spend more time snooping and less time trying to figure out whether it is legal or not. Not that they were ever really bothered whether it was illegal. But our man recommends that it is about time we changed the law so it suits them more clearly. And you can feel more assured in your mewing."

* as imagined by Mark Ballard

Reforming snoops swap transparency for hush

| No Comments
| More
David Cameron's government doesn't do transparency when the establishment would find it inconvenient.

You'll still get transparency where the government wants reform, as in local government, the NHS, public administration, and was the case yesterday, the train transport infrastructure. The government cannot condemn a public service loudly enough if it's one it wants to break up and sell off.

It is less outspoken when it comes to the security services, whose abuses of power and privilege have been one of the scandals of our times, but who are yet still championed by government ministers with the self-sustaining lenience of an aristocracy.

So Home Secretary Theresa May's bouffant statement to parliament on Thursday about surveillance reforms followed a different pattern than the one you might expect of a Tory minister addressing the illegality of a public service in her charge.

She didn't do anything like the assassination that Patrick McLoughlin, secretary of state for Transport, did on Railtrack the same day.

She did more like the polite papering-over the Intelligence and Security Committee did when it addressed mass-surveillance abuses last Autumn; and like David Anderson QC, who May commissioned specifically to do a papering over, did in his Investigatory Powers Review earlier this month.

Anderson adhered to the establishment policy of secrecy when he came to that part of the UK's totalitarian policing apparatus that happened to be based on dubious legal authority. This was the Tempora programme for snooping just about everyone's communications, exposed by The Guardian newspaper's Snowden revelations.

It was the policy, he noted, called NCND: Neither Confirm Nor Deny. Ignore the questions, in other words, and they are more likely to go away. They would whip up a storm if they admitted it, and their powers might be confiscated. Government and corporate press officers do it frequently. If you refuse to deny anything that is false, then nobody can call you out for denying something that is true.

Anderson didn't confirm or deny himself whether he knew any of the things the government had refused to confirm or deny. He commended the Investigatory Powers Tribunal for declaring Tempora legal in theory last December, despite being unable to confirm or deny whether it was actually true, as though it was possible to administer the law entirely in theory, and to judge something of uncertain morality in isolation from public opinion. They forget trust is something shared.

Anderson's job meanwhile was to create a legal framework for the multitude of dubious surveillance wheezes the security services have developed in the 15 years since they were last regulated, to change the law to fit the practice. Perhaps then they might feel more free to talk about it.

Establishment fluffers on parliament's Intelligence and Security Committee (ISC) took the same approach when they put on their show hearings about the Investigatory Powers Bill last October. It was as though MPs on the committee had lost the ability to use their ears when Tempora came up - perhaps with the exception of Lord Butler, who at least briefly started getting warm in his questioning of foreign secretary Philip Hammond. The foreign secretary said he would answer this public enquiry's questions in private.

As May said herself last Thursday, it's a sensitive subject.

So she did nothing like the sort of hatchet job you would expect of a Tory minister who was exposing failures she had managed to root out of her department prior to selling it off.

She did more like the prime minister's office itself did on 27 May when it issued a background brief on the Queen's speech, in which the government's Investigatory Powers Bill was formally announced.

The PM's brief said the government was drafting an Investigatory Powers Bill to modernise the law on communications data.

And this bill to modernise the law on communications data, it said, would modernise the law on communications data.

That would mean giving police surveillance tools to close a "capability gap", so they could carry on snooping on people's communications. And it would include some regulatory oversight of police surveillance as well. It covered all this in as good as many words as it's taken here.

And if you thought that was a lot to take in at once, the PM's brief went further. It listed the benefits the Investigatory Powers Bill would bring.

Thus it would address a gap in police capabilities to keep snooping on people's communications, it said. And it would include some regulatory oversight of police surveillance as well.

So basically, it said, the bill to modernize the law on communications data would respond to the report David Anderson QC did for Theresa May. Anderson's report was much longer than the PM's statement. But it basically said the same thing.

That was it. Short and sweet and stated twice in case you missed it: the establishment knows full well what it's going to do to beef up the state's surveillance powers but it won't tell you just yet because it doesn't want to scare the horses; it will eke the details out in dribs and drabs in coming months in a manner that ensures the people are contented with whatever the state decides to do.

The data retention swizzle

| No Comments
| More
People tear down Iron Felix statue of KGB founder Felix Dzerzhinsky outside KGB headquarters - Moscow - 24 August 1991 - during putsch against Mikhail Gorbachev - CROP.pngThe government's reform of state snooping powers is a bit of a swizzle.

It was needed to address a "capability gap" that stopped police and intelligence spooks listening to the private communications of crime suspects, said a brief Prime minister David Cameron's office issued on 27 May. And they were needed in answer to issues being raised by David Anderson QC, the Independent Reviewer of Counter-Terrorism legislation.

But the primary cause of Cameron's capability gap was a court ruling that outlawed some of his most contentious snooping powers last year. The primary cause of his reforms was a need to make his snooping powers legitimate again. And Anderson was called to review how to do it.

The snooping powers had been created under a false premise at the UK's insistence in 2006. The UK did it under European law, having tried and failed to do it in UK law. But the European court exposed the falsehood and revoked the law - the European Data Retention Directive - on 8 April last year. So Cameron's government has been attempting to legitimise them in UK law again.

History suggests this might be difficult to do. The European Union changed human rights law in 2002 to permit member states to implement these snooping powers, which require teclos to keep copies of people's communications records and internet browsing so police can look at them. But few EU states actually did it.

Cataclysmic US president George W Bush had personally pressed them do it for the sake of his "War on Terror". But Europeans were uncomfortable about their private lives being scrutinized by peevish officials for fear that the slightest slip or stumble would become punishable under the pitiless rules of software-driven policing.

It meant rewiring the post-World War II consciousness The post-war bad guys - the East German Stasi, Chinese Communist bureaucracy, Soviet spying apparatus - had all been characterised by their snooping.

Such powers were so despised a decade ago that the UK had made of them an apology. It managed to create a comms data surveillance regime by pressing emergency anti-terrorism laws upon parliament a month after the terrorist attacks that destroyed New York's Twin Towers in 2001. But it was voluntary.

The internet industry had opposed retention because it would cost them money to store communications records for millions of customers. The EU had finished liberalising its telecoms market just as the internet boomed at the end of the 90s. The theory was that if the UK made BT do retention but Germany left Deutsche Telekom alone, which would be top dog of Europe's telecoms industry in five years?

Other EU states were similarly indisposed to do it without being forced. After the EU changed the law in 2002 to permit them to do it, just six of 14 did so. It was so unpopular that by 2006 only about 4 out of 24 EU states had such rules actually in force.

So the UK proposed forcing EU states to implement data retention regimes instead, with a 2006 Directive it formulated with Ireland, France and Sweden. They justified it as an urgent anti-terrorism measure after the London and Madrid terrorist bombings of 2004 and 2005. But they needed to impose this unwanted data retention regime on the whole of Europe in order to make it possible for them to do themselves.

Not only would any country that did retention put their own telecoms industry at a disadvantage. But even existing national regimes were becoming useless, said the UK group's proposal for a Europe-wide retention law in 2005.

It was common for EU states to insist telcos erase or anonymise records of people's communications as soon as they hung up or signed off. Some countries made exceptions so telcos could retain comms records and use them to create detailed (presumably itemised) bills of their customers' call usage. Data retention regimes typically allowed police to search this data, just as they might get a warrant to search any civil space if they had good reason in the course of a criminal investigation. But it was unusual to require telcos to keep records solely for police purposes.

But telcos had started doing flat-rate, all-inclusive phone contracts. They consequently began to stop keeping comms records because they no longer needed them to bill customers, said UK group in the annex to their proposed Data Retention Directive.

Retention was already prohibitively costly. And now it was unnecessary as well. Any country that attempted to do data retention would be imposing a huge additional cost on their telecoms industry. They could only get away with it they could make everyone do it.

"The problem which the proposal for a Directive on retention of traffic data aims to address is that the law enforcement authorities are slowly but surely losing one of their most important instruments for preventing and combating (organised) crime and terrorism - access to traffic data retained by electronic communications providers," the UK group said.

So they attempted to save their frail police retention regimes from complete disintegration by crafting a law to harmonize them across Europe.

The single market was, roughly, the only reason the EU could legislate on anything. It certainly wasn't allowed to create police powers, said the European Court when it published its opinion on the Retention Directive in December 2013. It was wicked to use the EU to regulate the single market solely to ease the way for unpopular police powers. Harmonization would mean obliging any EU country impose retention rules that hadn't already. That meant creating police powers, which the EU wasn't allowed to do. So the ECJ called foul last year and revoked the law, eight years after it was introduced, and between eight and eleven years after legal challanges were raised against data retention in the Irish and Austrian courts.

The court's final condemnation last April said the powers might have been justified if they had imposed restraints on police who used them. But they hadn't so the law was illegitimate.

But it didn't matter anyway. The 2006 Directive had done its job. Twenty-three of 27 member states had implemented the Data Retention Directive by the time it was revoked. Four of the other five - Germany, Romania, Czech Republic and Austria - all had their data retention regimes prohibited by their constitutional courts. Europe now largely had data retention. Industry opposition had been appeased. Civil opposition - only ever precipitated by industry's public relations machine - had been quieted.

Home secretary Theresa May followed the ECJ ruling last year by pressing emergency data retention laws upon parliament, which she did with barely any opposition. She reassured parliament her emergency legislation would be followed by a proper review, so they could legislate a permanent snooping law after considering it properly. That was the Anderson review the prime minister now cites as justification for his Investigatory Powers Bill.

Such a misbegotten law as data retention would be vulnerable it were shoved out into the world now on its own. Fortunately for Cameron, and for his police force, the immense and legally dubious snooping infrastructure that the intelligence services have built in the last five to ten years has been brought to light by The Guardian newspaper's Snowden revelations. MI5, MI6 and GCHQ appear to have done as much mass snooping as they want and as the latest technology would permit them. But now their extraordinary internet snooping apparatus has grown beyond the limit of their legal cover, beyond the limit of what the law had previously conceived possible and was therefore necessary to explicitly permit, they need parliamentary approval for what they are doing.

As Dr Eric Metcalf, a barrister at Monckton Chambers who represented Justice, a legal charity, in the parliamentary Intelligence and Security Committee's promenading hearings last October, said of the those parts of the new surveillance apparatus that Cameron's establishment has been less transparent than they would have people believe: "In crude terms, it is the largest breach of privacy in British history."

But swept into one, uber snooping law with the weight of the entire establishment and every police and intelligence agency behind it, the Investigatory Powers Bill will land on the statute like a gorilla at a family picnic. Some people might splutter. But most will go on sipping their tea.

Open contracts only so convenient for GOV.UK

| No Comments
| More
Global Witness campaign photo for Oil and Gas transparency programme.jpgUK corporations and government have slipped into a cosy understanding about the coalition's transparency policy.

The government had pledged to make its business dealings wholly accountable to members of the public. That meant publishing all its contracts in full. But it arranged instead to let corporations ignore transparency when it suited them.

Corporations had already begun publishing their public contracts in full when it suited their financial interests. It just hasn't suited those corporations that have been doing business with the UK.

It has suited them, however, when they've been doing business in sectors or countries with a reputation for corruption, where multinationals have been under pressure to prove they are kosher and there's a broader economic interest in making corporations accountable.

Tullow Oil plc, a British company that has become so committed to transparency, has for example seen fit to publish, in full, original, signed copies of contracts it makes with uppity African states where incessant war and corruption make visitors more careful of their manners.

Take the forthright transparency evident in the contract Tullow released for a 2006 deal to exploit the Tano deep water oil and gas reserves in Ghana. It makes the partial transparency managed by companies in the UK - most notably those companies that helped the coalition government engineer its transparency policy - seem a little lame in comparison.

The UK played a prominent role in the international initiative under which Tullow made its commitments to transparency. The story goes that this was for the sake of democratic accountability as much as financial necessity. Thus being both morally and financially righteous, the case for transparency left little room for exceptions.
The World Bank working group that developed the international initiative reckons there's no excuse for anything but full contract transparency in all but the most exceptional circumstances, regardless of whether a corporation operated in the political vacuum of an oil-rich war zone, or in amidst the political sophistication of a post-industrial democracy.

"No excuses"

There's no excuse, say transparency campaigners, because the full details of any contract are already known to anyone in the business world who cares to know them. The only people who don't know are the citizens who are ultimately subject to it.

Esther Duflo - Charles Kenny - David Leonhardt.png"Most contracts can be published without redaction," said Charles Kenny, academic overseer of the open contract initiative, in a report last November of the international Working Group on Contract Publication, where Tullow Oil is represented.

"As a practical matter, for large contracts ... the final provisions are known by hundreds of lawyers, advisers, financial consultants, and others.

"It is hard to imagine a competitor determined to know what was in the contract would have too much trouble finding out," he said.
Gavin Hayman, director of the Open Contracting Partnership, was spun out of the World Bank in January, told Computer Weekly it was perverse that the only people who couldn't see what corporations where doing were citizens.

"You can buy a lot of contracts online," he told Computer Weekly before he took up his post. "They cost a lot of money. But everyone knows exactly what's going on. [Corporations] are scrutinizing each other all the time. They all know what's going on," he said.

Hayman was previously director of Global Witness, a charity campaigning for "full transparency" of business in the mining, logging, oil and gas sectors.

"We believe the only way to protect peoples' rights to land, livelihoods and a fair share of their national wealth is to demand total transparency," the charity says on its website.

The coalition government had originally applied the same principles to public sector business in the UK. But in a society where public bodies have been privatized persistently for forty years, much of what would be made accountable has been transferred to a domain beyond the reach of public power. The coalition primarily pledged transparency but primarily strove to do more privatization.

Though whether you think it motivated more by one or the other is a matter of perspective. One follows the other, if not perhaps as quickly or a surely.
But even those public services that remain under the public gaze have been held less accountable to it than they might, after the government came to its cosy understanding with business. For while less transparency was convenient in principle, it was inconvenient in practice.

Cabinet Office had allowed UK corporations to use exception clauses in the Freedom of Information Act to redact any information from their public contracts they deemed confidential.

Yet some experts say it became a chore for them to go through contracts and work out what they should redact, and for public bodies then to judge their redactions and challenge any differences. That may explain why certain redactions appear to have become routine.
Moreover, the coalition's transformation of public services into commoditized cloud computing utilities has caused public contracts to be simplified so much that they have become pamphlets listing standard terms-of-sale and otherwise redacted of their most distinguishing features such as pricing and people - arguably the most important details in a world where who gets paid what to do what by whom may say more about a public deal than anything else.

It seems then coalition policy increased corporate power over public life when it claimed to be striving to increasing public power over corporate affairs.

Its public contract transparency was enough to aid commerce, by turning basic information about the market into a market commodity, but not enough to make corporations fully accountable to members of the public.

It meanwhile put more public business into private hands where it wouldn't have to be transparent at all. Corporate interests determined what should be transparent and what not.


This cushy corporate compromise was apparent when the Confederation of British Industry declared last year that public contracts should be published, "as long as the customer is happy for this to happen".
Private companies were believed to be behind the widespread redactions of open public contracts. But the CBI seemed to be suggesting it was government that wanted transparency curtailed.

Margaret Hodge MP - CROPPED.pngOthers supported this position. The international working group cited Margaret Hodge, chair of parliament's Public Accounts Committee: the redactions were typically made by government.
Cabinet Office guidance had actually said in 2012 the matter would be decided by the Freedom of Information (FOI) Act. It gave companies 23 possible "exemptions" from a demand they publish information. The government would get final discretion. Most of the exemptions were related to state security, diplomatic relations and national economic interests. Information would be redacted if it was in the national interest to keep some business arrangement secret.
But really, companies were making most of the redactions themselves. Of the two FOI exemptions most frequently used to justify them (when they bothered to give a reason at all), one would always be at the company's discretion. That was commercial confidentiality: i.e., anything they decided was in their commercial interests to keep secret. Public bodies might contest their decisions if they could really be bothered, or had time and money to do it.

The other was personal information: a routine exemption that led absurdly to Contracts Finder, the UK's public contracts register, being stripped of the names of people responsible for overseeing, designing and building public works. This was claimed to protect their privacy.
Either way, the CBI was applauded last year for coming out on the side of transparency and accountability, when really it came out only for transparency.

Accountability was used to sell the policy to the public. But its purpose was to make markets more efficient by increasing the flows of information that made markets work well: basic information about the deals done, but not so much that private businesses would become fully accountable to the public.

Thumbnail image for David Cameron - Linn products HQ - East Renfrewshire - 3 MAY 2010 - Conservatives promotional picture.jpgPrime minister David Cameron had even emphasised accountability and commerce when he put the policy to the electorate; and dropped the accountability part of the spiel when he got settled into power (and had but to convince businesses it was good for them too).
This sort of commerce had also been the founding purpose of the World Bank, the "Bretton Woods" institution behind the international open contracting initiative: to open markets, to promote free trade.

It had a less accomodating view of redactions because national interests were different abroad, where corporations needed to extract vital minerals and resources. It was also relatively straightfoward, calling for full transparency in the primary industries. It would be a different matter back home, where information itself was becoming a tradable commodity along with the algorithms and even business relationships applied to it. Redactions were therefore becoming more likely back home, where it was in commercial interests, even though it the information economy would have greater implications for accounability.

That's not to say the initative pursued open markets at the expense of democratic accountability. One naturally begets the other, with exceptions.

Coalition c̶a̶b̶a̶l̶ network breached computer c̶a̶r̶t̶e̶l̶ state

| No Comments
| More
The coalition government sought to catalyze the dissolution of big public bodies by publishing their contracts.

It wanted ultimately to "transform" lumbering government departments employing lots of people in big call centres, turning them into into whizzy web apps that rendered most government jobs in software.

It would only do this if it could break open the big outsourcing deals the big government departments did with big contractors to run their national, public services. It would employ ecosystems of small, private tech companies to do the transformation. But first it had to break the public sector open so the interlopers could get in. Total contract transparency was part of the plan.

Some of the contractors who helped formulate its policy subsequently did well under its contracts. Only their contracts were redacted.

They assembled at the Network for the Post-Bureaucratic Age, a think tank prime minister David Cameron launched in 2010. He used the launch to announce that he would reform government by publishing all public contracts "in-full".

Thumbnail image for Liam Maxwell.pngLed by Liam Maxwell, who subsequently became responsible for implementing coalition digital reforms as Cabinet Office's chief technology officer, this Post-Bureaucratic bunch insisted likewise that transparency must be "imposed" and "enforced" on public contracts. This was set out in their September 2010 report, "Better for Less" - effectively a blueprint for the ICT Strategy that would spearhead the coalition reform programme, issued in March 2011.

Jerry Fishenden.png Maxwell's co-authors all subsequently helped him implement the coalition's computer-led reforms: Jerry Fishenden, Cabinet Office advisor and LSE academic who worked with Maxwell as deputy government CIO, and who organised and wrote the Public Administration Select Committee hearings and report in 2011 that generated the resonant but insubstantial accusation that the public sector ICT industry was corrupt and therefore needed urgent reform;

Jonathan Sowler.pngJonathan Sowler, who worked with Fishenden on strategy at Microsoft before 2010, and who then joined Methods Consulting, a principle contracting firm for the Cabinet Office's digital transformation programme;

Peter Rowlins.png Peter Rowlins and Mark Thompson, owners of Methods, the latter an architect of the coalitionMark Thompson.png reform programme as advisor to chancellor-to-be George Osborne before the 2010 election, and Cabinet Office advisor after it - he also articulated the policy in numerous papers he co-wrote, as a Cambridge University business school lecturer, with Fishenden;

Simon Wardley.pngSimon Wardley, a consultant to the Cabinet Office through the Computer Sciences Corporation's Leading Edge Forum advisory group, and one of the foremost public advocates of the coalition-flavoured model of computing;
William Heath.png
and William Heath, chairman of Mydex, an identity software company that helped formulate the coalition's Identity Assurance Scheme and then won a place on its £25m pilot contract in 2013.
This lot demanded public contracts be published in full. But Maxwell wasn't quite as strict about their own public contracts.

His Cabinet Office published its contract with Mydex in 2012 only after redacting the names of directors and civil servants involved in the deal. Mydex was subsequently lined-up for a place on the £150m Verify framework, the successor to the ID Assurance scheme trial.

IDA, the coalition's replacement for the last government's dreaded Identity Cards Scheme, was the keystone of all its reforms: it couldn't automate government if it didn't also have an automated way of identifying people who used its automated government services. Maxwell's colleagues all coincidentally shared a professional interest in such systems.

Mydex was a shoe-in for a place on the £150m framework contract, having helped design the coalition ID scheme, and being one of a few pioneers in the world of the principles behind it. The other trial companies were all expected to get places too when Cabinet Office finalised the deal this month.
Thumbnail image for William Heath.pngBut this all changed at the end of March, while Computer Weekly was resarchng the NpBA cabal network. Cabinet Office issued a jaw-dropping announcement: Mydex was not getting a place on the £150m Verify framework after all.

It was unprecedented for any government department to renounce a supplier from a contract before its award was announced. It was surely unprecedented for government to renounce a supplier from a contract at all?
"Mydex CIC has been an important partner for GOV.UK Verify and, although it will no longer be one of the certified identity providers, that partnership is ongoing", said the Cabinet Office statement.

"Mydex goals remain aligned with HMG policy," it said. Mydex would continue developing identical systems "alongside" the UK government contract as well. It just wouldn't be on the contract anymore. It neglected to say why.

Maxwell imposed transparency but loosely again when his department gave his compadres at Methods Consulting a place with 65 other suppliers on its £2bn ConsultancyOne framework in 2013. Contracts Finder recorded the deal with blank, generic framework templates.

Peter Rowlins.pngThompson and Rowlins did well out of it because they restructured Methods, pre-empting the policy changes they had helped Cameron's government devise.

Mark Thompson.pngThey had in 2009 been on a similar 3-year, £500m ICT Consultancy framework with 23 other suppliers.

But their business was crushed by a freeze Cabinet Office minister Francis Maude put on IT spending in 2010 while he prepared to implement Thomson's reforms, and while Fishenden prepared the way with his racket about a cartel.

Methods Consulting 2012 Accounts.pngMethods' revenue dropped from £54.9m in 2009 to £28.7m in 2012 after Maude's freeze bit, according to their annual accounts registered with Companies House. Methods reacted boldly to this crisis: by almost halving to 21 people the administration, sales and marketing staff who had formed its entire workforce, and replacing them with twice the number of consultants.

Since Methods applied for a place on the £2bn ConsultancyOne contract at the start of 2012, it hired 42 hand-picked consultants, doubling its staff from pre-downturn levels. It got a place, and its public sector income subsequently jumped 60 per cent, back to pre-downturn levels, at £46m.

Thompson and Rowlins bragged in Methods' annual reports how Cabinet Office reforms called for just the sort of thing their business was geared up to do.
That was "scalable, commoditised computing" - the same thing CSC and Mydex were geared up for as well.

Also known as cloud computing, it was what government services would become when they had been transformed by the coalition and its network of advisers: vast, remote data centres run by the likes of CSC would host software produced by the likes of Mydex to run government services previously administered manually by civil servants.

The Cabinet Office would bring this new regime about by establishing its G-Cloud procurement system. This was a digitally-enhanced framework contract that would create a quasi-marketplace of pre-vetted suppliers whose cloud services could be "pulled off" as though from a picture book of haircuts in a barbershop.

Cloud computing itself would involve delivering commodity computer services over the wire. It would be like the difference between getting a haircut at a salon or picking a style from a picture of prefabricated wigs.

Along with contract transparency and some technological reforms, these were the fundamentals of the coalition plan to create a vigorous market for public services.
The technological reforms were open source software, open standards and open data. The first two would, theoretically, stop companies using their software to gain control of the market by claiming property rights over the software people used, then dictating the terms on which people's software communicated, and then hiking up rents to gluttonous levels. Osborne and his NpBA advisers had diagnosed this as the source of problems the government had with big computer systems.
They proposed that open standards and open data would allow them to disrupt the "ICT oligopoly" - 18 companies, it reckoned, who dominated public sector computing - not because 18 was as many as the market for big government contracts could sustain - but because their own nefarious software had closed the market to any competitors.
They would correct this apparent injustice by creating a kind of perfect competition: the nirvana of free-market economic theory where no companies could set themselves up as a gluttonous oligopoly because market conditions would always make it easy for any competitors who fancied having a go.
Open contracts, cloud computing and the G-Cloud procurement framework were text-book examples of the conditions you would need for a perfect market:

full market information, so everyone could see what everyone else was up to, with who and for how much;
having many suppliers would prevent wannabe oligopolists from exploiting their power to earn more money than anyone else;
the technological reforms would make it easy for anybody to join the market if they wanted;
and cloud computing would remove any distinctions between them.

It would created a totally "level playing field".
Thus by the laws of economics, the public sector would become a place where innovative young entrepreneurs would thrive. The large contractors who usually got government work would be forced to make their software assets open, so anyone who fancied muscling in on their business could just come and have a go. And the competition would surely become intense because their competitors would see their juicy contract prices and undercut them.
Accordingly, when Methods got a place on the £200m G-Cloud 6 framework contract in February, it did so not with 65 other suppliers as before but with about 1400. It got a place on the Cabinet Office's £40m Digital Services framework as well, with 173 other suppliers.

This is what Cameron and Osborne promised their reforms would deliver: the difference between a stagnant pond with a few prize, hand-fed carp and a dynamic ecosystem churning with oxygen and healthy food-chain rough-and-tumble.

That's what they offered on the face of it. But from another perspective they were merely continuing a programme of privatization begun by prior Conservative governments - and most especially Margaret Thatcher's government of 1983. You can read about that <here>. 

Subscribe to blog feed


-- Advertisement --
-- Advertisement --