Recently in data sharing Category

How Gov aimed to exploit personal data trade

| No Comments
| More
The £3bn trade in tip-offs about people caught in car accidents has exposed the seedy side of the personal data market. Seedier still are draft government plans to cash in on this bonanza when it ought to be sticking to the Tory manifesto promise to give people a right to call the shots over their own personal data.

Plans to replace Labour's ID scheme with a private sector system of identity assurance, which Computer Weekly revealed Cabinet Office had floated to industry in April, have led inevitably to a proposal for the private sector to become more active as custodians of people's personal data as well. This is already happening to a large extent but, much to people's dismay, the private sector seems less interested in being custodian than exploiter.

In the Cabinet Office plan, British citizens would be represented by electronic identity and attribute agents (attribute being jargon for an item of personal data) in a "marketplace in trusted data provision."

"The 'trusted attribute service' economy is based on the exchange of attributes (aka claims) which are data items from a trusted source relating to an authenticated individual," said the Cabinet Office draft technical blueprint.

"They also provide a mechanism for third parties to expose such data, and operate in a market for that service," it said.

It went on to say how government could cash in on the billions already being made in the market for personal data. The idea was that people build a network of trusted relationships online and personal data supplied from members of their network can be assembled in combinations of ever-greater numbers of attributes to meet higher and higher levels of security clearance. Companies providing that data could charge for it, like police forces and insurance companies have been charging ambulance chasers for tip-offs when people are caught in a car accident.

"Government attribute providers" would under the Cabinet Office plan exist in all major government departments and feed personal data about the citizens in their charge to private sector identity and attribute agents.

"Possible examples" of data the government could trade included "nationality", the "right to work", and verification of national insurance and driving licence numbers.

"The government could potentially charge the private sector for this service," said the draft plan.

That might simply involve verification of data: whether someone is a benefit claimant or a disqualified director, or a confirmation of their nationality. In the virtual world, a yes/no answer is indistinguishable from the actual transmission of a string of data such as: "unemployed, disqualified director, from Jamaica".

These were draft plans presented for discussion. Though it is not unknown for the government to trade in people's data. DWP had for example been giving BT access to its national insurance database under arrangements that have not been disclosed.

The Cabinet Office Identity Assurance Scheme could not rely on a private sector ID market if it did not engage in actual exchange of personal data with private sector providers. The draft plan proposes people should have control over the trade in their data. But it is tempered by a warning that this may not always be possible.

That, as has been demonstrated by the example of the insurance scam, is the element of the coalition government's private sector ID scheme set to match in dread Labour's Big Brother: a market in which people's "attributes" are traded in such a frenzy that it inflates prices, leading people to be fleeced simply for being "known", pestered by vultures like ambulance chasers, and with who knows what other unforeseen consequences.

An answer to this problem has been proposed by the personal data model government has piloted at Brent and other councils, and with which the DWP and Cabinet Office have been closely involved.

That is the Mydex model, in which people are given the means to control their own personal data in their own personal agent: deciding who gets to see it, who gets to use it and on what terms. It would even give people the means to flog their own data, making them the primary agents in any market.

If that sounds too good to be true, its because the market is already getting carried away with itself. Banks are getting in on the act, as if early evidence hasn't already shown how the personal data market can inflate to the detriment of ordinary people without their help.

The government needs to act quickly to carry its pre-election promises on civil liberties to their logical conclusion. That does not mean making a song and dance about dismantling Labour's ID scheme only to throw everyone's identities to the dogs in the private sector. That means ensuring people have the means to control their own personal data, wherever and however it is held.

Police data hub raises doubts over open source policy

| No Comments
| More
A landmark software deal that exemplifies key elements of the government's public sector reform programme may have exposed shortcomings in open source policy and plans for an IT-enabled Big Society.

The deal involves the National Police Improvement Agency (NPIA) selling its Code List Management System (CLMS), a core component of the Police National Database, to Liberata, a private sector ICT supplier.

Public and private police in the Big Society - crop2.pngWhile a Cabinet Office endorsement may turn CLMS into one of the major components of the IT-enabled Big Society, the Liberata deal shows what the government's Localism Bill may mean for local government ICT and the Cabinet Office ICT strategy. This forecast isn't good.

The CLMS data hub deal is itself the hub of this conflation.

It involved NPIA giving its software to Liberata. The ICT supplier promised in return to offer CLMS services free of charge to the public sector. It could otherwise do what it liked and NPIA would get a share of profits.

Yet for all its apparent daring, the deal suffered a terrible lack of ambition. NPIA had raised the issue of open source with Liberata, acknowledging the government's preference for open source software.

NPIA was down with it, but didn't write it into the contract. Liberata's commercial interests were intractably old-world. It would give the public sector the service for free, but not the software code.


The decision may have immense consequences, both for the profit the pair will make, and in the opportunity cost the public sector will take.

The significance lies in what CLMS does and what it may become. It was developed as the heart of a circulatory system between different criminal databases held by the UK's 53 police forces and agencies.

Thus linked, the databases have been combined into a central, Police National Database (PND) to be launched in June. CLMS helped make their data capable of being shared and combined by making sure they all used the same data taxonomies: the different values deemed valid for different fields in a database.

Murders

The significance of this feat of data engineering was not lost on the Cabinet Office. The 2004 Bichard Inquiry into the intelligence failures that prevented police thwarting the murderer of Soham school girls Holly Wells and Jessica Chapman had blamed poor communication between police databases. It's taken this long to integrate police databases and realise the operation's implications.

Andy Waters, a systems architect who managed the CLMS commercialisation at NPIA, said the agency convinced the Cabinet Office cross-government data sub-committee (called X-Gov Information Domain) the system would benefit the wider public sector.

60 to 70 per cent of government data is held in code lists. Incompatibility is rife. CLMS cut development of the Police National Database by six months to one year and lopped 20 per cent from its cost by ironing out the differences, between say, codes different databases use for gender. It thus already does for the police what the Cabinet Office wants to do for the Big Society: make it interoperable.

So the CIO Council awarded CLMS "exemplar" status. Waters said Cabinet Office wants to roll it out across government as part of its open standards push.

Internet visualisation - crop.png
"We are engaging with Cabinet Office now with a view to more widespread adoption of CLMS," he said. "Our premise is to provide a single one-stop shop for all government data standards. That's the reason why Liberata are making it free to government, to encourage them to adopt it.

"We are in discussions as to what changes [Cabinet Office] require to enable them to mandate its use across government," he said.

Big Society data hub

Cabinet Office wanted CLMS capable of handling post codes, sort codes and other more complex data structures common in the wider public and private sectors.

While Liberata develops the upgrade, NPIA is doing a pre-sales routine with government departments. When CLMS ticks all the boxes, the CIO Council will give it "Champion" status. It would become the de facto Code List Management System for the Big Society.

CLMS would enable a significant part of Cabinet Office's open data and open standards policies. The software makes it possible for anyone to see and use the code lists that populate the PND. The 15,000 crimes that populate the PND's, offences field for example (yes, 15,000 offences), are publicly available; as are the vehicle make/model lists.

Such transparency would fuel public and private innovation. CLMS would then provide mechanisms for homogenising and interfacing between different code lists managed by different public and private bodies, fuelling more innovation. That's how an IT-enabled Big Society is supposed to work.

Even so, the NPIA/Liberata model does not bode well for the Big Society reforms.

The government's Localism Bill intends to give local authorities a general power of competence, which will allow them to operate commercially. Swingeing budget cuts have forced Socitm to advise them not to retain software engineering teams, forcing them to rely entirely on private development for public IT innovations. The combination will cause local authorities to commercialize more public IT systems.

So what?

NPIA effectively gave Liberata a commercial hold over one of the major circulatory systems of the IT-enabled Big Society; a blank cheque to commercialise access to open government standards and data.

CLMS is attractive to Liberata because the private sector will flock to it: to have such close interoperability with government systems will become a commercial necessity. The standards set in the public sector by CLMS may thus become standard throughout private and public Britain.

Liberata.pngWorking from NPIA's conservative estimates, this could net Liberata £62m. NPIA is counting on it. Liberata paid no money for CLMS. NPIA will instead get up to 8 per cent of revenues, which it reckons may amount to £5m over 5 years.

Though NPIA is a quango, its Liberata deal exemplifies what localism will mean for ICT more generally when councils get a general power of competence. Crucially, this demonstrates the impotency of the government's open source policy when faced with the prospect of short term commercial gains.

Open source impotence

Waters said NPIA would prefer the CLMS software to be open source - i.e. for the software code to be freely available, not merely for the service to be free of charge to the public sector.

But NPIA left the decision to Liberata. Since the government favoured open source, it assumed Liberata would. It did not deem it necessary to make open source a contractual obligation.

Open source impotence.pngOpen source seemed like a no-brainer. If the CLMS source code were open, anyone in the public sector could contribute enhancements or add-ons. The more people add things on, said Waters, the more valuable the service becomes. Liberata saw this too.

"Liberata have stated it's their intent to go the open source route," Waters told Computer Weekly. "[But] I can't speak on their behalf. It's their decision. The nature of the concession contract is we give Liberata the commercial freedom to develop the service as they see fit."

But open source is poorly understood by industry. It is therefore being overlooked as an empowering model for government's Big Society and Localism schemes.

This is because the incumbent industry works to the end of profit by whatever means, while open source is on a completely different trajectory: it's the bottom-up model that is meant to define this government's political term.

Industry ignorance

It is not surprising therefore that the £100m Liberata, which was bought by equity investors in January, appears like other software suppliers to have considered the government order that public sector software should be open "where appropriate" and decided without hesitation that its not appropriate.

David Mitton, CLMS business development manager at Liberata, told Computer Weekly he couldn't discuss the open source question because it was still developing its commercial strategy.

"Whether it's open source or not, I'm still working through those details. I don't have a yes or a no. I've not even discussed it," said Mitton.

But Liberata has already done the deal. If it wasn't designed on an open source business model, Liberata is even less likely to discover the model to be appropriate after considering its potential routes to market. What is more apparent in the Liberata example is industry's contempt for open source and the Cabinet Office policy that calls for it to be put first.

"I would say its just guesswork and conjecture at the moment," said Mitton of the open source question. "I'm looking through the government ICT strategy paper, and open source - I've not even seen it in there.
Mechagodzilla.png

"It's clearly an important part of all software solutions going forward, and it's on my agenda to deal with it this week," he said.

But did Liberata know whether there might be a potential advantage in making the CLMS software open source, and what that advantage might be?

"I'm very busy," said Mitton. "I'm not prepared to debate that with you. I've got no more to add."

The deal looks lucrative for both Liberata and NPIA, especially if it gives Liberata a monopoly over public sector code lists. But it misses the point of the Cabinet Office IT reforms, which are ultimately a realisation that IT suppliers had got used to making too much money because they had too much power.

The bottom-up model, in being more open and collaborative, would naturally mean more modest gains all round. All round.

Open standards policy gets thumbs up and let down

| No Comments
| More
The government's open standards policy is being hailed by free software campaigners as an example to other European countries, but on condition the Cabinet Office can actually implement it - a condition that carries no guarantee.

The Cabinet Office policy might have made the bold, even radical declaration that government ICT must be implemented using open standards at no cost and to the satisfaction of no royalty holder. But it has no teeth.

Its success will depend entirely on the co-operation of procurement officers across the public sector who are accused by techies from as broad a church as the Public and Commercial Services Union and the British Computer Society of making a hash through their ignorance of IT.

The open source and open standards policy had no teeth when the last government launched it two years ago. It had no teeth when relaunched last February. It has no teeth now it has been relaunched again.

Yet it is still being lauded as the gold standard for all other governments to follow. It encapsulates what the open lobby have been demanding for years. And it has fired a broadside into the proprietary software lobby that campaigned so hard in Brussels to temper the European Interoperability Framework (EIF). If the proprietary lobby has been at work in London, it doesn't show. Everything it worked for now looks lost.

Just hear what the free software lobby have to say about the UK policy.

Karsten Gerloff, president of the Free Software Foundation Europe, told CW it was "leap ahead for the UK". Britain had always been a laggard. Europe had always led the push for open systems.

"This is one of the stronger policies we've seen from European governments. We'd like to see similarly well-considered steps from more European governments," said Gerloff.

He said it was better than the "fudged compromise" the European Commission made out of the latest version of its EIF, version 2, published in December.

Roaow!...

Graham Taylor, chief executive of Open Forum Europe, said the Cabinet Office had sensibly used the EC's last open standards policy for its reference and not version 2.

In so doing the UK had set the standard that other countries would indeed follow, said Taylor, whose lobby group has been given the honour of chairing the Cabinet Office's newly formed Open Source Advisory Panel.

Taylor expected other countries to follow the UK with similar policy statements. The EIF was meanwhile not a damp squib. It encapsulated as much compromise as it was possible to achieve between the 27 states of the European Union.

"The EIF is there to encourage pan-European interoperability," he said. "National governments have to come up with their own definitions. The commission has gone as far as it will go."

The UK is the first country to announce an open standards policy since the EIF was published in December. Taylor's advisory group, which has been donated a meeting room and facilities at the Cabinet Office's Whitehall headquarters, has been charged with making it happen. It is meant to be counterweight to the Systems Integrators' Forum, that other body formed the Cabinet Office formed last month with orders not to prevent it happening.

Whether it does actually happen will depend on whether the Cabinet Office and the industry can sustain the movement's momentum.

...Paper tiger!

Gerry Gavigan, chair of the Open Source Consortium, is not convinced the government has done enough to remove the obstacles.

"It all hinges on what you make of 'wherever possible'," said Gavigan in reference to the terms by which the Cabinet Office has declared that open standards should be implemented.

And, he said it hinges on what the government plans to do in those cases where it is possible to implement an open standard but a government body chooses not to.

"What does that recommendation mean in the context of say, DWP?" he said. "If one wants to claim benefits on-line one is told explicitly that the system will only work with MS Windows. What effect does the Cabinet Office recommendation have there?"

A recent meeting of the British Computer Society's Open Source Specialist Group considered the reasons why almost all government websites used Microsoft software to the detriment of their interoperability with other systems.

It may ultimately have something to do with what Gerloff calls the "lamentable" standards process which gave us, for example, the Microsoft OOXML "charade". He commended the government for declaring that all standards should be formed by an open process. That may have some repercussions for bodies like the British Standards Institute.

It also trails the outcome of the current review of standards being conducted by the European Commission. EU regulations require standards to be set in reference to EU standards organisations. The UK wants them set on international terms.

G-Cloud: introducing the neo-database state

| No Comments
| More
Now the Home Office has destroyed its prototype ID database in a publicity stunt, the government is putting the finishing touches to plans that would put the real Identity Scheme databases at the heart of a powerful government data sharing system.

The Government Cloud (G-Cloud), an ambitious Cabinet Office scheme to share IT resources and data across the whole of government, is seeking to remove all technical and organisational barriers to public sector data sharing.

Reports published last week by the Cabinet Office describe how G-Cloud will exhume the data sharing systems that underpinned ID Cards, along with the fatal data security risks that went with them. The principles will be applied to all government data. The plans have been overseen by the same executives who oversaw the ID Scheme's data-sharing system, the ill-fated CISx.

Damian Green Destroying ID scheme Hard Disks - February 2011 - 500 by 415 dpi.jpgThe reports state that the only limits to data sharing between government departments in the G-Cloud would be those imposed by law. It is presumed that whatever sharing is required will be permitted.

The principle was established a year ago in the G-Cloud Vision, which was drafted by Martin Bellamy, the same civil servant who advised ministers to proceed with the CISx as one of two core components of the ID scheme.

Bellamy's Vision cited the CISx as an example of the sort of data sharing that would be possible within the G-Cloud. The CISx plan had involved turning the Department for Work and Pensions Customer Information System database (CIS), which contains personal details of everyone in the country, into a system that could be accessed across the whole government.

"As it develops, the G-Cloud will become the repository of a significant portion of Public Sector data," it said.

Linking data

Bellamy's Vision laid out architectural principles explored in greater detail by G-Cloud working groups under the coalition government last year. The most fundamental was that the government should seek to ensure that data items were harmonized across government so they could be linked.

The G-Cloud seeks to harness the power of the internet to create a network of interchangeable and interoperating systems. It is envisaged that the near entirety of public computer systems would be assimilated by the G-Cloud programme in 10 years.

John Suffolk clarified the vision before he stood down as government's chief information officer last year. The government CTO Council would oversee the development of common data standards G-Cloud required.

"These standards will also ease the process of sharing data between different public sector organisations," he said.

After Joe Harley was appointed CIO in January this year, his division of the Cabinet Office put its stamp on the most up-to-date of the draft G-Cloud plans, the G-Cloud Services Specification.

The specification took the idea of G-Cloud as crucible of government data sharing and rebranded it as system for "Information Access". This involved different public bodies sharing one another's applications in order to access one another's data.

Threads and shreds

It used precisely the same language as the year-ago G-Cloud Vision to describe the framework within which G-Cloud data sharing would operate.
 
"This service will only be permitted where statute allows the data to be shared with the requesting public body," said the reports.

The only other data sharing proviso would be that "information assurance requirements for the data are adequately supported across the G-Cloud," they said.

Shredded ID Database parts - Home Office - February 2011 - 5433789496_eeb5941e9b.jpgThis lesson will be fresh in the minds of those in the Cabinet Office putting the finishing touches to the G-Cloud strategy. Harley was CIO at the DWP when the CISx plan was devised and was still there when it was scrapped last year. Ian Watmore, his boss at the Cabinet Office, spearheaded the Transformational Government strategy by which the Labour government had sought to increase public sector data sharing. The CIS got a special mention in the Transformational Government strategy as well.

The Home Office said last week its minister Damian Green (pictured) had destroyed Labour's ID database. But he only destroyed the temporary system the Home Office erected in a hurry so it could get ID cards on the streets before the 2010 election. It had still not proceeded with integrating the real ID databases because it was still trying to work out how to resolve their excruciating data security problems.

The photographs of Green shredding hard disks on an industrial estate in Essex were a publicity stunt staged to destroy a publicity stunt. It was always said the ID cards were a only a token of the sort of computer systems that have already become well established instruments of government.

The databases still exist. The government still has a plan to integrate them. And the security problems inherent in public sector data sharing have still not been resolved.

DWP spent £5m on ID database it never built

| No Comments
| More
The Department for Work and Pensions spent over £5m on an Identity Cards database so poorly conceived that it was never built.

The department spent three futile years designing the database after the Identity and Passport Service (IPS) commissioned it 2007. It was to be one of two key ID databases and would form the backbone of a system to share personal data about British citizens across the whole of government. But poor planning, inter-departmental disagreements and data security risks prevented it from being developed.

The DWP refused to reveal how much it had spent designing the aborted ID system, called CISx. The DWP press office said it would only answer questions if forced to do so by a Freedom of Information Request. The answers Computer Weekly obtained under FOI revealed how much money the government wasted on the IPS/DWP plan before it officially pulled the plug last summer.

"The cost of establishing the CISx service and developing the technical changes to CIS to enable data sharing and the storage of additional data items totalled £5,200,000," a DWP spokesman wrote in an FOI report.

The plan involved transforming the DWP's Customer Information System (CIS), which has 90m records of living and dead British citizens, into a biographic reference for government department wanting to check people's credentials and record more of their personal details.

The DWP spokesman said the department could still make use of some of CISx design work in its legacy CIS database, which is still used by more than 200,000 civil servants.

"Standards and policies that were developed have or will be used to support ongoing CIS activities," he said.

Ungovernable

He also gave an insight into the inter-departmental problems that led the ID CISx plan to flounder. The system was so ambitious that numerous government departments where required to govern and fund it, with the work being done by the DWP's Information Systems section. But their inability to co-operate caused the IPS to order the DWP plans be torn up in 2010.

The spokesman said some of those departments appointed as joint owners of the DWP CISx had contributed to its development costs.

"IPS and the Driver and Vehicle Licensing Agency (DVLA) reimbursed DWP the cost of developing the original CISx service assets, apart from the development of a financial management tool for the use of CISx services by OGDs (other government departments), which was paid for by DWP...IPS also paid for the development of technical changes to CIS."

The DWP made no reference to HMRC, one of the other departments that had been appointed joint owners of CISx. Neither did it specify amounts paid by each department.

The DWP had tried to establish an innovative means of governing the development and operation of its cross-government system. Such a system had never been built before. The governance model was untried.

The DWP elected to act as though it were an IT services company. Other government departments in on the CISx plan would become commissioners. The governance model proved unworkable.

"CISx proposed a Commissioner/Provider model and shared governance arrangements, with users of CIS acting as Commissioners and the DWP acting as the Provider," said the DWP spokesman's email.

"The DWP has decided not to adopt this model to avoid overhead costs that would otherwise need to be borne by the Commissioners and because experience led the Department to conclude that the model did not provide significant benefits over existing governance arrangements," he added.

The DWP accepted the IPS' request for the CISx in 2007 after establishing loose agreement over the system of governance with IPS, HMRC and DVLA.

DWP ID Plan - read the Restricted report

| No Comments
| More
Why would the DWP have supported the hair-brained Home Office plan to commandeer its computer assets for the Identity Card Scheme? Vanity, of course.

You can see what the DWP thought of the plan by reading the restricted policy document that comprised its approval, Use of the Customer Information System as a shared, cross-Government asset.

Thumbnail image for DWP CISx Preliminary Feasibility - report cover - Use of the CIS as a shared cross-Government asset.jpgThe DWP fawned over futile ID plan. "Pioneering," they called it. You may remember, the idea was to take Europe's largest public database of personal records, the DWP's Customer Information System (CIS), and bolt it onto the ID system to create a biographic record of everyone who carried an identity card.

It was to be the first project of its kind in the history of government. It would put the DWP at the vanguard of the Labour government's Transformational Government strategy.

"Using CIS as a shared cross-Government asset puts DWP in the lead in the Transformational Government Strategy and cross-Government co-operation. Sharing CIS supports some of the Government's most important strategic goals such as joined-up Government and the re-use of assets. It allows the release of efficiencies across the system and supports delivery that is more focused on customer needs."

Thus enthused Martin Bellamy, the DWP's then Pensions IS director. To be fair on Bellamy, who is now ICT Director for prisons, he did say the obstacles should be cleared before the work went ahead. So why did he and the IPS recommend going ahead without first eliminating those problems that, it would later transpire, were insurmountable?

Bellamy's preliminary feasibility study gave the cross-departmental green light despite the plan's gaping holes.

But the final word came from the Identity and Passport Service, whose official Feasibility Study gave ministers the confidence to approve the flawed plan. We'll come back to that later.

For now, one might say that hindsight is all very well, and feasibility is an art, not a science. Feasibility Studies are technical manifestos: a declaration of intent; a conspectus of what consensus there is to have something done. The art of the feasible is always a gamble.  Done properly, however, it gives the odds; it doesn't attempt to swing them.

Advisers foretold ID's doom

| 3 Comments
| More
The Identity Card Scheme offers a lesson in the infeasibility of IT systems held to political ransom. The cost of failure was too high for the Labour government. So the Home Office pressed on Quixotically with the system, despite never overcoming its critical weaknesses.

The picture that has emerged with the publication of last week's Independent Scheme Assurance Panel report is one of a government department hashing together on the fly a system of a size, complexity and sensitivity never before attempted. It may have been too big to fail, but it was also too much to handle.

The Home Office was obliged over the years to issue empty assurances that everything was under control and that it was addressing the repeated warnings given by ISAP. Can you handle a project of this size and complexity, asked ISAP in 2007. Yeah, 'course we can, said the Home Office - we've recruited some more executives.

In failing to deliver on those assurances, the department gave an indication of the amount of strain its IT experts must have been under. Working on a panacea project must be like happy-clapping at a cult.

The inconvenient imperfections of the ID plan were spelled out clearly in ISAP's 2007 report, compiled in the year after the Home Office cut the ribbon on the system blueprint and set their IT chumlies off on their futile quest.

After three years of development, the problems still had to be addressed. And very little of the blame could be put on the poor techies building the system. The snags were political. The fault was incompetent ministerial direction.

Writing on the wall

Data security risks identified in 2007 were never brought under control. And much else ISAP and good sense required of the ID project in 2007 was never fully addressed.

Public trust essential to the scheme was never secured. Inter-departmental differences over the accountability, funding and ownership of the cross-government system architecture were never settled. A "robust and transparent" system of data governance was never established. The system requirements were never properly defined and neither were its benefits, though both were crucial, it was and is commonly said, before the system could be properly designed.

Vital skilled staff were never recruited. A system of competent organisational governance was never established. Cross-government support was ever obtained and a cross-government standard of identity data and management was never agreed.

It was being built, against ISAP's advice and accepted wisdom, on "shifting sands". And contracts with suppliers were let, to satisfy a political timetable, despite these crucial preliminaries not being clarified.

This must have been especially awkward for the Home Office and may explain why it disbanded ISAP in 2009. No matter that the oversight panel was set up after the Home Affairs Select Committee said in 2004 that the Gateway review process (through which the Office of Government Commerce usually seeks to prevent embarrassing IT failures) couldn't be trusted to oversee a "project of this scale". Don't worry, said the Home Office, we'll set up an independent oversight board.

Had the Home Office given ISAP more credence, a lot of time and money may have been saved. The panel's first public warning put the writing on the wall: data loss will lead to a loss of public trust that, it implied, would be the project's ruin. There were real risks of data loss, it said. Something had better be done about it because people won't stand for it.

Mind bending

This was to be done with a PR exercise that would win public trust by showing how security concerns had been addressed. People would be told the system's tolerance for errors. Said system would have not only to be "robust" but also "well respected".

The problem was swept under the carpet. Civil servants were being sacked for snooping on the Customer Information System (the DWP database that was to form the biographical core of the ID system) before the scheme began. They were still being sacked after the scheme was scrapped in 2010. The DWP's precautions were shoddy, the security leaks were proving unmanageable and the DWP refused to reveal the error tolerance of the CIS. It may not even have known.

You have to wonder how the ISAP overseers felt about it all in the end. Nokia CEO John Clarke, Cranfield Professor Brian Collins, ex-First Direct Bank CEO Alan Hughes, BAA IT director Malcolm Mitchell, and ex-HSBC Bank CIO Fergie Williams: these sort of people are not used to being fobbed off.

Being from the commercial world, they are also accustomed to developing systems that rely for their success on customer choice. Paradoxically, they advised that the ID scheme would only succeed if everyone was forced to use it. This exposed the lie in Blair's ID sales patter, the come-on-you-know-you-want-it approach to civil security: everyone was going to get it anyway, whether they liked it or not.

Sad ending

"To be successful," the ISAP said, "the scheme has to become the government's (and the commercial sector's) primary means of identifying individuals and controlling updates to and use of their data."

It sounds preposterous now. Citizens no more like the Home Office watching them for their own good than foreigners like having bombs dropped on their heads for their own good.

The ID scheme gives us one other amusing paradox to ponder. From ISAP's perspective, it demonstrated how a lack of transparency in public policy and execution led inevitably to costly failure. Yet had the government come clean about the risks, it may never have won the public's support in the first place.

Transparency is the only hope we have of overcome the endemic problem of public databases being snooped.

What support people had given ID was befooled. The sands shifted so much under the ID scheme that it's hard to say what it was meant to do in the first place. Someone should nose around the Home Office with that very same question in mind. When they come across its fascistic database of identity-carded foreigners they might ponder whether it would ever have been approved either had the opening sales gambit not been ID-for-all.

Open data sop or not

| No Comments
| More
If all public information is public and anyone can do what they like with it then...

"You don't need us," concluded one local authority executive at Socitm's 2010 conference in Brighton last month.

Is the public sector really sowing the seeds of its own demise with the open data initiative?

Like a swimming pool with no sides, if you let it all go free it may just all go: snapped up by precocious little bands of XML nerds and sold on as a profitable service to those citizens who can afford to pay for it.

In old bureaucratic Britain, public data belonged to everyone but was accessible to none. Soon it will be accessible to all but decipherable only by those who like to play with data analysis tools in their spare time.

That's the fear: that the transparency agenda will transform the periphery of government, while the centre of power retains its confidentiality and therefore integrity. That the open data revolution, with its publication of contracts and right to public data sets, will indeed improve accountability, but not as much as it nourishes the private sector.

The result may be a powerful centre and a private periphery. Let's not forget that local authorities may have schools and police forces snatched from them too. Devolution it is, but where to?

Smash the establishment

This poses an existential problem for those agencies that live from the sale of repurposed data. The Ordnance Survey and Chartered Institute of Public Finance and Accountancy are two that have come under the open data spotlight, and for whom free data may mean burst borders.

Still, you can't have a revolution without breaking some heads. The BBC, for example, is a national treasure, but its archive is public and should be free for all who have a TV licence, while rights holders and stars should say farewell to upper-middle-class luxuries, trumped up circus performers that they are. Their privileges are simply unsustainable in a networked world.

More prosaically, Dane Wright, the Brent Council IT strategy manager at the vanguard of these changes, believes open data will lead to the demise not of the public sector but merely to some of its activities.

Deloitte gave an inkling of what will be first for the chop in a report for Leicester County Council last year. It had the equivalent of 92 staff employed at a cost of £3.7m a year managing 3,000 datasets designed to satisfy central government demands. These functions will be consolidated and shared, their job will be to simply manage a plantation of data sources. The data free-for-all-will also clear much of the impenetrable jungle of public websites and the staff who manage them as well.

Sack the IT dept.

Perhaps those ICT staff sacked as open data inefficiencies will form mutuals to repurpose the data they used to work so hard to keep private for public bodies.

Matters will be complicated when the coalition's Local Government Bill gives councils free reign to compete with private companies.

Yet even though free data will eventually not be free but traded, this sour interpretation of the initiative belies its undeniable and vigorous optimism. It is a liberation, after all.

It may have looked like Tory opportunism, but the possibility that private companies will be forced to open their data when they work on public projects is the surest sign yet that the open data movement's higher ideals have survived its adoption by government.

Someone must now clarify exactly what in this androgynous world will be private but public. That is, what the public can claim a right to without getting screwed.

Papers please!

| No Comments
| More
The House of Lords has been scrapping Identity Cards this last fortnight. Sort of.

It's not simply a matter of "scrap the ID scheme", as the coalition government promised. It's like one of those magic tricks: the Identity Documents Bill will make ID cards vanish but - tadaah! - the government will still be holding the powers that made them so objectionable in the first place.

This ID scrapping bill won't be enough "to stop the development of a 'papers please' culture in Britain," says No2ID in its brief on the legislation.

That 'papers please culture is the one in which bus conductors have been replaced with revenue inspectors. It's the one in which a jolly whistle and the ting-ting! report of a portable ticket machine have been replaced with the hiss of a walkie talkie and the rustle of bomber jackets as they huddle round.

No2ID takes particular offence at how the ConDem's ID legislation will make it a criminal offence with up to 10 years imprisonment to try and carry off a false ID.

There are no end of reasons why someone might justifiably goof some busybody official into thinking they are someone they are not. They might want to send Transport for London's heavies the the wrong way for a start.

Or they might want to get lashed before they are 18. No2ID reckons the last government lost no time in seconding its terrorist-nabbing ID legislation to the task of bagging underage drinkers.

Yet the strangest thing about the ConDem's ID Doc's Bill are in is its Clause 10. And they are its data sharing powers. The ConDem's will with this bill introduce a wide power for linking disparate data sources to passport records, to keep them for police intelligence and to extend them at the home secretary's discretion. Just the sort of powers they protested about in opposition.

IBM will meanwhile continue operating the stump of the ID system, the National Biometric Identity Service (NBIS) database, as a database of foreigners. Liberty notes rather politely the "divisive and objectionable" fact foreigners will still have to carry ID cards in Britain.

It as though the nation has forgotten the plot to The Great Escape, though it is possibly the most replayed movie in history.

Not that you can compare British officials to Nazi commandants. The ID Docs Bill doesn't give them the power to take you into the woods to have you shot if you have the wrong papers. They will merely have the power to send you to prison for 10 years.

ID v2.0 - the ConDem Pitch

| No Comments
| More
Want to know how the Identity Scheme will look under the ConDems?

Mydex, the company providing the technology for the government pilots* spelled out the vision for ConDem ID v2.0 at Socitm 2010.

We recorded the pitch. You can hear it using the podomatic player below.


The Cabinet Office tells us it dusted off the Crosby report for the occasion. Crosby said in 2008 that if the government wanted a sensible ID scheme it should leave it for citizens to sort it out themselves with the private sector. Be done with this big brother database, said Crosby between the lines. So the government kicked his report into the long grass. And it seemed like we'd never hear of it again... 

Until the  28 August, when the coalition government certified its commitment to a liberal identity scheme in the Official Journal of the European Journal.

It called for companies who can furnish people with a proof of identity the government can use to deliver them services. It wanted ideas for the...

"...establishment of the provenance of identity, verification of a person against an identity, verification of the authority to conduct the transaction, validation of personal data related to the identity, fraud prevention, malware prevention, and assurance of appropriate security when accessing a public service through all channel types including but not limited to online and telephony."

The DWP's Tell Us Once is taking the lead on this. The idea is after all to allow people to look after their own personal data, instead of having the government do it for you, or to you. Just as Crosby recommended. How extraordinary it now seems that it may have been any other way.

Jerry Fishenden, the LSE fellow and Cameronean think-tank compadre, says these plans are so old they go back to the December 2000 plan for an E-government Authentication Framework.

The US has since leapt ahead with the same ideas. They'll probably be doing our ID systems for us before long.

Fishenden's written a paper about what the yanks are doing and why we're now doing it too: it's called The Obama Effect, apparently.

* being run the the DWP, HMRC and Brent, Croydon and Windsor & Maidenhead Councils

Subscribe to blog feed

Archives

-- Advertisement --