Recently in database state Category

How Gov aimed to exploit personal data trade

| No Comments
| More
The £3bn trade in tip-offs about people caught in car accidents has exposed the seedy side of the personal data market. Seedier still are draft government plans to cash in on this bonanza when it ought to be sticking to the Tory manifesto promise to give people a right to call the shots over their own personal data.

Plans to replace Labour's ID scheme with a private sector system of identity assurance, which Computer Weekly revealed Cabinet Office had floated to industry in April, have led inevitably to a proposal for the private sector to become more active as custodians of people's personal data as well. This is already happening to a large extent but, much to people's dismay, the private sector seems less interested in being custodian than exploiter.

In the Cabinet Office plan, British citizens would be represented by electronic identity and attribute agents (attribute being jargon for an item of personal data) in a "marketplace in trusted data provision."

"The 'trusted attribute service' economy is based on the exchange of attributes (aka claims) which are data items from a trusted source relating to an authenticated individual," said the Cabinet Office draft technical blueprint.

"They also provide a mechanism for third parties to expose such data, and operate in a market for that service," it said.

It went on to say how government could cash in on the billions already being made in the market for personal data. The idea was that people build a network of trusted relationships online and personal data supplied from members of their network can be assembled in combinations of ever-greater numbers of attributes to meet higher and higher levels of security clearance. Companies providing that data could charge for it, like police forces and insurance companies have been charging ambulance chasers for tip-offs when people are caught in a car accident.

"Government attribute providers" would under the Cabinet Office plan exist in all major government departments and feed personal data about the citizens in their charge to private sector identity and attribute agents.

"Possible examples" of data the government could trade included "nationality", the "right to work", and verification of national insurance and driving licence numbers.

"The government could potentially charge the private sector for this service," said the draft plan.

That might simply involve verification of data: whether someone is a benefit claimant or a disqualified director, or a confirmation of their nationality. In the virtual world, a yes/no answer is indistinguishable from the actual transmission of a string of data such as: "unemployed, disqualified director, from Jamaica".

These were draft plans presented for discussion. Though it is not unknown for the government to trade in people's data. DWP had for example been giving BT access to its national insurance database under arrangements that have not been disclosed.

The Cabinet Office Identity Assurance Scheme could not rely on a private sector ID market if it did not engage in actual exchange of personal data with private sector providers. The draft plan proposes people should have control over the trade in their data. But it is tempered by a warning that this may not always be possible.

That, as has been demonstrated by the example of the insurance scam, is the element of the coalition government's private sector ID scheme set to match in dread Labour's Big Brother: a market in which people's "attributes" are traded in such a frenzy that it inflates prices, leading people to be fleeced simply for being "known", pestered by vultures like ambulance chasers, and with who knows what other unforeseen consequences.

An answer to this problem has been proposed by the personal data model government has piloted at Brent and other councils, and with which the DWP and Cabinet Office have been closely involved.

That is the Mydex model, in which people are given the means to control their own personal data in their own personal agent: deciding who gets to see it, who gets to use it and on what terms. It would even give people the means to flog their own data, making them the primary agents in any market.

If that sounds too good to be true, its because the market is already getting carried away with itself. Banks are getting in on the act, as if early evidence hasn't already shown how the personal data market can inflate to the detriment of ordinary people without their help.

The government needs to act quickly to carry its pre-election promises on civil liberties to their logical conclusion. That does not mean making a song and dance about dismantling Labour's ID scheme only to throw everyone's identities to the dogs in the private sector. That means ensuring people have the means to control their own personal data, wherever and however it is held.

Police data hub raises doubts over open source policy

| No Comments
| More
A landmark software deal that exemplifies key elements of the government's public sector reform programme may have exposed shortcomings in open source policy and plans for an IT-enabled Big Society.

The deal involves the National Police Improvement Agency (NPIA) selling its Code List Management System (CLMS), a core component of the Police National Database, to Liberata, a private sector ICT supplier.

Public and private police in the Big Society - crop2.pngWhile a Cabinet Office endorsement may turn CLMS into one of the major components of the IT-enabled Big Society, the Liberata deal shows what the government's Localism Bill may mean for local government ICT and the Cabinet Office ICT strategy. This forecast isn't good.

The CLMS data hub deal is itself the hub of this conflation.

It involved NPIA giving its software to Liberata. The ICT supplier promised in return to offer CLMS services free of charge to the public sector. It could otherwise do what it liked and NPIA would get a share of profits.

Yet for all its apparent daring, the deal suffered a terrible lack of ambition. NPIA had raised the issue of open source with Liberata, acknowledging the government's preference for open source software.

NPIA was down with it, but didn't write it into the contract. Liberata's commercial interests were intractably old-world. It would give the public sector the service for free, but not the software code.

The decision may have immense consequences, both for the profit the pair will make, and in the opportunity cost the public sector will take.

The significance lies in what CLMS does and what it may become. It was developed as the heart of a circulatory system between different criminal databases held by the UK's 53 police forces and agencies.

Thus linked, the databases have been combined into a central, Police National Database (PND) to be launched in June. CLMS helped make their data capable of being shared and combined by making sure they all used the same data taxonomies: the different values deemed valid for different fields in a database.


The significance of this feat of data engineering was not lost on the Cabinet Office. The 2004 Bichard Inquiry into the intelligence failures that prevented police thwarting the murderer of Soham school girls Holly Wells and Jessica Chapman had blamed poor communication between police databases. It's taken this long to integrate police databases and realise the operation's implications.

Andy Waters, a systems architect who managed the CLMS commercialisation at NPIA, said the agency convinced the Cabinet Office cross-government data sub-committee (called X-Gov Information Domain) the system would benefit the wider public sector.

60 to 70 per cent of government data is held in code lists. Incompatibility is rife. CLMS cut development of the Police National Database by six months to one year and lopped 20 per cent from its cost by ironing out the differences, between say, codes different databases use for gender. It thus already does for the police what the Cabinet Office wants to do for the Big Society: make it interoperable.

So the CIO Council awarded CLMS "exemplar" status. Waters said Cabinet Office wants to roll it out across government as part of its open standards push.

Internet visualisation - crop.png
"We are engaging with Cabinet Office now with a view to more widespread adoption of CLMS," he said. "Our premise is to provide a single one-stop shop for all government data standards. That's the reason why Liberata are making it free to government, to encourage them to adopt it.

"We are in discussions as to what changes [Cabinet Office] require to enable them to mandate its use across government," he said.

Big Society data hub

Cabinet Office wanted CLMS capable of handling post codes, sort codes and other more complex data structures common in the wider public and private sectors.

While Liberata develops the upgrade, NPIA is doing a pre-sales routine with government departments. When CLMS ticks all the boxes, the CIO Council will give it "Champion" status. It would become the de facto Code List Management System for the Big Society.

CLMS would enable a significant part of Cabinet Office's open data and open standards policies. The software makes it possible for anyone to see and use the code lists that populate the PND. The 15,000 crimes that populate the PND's, offences field for example (yes, 15,000 offences), are publicly available; as are the vehicle make/model lists.

Such transparency would fuel public and private innovation. CLMS would then provide mechanisms for homogenising and interfacing between different code lists managed by different public and private bodies, fuelling more innovation. That's how an IT-enabled Big Society is supposed to work.

Even so, the NPIA/Liberata model does not bode well for the Big Society reforms.

The government's Localism Bill intends to give local authorities a general power of competence, which will allow them to operate commercially. Swingeing budget cuts have forced Socitm to advise them not to retain software engineering teams, forcing them to rely entirely on private development for public IT innovations. The combination will cause local authorities to commercialize more public IT systems.

So what?

NPIA effectively gave Liberata a commercial hold over one of the major circulatory systems of the IT-enabled Big Society; a blank cheque to commercialise access to open government standards and data.

CLMS is attractive to Liberata because the private sector will flock to it: to have such close interoperability with government systems will become a commercial necessity. The standards set in the public sector by CLMS may thus become standard throughout private and public Britain.

Liberata.pngWorking from NPIA's conservative estimates, this could net Liberata £62m. NPIA is counting on it. Liberata paid no money for CLMS. NPIA will instead get up to 8 per cent of revenues, which it reckons may amount to £5m over 5 years.

Though NPIA is a quango, its Liberata deal exemplifies what localism will mean for ICT more generally when councils get a general power of competence. Crucially, this demonstrates the impotency of the government's open source policy when faced with the prospect of short term commercial gains.

Open source impotence

Waters said NPIA would prefer the CLMS software to be open source - i.e. for the software code to be freely available, not merely for the service to be free of charge to the public sector.

But NPIA left the decision to Liberata. Since the government favoured open source, it assumed Liberata would. It did not deem it necessary to make open source a contractual obligation.

Open source impotence.pngOpen source seemed like a no-brainer. If the CLMS source code were open, anyone in the public sector could contribute enhancements or add-ons. The more people add things on, said Waters, the more valuable the service becomes. Liberata saw this too.

"Liberata have stated it's their intent to go the open source route," Waters told Computer Weekly. "[But] I can't speak on their behalf. It's their decision. The nature of the concession contract is we give Liberata the commercial freedom to develop the service as they see fit."

But open source is poorly understood by industry. It is therefore being overlooked as an empowering model for government's Big Society and Localism schemes.

This is because the incumbent industry works to the end of profit by whatever means, while open source is on a completely different trajectory: it's the bottom-up model that is meant to define this government's political term.

Industry ignorance

It is not surprising therefore that the £100m Liberata, which was bought by equity investors in January, appears like other software suppliers to have considered the government order that public sector software should be open "where appropriate" and decided without hesitation that its not appropriate.

David Mitton, CLMS business development manager at Liberata, told Computer Weekly he couldn't discuss the open source question because it was still developing its commercial strategy.

"Whether it's open source or not, I'm still working through those details. I don't have a yes or a no. I've not even discussed it," said Mitton.

But Liberata has already done the deal. If it wasn't designed on an open source business model, Liberata is even less likely to discover the model to be appropriate after considering its potential routes to market. What is more apparent in the Liberata example is industry's contempt for open source and the Cabinet Office policy that calls for it to be put first.

"I would say its just guesswork and conjecture at the moment," said Mitton of the open source question. "I'm looking through the government ICT strategy paper, and open source - I've not even seen it in there.

"It's clearly an important part of all software solutions going forward, and it's on my agenda to deal with it this week," he said.

But did Liberata know whether there might be a potential advantage in making the CLMS software open source, and what that advantage might be?

"I'm very busy," said Mitton. "I'm not prepared to debate that with you. I've got no more to add."

The deal looks lucrative for both Liberata and NPIA, especially if it gives Liberata a monopoly over public sector code lists. But it misses the point of the Cabinet Office IT reforms, which are ultimately a realisation that IT suppliers had got used to making too much money because they had too much power.

The bottom-up model, in being more open and collaborative, would naturally mean more modest gains all round. All round.

G-Cloud: introducing the neo-database state

| No Comments
| More
Now the Home Office has destroyed its prototype ID database in a publicity stunt, the government is putting the finishing touches to plans that would put the real Identity Scheme databases at the heart of a powerful government data sharing system.

The Government Cloud (G-Cloud), an ambitious Cabinet Office scheme to share IT resources and data across the whole of government, is seeking to remove all technical and organisational barriers to public sector data sharing.

Reports published last week by the Cabinet Office describe how G-Cloud will exhume the data sharing systems that underpinned ID Cards, along with the fatal data security risks that went with them. The principles will be applied to all government data. The plans have been overseen by the same executives who oversaw the ID Scheme's data-sharing system, the ill-fated CISx.

Damian Green Destroying ID scheme Hard Disks - February 2011 - 500 by 415 dpi.jpgThe reports state that the only limits to data sharing between government departments in the G-Cloud would be those imposed by law. It is presumed that whatever sharing is required will be permitted.

The principle was established a year ago in the G-Cloud Vision, which was drafted by Martin Bellamy, the same civil servant who advised ministers to proceed with the CISx as one of two core components of the ID scheme.

Bellamy's Vision cited the CISx as an example of the sort of data sharing that would be possible within the G-Cloud. The CISx plan had involved turning the Department for Work and Pensions Customer Information System database (CIS), which contains personal details of everyone in the country, into a system that could be accessed across the whole government.

"As it develops, the G-Cloud will become the repository of a significant portion of Public Sector data," it said.

Linking data

Bellamy's Vision laid out architectural principles explored in greater detail by G-Cloud working groups under the coalition government last year. The most fundamental was that the government should seek to ensure that data items were harmonized across government so they could be linked.

The G-Cloud seeks to harness the power of the internet to create a network of interchangeable and interoperating systems. It is envisaged that the near entirety of public computer systems would be assimilated by the G-Cloud programme in 10 years.

John Suffolk clarified the vision before he stood down as government's chief information officer last year. The government CTO Council would oversee the development of common data standards G-Cloud required.

"These standards will also ease the process of sharing data between different public sector organisations," he said.

After Joe Harley was appointed CIO in January this year, his division of the Cabinet Office put its stamp on the most up-to-date of the draft G-Cloud plans, the G-Cloud Services Specification.

The specification took the idea of G-Cloud as crucible of government data sharing and rebranded it as system for "Information Access". This involved different public bodies sharing one another's applications in order to access one another's data.

Threads and shreds

It used precisely the same language as the year-ago G-Cloud Vision to describe the framework within which G-Cloud data sharing would operate.
"This service will only be permitted where statute allows the data to be shared with the requesting public body," said the reports.

The only other data sharing proviso would be that "information assurance requirements for the data are adequately supported across the G-Cloud," they said.

Shredded ID Database parts - Home Office - February 2011 - 5433789496_eeb5941e9b.jpgThis lesson will be fresh in the minds of those in the Cabinet Office putting the finishing touches to the G-Cloud strategy. Harley was CIO at the DWP when the CISx plan was devised and was still there when it was scrapped last year. Ian Watmore, his boss at the Cabinet Office, spearheaded the Transformational Government strategy by which the Labour government had sought to increase public sector data sharing. The CIS got a special mention in the Transformational Government strategy as well.

The Home Office said last week its minister Damian Green (pictured) had destroyed Labour's ID database. But he only destroyed the temporary system the Home Office erected in a hurry so it could get ID cards on the streets before the 2010 election. It had still not proceeded with integrating the real ID databases because it was still trying to work out how to resolve their excruciating data security problems.

The photographs of Green shredding hard disks on an industrial estate in Essex were a publicity stunt staged to destroy a publicity stunt. It was always said the ID cards were a only a token of the sort of computer systems that have already become well established instruments of government.

The databases still exist. The government still has a plan to integrate them. And the security problems inherent in public sector data sharing have still not been resolved.

DWP spent £5m on ID database it never built

| No Comments
| More
The Department for Work and Pensions spent over £5m on an Identity Cards database so poorly conceived that it was never built.

The department spent three futile years designing the database after the Identity and Passport Service (IPS) commissioned it 2007. It was to be one of two key ID databases and would form the backbone of a system to share personal data about British citizens across the whole of government. But poor planning, inter-departmental disagreements and data security risks prevented it from being developed.

The DWP refused to reveal how much it had spent designing the aborted ID system, called CISx. The DWP press office said it would only answer questions if forced to do so by a Freedom of Information Request. The answers Computer Weekly obtained under FOI revealed how much money the government wasted on the IPS/DWP plan before it officially pulled the plug last summer.

"The cost of establishing the CISx service and developing the technical changes to CIS to enable data sharing and the storage of additional data items totalled £5,200,000," a DWP spokesman wrote in an FOI report.

The plan involved transforming the DWP's Customer Information System (CIS), which has 90m records of living and dead British citizens, into a biographic reference for government department wanting to check people's credentials and record more of their personal details.

The DWP spokesman said the department could still make use of some of CISx design work in its legacy CIS database, which is still used by more than 200,000 civil servants.

"Standards and policies that were developed have or will be used to support ongoing CIS activities," he said.


He also gave an insight into the inter-departmental problems that led the ID CISx plan to flounder. The system was so ambitious that numerous government departments where required to govern and fund it, with the work being done by the DWP's Information Systems section. But their inability to co-operate caused the IPS to order the DWP plans be torn up in 2010.

The spokesman said some of those departments appointed as joint owners of the DWP CISx had contributed to its development costs.

"IPS and the Driver and Vehicle Licensing Agency (DVLA) reimbursed DWP the cost of developing the original CISx service assets, apart from the development of a financial management tool for the use of CISx services by OGDs (other government departments), which was paid for by DWP...IPS also paid for the development of technical changes to CIS."

The DWP made no reference to HMRC, one of the other departments that had been appointed joint owners of CISx. Neither did it specify amounts paid by each department.

The DWP had tried to establish an innovative means of governing the development and operation of its cross-government system. Such a system had never been built before. The governance model was untried.

The DWP elected to act as though it were an IT services company. Other government departments in on the CISx plan would become commissioners. The governance model proved unworkable.

"CISx proposed a Commissioner/Provider model and shared governance arrangements, with users of CIS acting as Commissioners and the DWP acting as the Provider," said the DWP spokesman's email.

"The DWP has decided not to adopt this model to avoid overhead costs that would otherwise need to be borne by the Commissioners and because experience led the Department to conclude that the model did not provide significant benefits over existing governance arrangements," he added.

The DWP accepted the IPS' request for the CISx in 2007 after establishing loose agreement over the system of governance with IPS, HMRC and DVLA.

DWP ID Plan - read the Restricted report

| No Comments
| More
Why would the DWP have supported the hair-brained Home Office plan to commandeer its computer assets for the Identity Card Scheme? Vanity, of course.

You can see what the DWP thought of the plan by reading the restricted policy document that comprised its approval, Use of the Customer Information System as a shared, cross-Government asset.

Thumbnail image for DWP CISx Preliminary Feasibility - report cover - Use of the CIS as a shared cross-Government asset.jpgThe DWP fawned over futile ID plan. "Pioneering," they called it. You may remember, the idea was to take Europe's largest public database of personal records, the DWP's Customer Information System (CIS), and bolt it onto the ID system to create a biographic record of everyone who carried an identity card.

It was to be the first project of its kind in the history of government. It would put the DWP at the vanguard of the Labour government's Transformational Government strategy.

"Using CIS as a shared cross-Government asset puts DWP in the lead in the Transformational Government Strategy and cross-Government co-operation. Sharing CIS supports some of the Government's most important strategic goals such as joined-up Government and the re-use of assets. It allows the release of efficiencies across the system and supports delivery that is more focused on customer needs."

Thus enthused Martin Bellamy, the DWP's then Pensions IS director. To be fair on Bellamy, who is now ICT Director for prisons, he did say the obstacles should be cleared before the work went ahead. So why did he and the IPS recommend going ahead without first eliminating those problems that, it would later transpire, were insurmountable?

Bellamy's preliminary feasibility study gave the cross-departmental green light despite the plan's gaping holes.

But the final word came from the Identity and Passport Service, whose official Feasibility Study gave ministers the confidence to approve the flawed plan. We'll come back to that later.

For now, one might say that hindsight is all very well, and feasibility is an art, not a science. Feasibility Studies are technical manifestos: a declaration of intent; a conspectus of what consensus there is to have something done. The art of the feasible is always a gamble.  Done properly, however, it gives the odds; it doesn't attempt to swing them.

Advisers foretold ID's doom

| More
The Identity Card Scheme offers a lesson in the infeasibility of IT systems held to political ransom. The cost of failure was too high for the Labour government. So the Home Office pressed on Quixotically with the system, despite never overcoming its critical weaknesses.

The picture that has emerged with the publication of last week's Independent Scheme Assurance Panel report is one of a government department hashing together on the fly a system of a size, complexity and sensitivity never before attempted. It may have been too big to fail, but it was also too much to handle.

The Home Office was obliged over the years to issue empty assurances that everything was under control and that it was addressing the repeated warnings given by ISAP. Can you handle a project of this size and complexity, asked ISAP in 2007. Yeah, 'course we can, said the Home Office - we've recruited some more executives.

In failing to deliver on those assurances, the department gave an indication of the amount of strain its IT experts must have been under. Working on a panacea project must be like happy-clapping at a cult.

The inconvenient imperfections of the ID plan were spelled out clearly in ISAP's 2007 report, compiled in the year after the Home Office cut the ribbon on the system blueprint and set their IT chumlies off on their futile quest.

After three years of development, the problems still had to be addressed. And very little of the blame could be put on the poor techies building the system. The snags were political. The fault was incompetent ministerial direction.

Writing on the wall

Data security risks identified in 2007 were never brought under control. And much else ISAP and good sense required of the ID project in 2007 was never fully addressed.

Public trust essential to the scheme was never secured. Inter-departmental differences over the accountability, funding and ownership of the cross-government system architecture were never settled. A "robust and transparent" system of data governance was never established. The system requirements were never properly defined and neither were its benefits, though both were crucial, it was and is commonly said, before the system could be properly designed.

Vital skilled staff were never recruited. A system of competent organisational governance was never established. Cross-government support was ever obtained and a cross-government standard of identity data and management was never agreed.

It was being built, against ISAP's advice and accepted wisdom, on "shifting sands". And contracts with suppliers were let, to satisfy a political timetable, despite these crucial preliminaries not being clarified.

This must have been especially awkward for the Home Office and may explain why it disbanded ISAP in 2009. No matter that the oversight panel was set up after the Home Affairs Select Committee said in 2004 that the Gateway review process (through which the Office of Government Commerce usually seeks to prevent embarrassing IT failures) couldn't be trusted to oversee a "project of this scale". Don't worry, said the Home Office, we'll set up an independent oversight board.

Had the Home Office given ISAP more credence, a lot of time and money may have been saved. The panel's first public warning put the writing on the wall: data loss will lead to a loss of public trust that, it implied, would be the project's ruin. There were real risks of data loss, it said. Something had better be done about it because people won't stand for it.

Mind bending

This was to be done with a PR exercise that would win public trust by showing how security concerns had been addressed. People would be told the system's tolerance for errors. Said system would have not only to be "robust" but also "well respected".

The problem was swept under the carpet. Civil servants were being sacked for snooping on the Customer Information System (the DWP database that was to form the biographical core of the ID system) before the scheme began. They were still being sacked after the scheme was scrapped in 2010. The DWP's precautions were shoddy, the security leaks were proving unmanageable and the DWP refused to reveal the error tolerance of the CIS. It may not even have known.

You have to wonder how the ISAP overseers felt about it all in the end. Nokia CEO John Clarke, Cranfield Professor Brian Collins, ex-First Direct Bank CEO Alan Hughes, BAA IT director Malcolm Mitchell, and ex-HSBC Bank CIO Fergie Williams: these sort of people are not used to being fobbed off.

Being from the commercial world, they are also accustomed to developing systems that rely for their success on customer choice. Paradoxically, they advised that the ID scheme would only succeed if everyone was forced to use it. This exposed the lie in Blair's ID sales patter, the come-on-you-know-you-want-it approach to civil security: everyone was going to get it anyway, whether they liked it or not.

Sad ending

"To be successful," the ISAP said, "the scheme has to become the government's (and the commercial sector's) primary means of identifying individuals and controlling updates to and use of their data."

It sounds preposterous now. Citizens no more like the Home Office watching them for their own good than foreigners like having bombs dropped on their heads for their own good.

The ID scheme gives us one other amusing paradox to ponder. From ISAP's perspective, it demonstrated how a lack of transparency in public policy and execution led inevitably to costly failure. Yet had the government come clean about the risks, it may never have won the public's support in the first place.

Transparency is the only hope we have of overcome the endemic problem of public databases being snooped.

What support people had given ID was befooled. The sands shifted so much under the ID scheme that it's hard to say what it was meant to do in the first place. Someone should nose around the Home Office with that very same question in mind. When they come across its fascistic database of identity-carded foreigners they might ponder whether it would ever have been approved either had the opening sales gambit not been ID-for-all.

Papers please!

| No Comments
| More
The House of Lords has been scrapping Identity Cards this last fortnight. Sort of.

It's not simply a matter of "scrap the ID scheme", as the coalition government promised. It's like one of those magic tricks: the Identity Documents Bill will make ID cards vanish but - tadaah! - the government will still be holding the powers that made them so objectionable in the first place.

This ID scrapping bill won't be enough "to stop the development of a 'papers please' culture in Britain," says No2ID in its brief on the legislation.

That 'papers please culture is the one in which bus conductors have been replaced with revenue inspectors. It's the one in which a jolly whistle and the ting-ting! report of a portable ticket machine have been replaced with the hiss of a walkie talkie and the rustle of bomber jackets as they huddle round.

No2ID takes particular offence at how the ConDem's ID legislation will make it a criminal offence with up to 10 years imprisonment to try and carry off a false ID.

There are no end of reasons why someone might justifiably goof some busybody official into thinking they are someone they are not. They might want to send Transport for London's heavies the the wrong way for a start.

Or they might want to get lashed before they are 18. No2ID reckons the last government lost no time in seconding its terrorist-nabbing ID legislation to the task of bagging underage drinkers.

Yet the strangest thing about the ConDem's ID Doc's Bill are in is its Clause 10. And they are its data sharing powers. The ConDem's will with this bill introduce a wide power for linking disparate data sources to passport records, to keep them for police intelligence and to extend them at the home secretary's discretion. Just the sort of powers they protested about in opposition.

IBM will meanwhile continue operating the stump of the ID system, the National Biometric Identity Service (NBIS) database, as a database of foreigners. Liberty notes rather politely the "divisive and objectionable" fact foreigners will still have to carry ID cards in Britain.

It as though the nation has forgotten the plot to The Great Escape, though it is possibly the most replayed movie in history.

Not that you can compare British officials to Nazi commandants. The ID Docs Bill doesn't give them the power to take you into the woods to have you shot if you have the wrong papers. They will merely have the power to send you to prison for 10 years.

ID v2.0 - the ConDem Pitch

| No Comments
| More
Want to know how the Identity Scheme will look under the ConDems?

Mydex, the company providing the technology for the government pilots* spelled out the vision for ConDem ID v2.0 at Socitm 2010.

We recorded the pitch. You can hear it using the podomatic player below.

The Cabinet Office tells us it dusted off the Crosby report for the occasion. Crosby said in 2008 that if the government wanted a sensible ID scheme it should leave it for citizens to sort it out themselves with the private sector. Be done with this big brother database, said Crosby between the lines. So the government kicked his report into the long grass. And it seemed like we'd never hear of it again... 

Until the  28 August, when the coalition government certified its commitment to a liberal identity scheme in the Official Journal of the European Journal.

It called for companies who can furnish people with a proof of identity the government can use to deliver them services. It wanted ideas for the...

"...establishment of the provenance of identity, verification of a person against an identity, verification of the authority to conduct the transaction, validation of personal data related to the identity, fraud prevention, malware prevention, and assurance of appropriate security when accessing a public service through all channel types including but not limited to online and telephony."

The DWP's Tell Us Once is taking the lead on this. The idea is after all to allow people to look after their own personal data, instead of having the government do it for you, or to you. Just as Crosby recommended. How extraordinary it now seems that it may have been any other way.

Jerry Fishenden, the LSE fellow and Cameronean think-tank compadre, says these plans are so old they go back to the December 2000 plan for an E-government Authentication Framework.

The US has since leapt ahead with the same ideas. They'll probably be doing our ID systems for us before long.

Fishenden's written a paper about what the yanks are doing and why we're now doing it too: it's called The Obama Effect, apparently.

* being run the the DWP, HMRC and Brent, Croydon and Windsor & Maidenhead Councils

ID cards are dead, long live ID

| No Comments
| More

As the government acts to scrap the identity card scheme, it has already begun work on a replacement.

Or working with a replacement, as the case may be. Because the alternative to megalomaniacal Labour's flagship Big Brother project is not a government project at all. It is private.

And it's based, appropriately, in Bethnal Green. Home of the Libertines.

That was the birth place last week of Mydex, the Community Interest Company that calls itself the world's first personal data store.

The Cabinet Office, DWP, and Brent, Croydon and Windsor councils have joined the pilot. It will do a form of federated ID management. It's what will get after Labour's ID scheme is dismantled.

There's a faction of government that has long waited for this moment, if you are to believe Mydex Chairman William Heath.

"It's great fun talking to people in the Cabinet Office Central IT Unit who remember these plans very well," he told the Socitm conference last week.

"Because the whole post 9/11 security agenda took online identity down a very strange path. Clearing the decks with that means the end of a lost decade. And it means we can get back to a more sensible path, which is user-centric, federated identity management."

Business as usual

The Cabinet Office is at this very moment dusting off plans for federated identity that Heath reckons have been on the shelf since they were last government policy in 2000.

It will involve private companies validating people's identities and issuing certificates of proof on request. Mydex has established a biographical data store of the sort that was going to form a part of the National Identity Register.

It proposes instead to put people in control of their own personal data store, deciding who can get at it, when and under what conditions.

Heath proposed it as the Big Society does personal data. Since everyone takes responsibility for managing their own data, the cost of maintaining it, the organisations required to do so, and the risk of Chinese whispers, unkempt stores and an insalubrious trade in personal data are all reduced.

The government's Tell Us Once programme has been associated with the pilot. The DWP is working with the IPS to consider its implications for identity.

ID be back

Something like Mydex would work as an ID system storing authentication tokens provided by trusted third parties like, perhaps, the GP surgery. Or the local authority. Or indeed the IPS.

Mydex propose people will use it to get parking permits, guarantee their credentials for job applications, let people see the results of their CRB check, register births & deaths, make planning applications, prove their age, planning applications, update the electoral roll, get a TV license, and tell anyone who wants to know about a change of address.

Imagine the money saved on the census, says Heath, if it merely polled people's personal data stores electronically.

(And imagine no longer having the embarrassment of the British democratic census being run by US defence industry giant Lockheed Martin - though it would be a convenient way to register deaths if we have the same company poll people as bomb them).

Borg authentication

What will replace Labour's ID scheme may not be totalitarian, but it will be total.

We shall have to see how the government legislates to legitimize and perhaps obligate people to release data from their personal stores before we can see what the catch is.

The worrisome complaints the likes of No2ID and Liberty have about the Identity Documents Bill, through which the government is seeking to couch its repeal of the Identity Cards Act with provisos, give some clues as to how libertarian a future we will enjoy.

The name given it by the Harvard University project to which Mydex is connected is vendor relationship management. Heath calls it user-centric identity. There are different priorities on different sides of the pond. Meddler management will do.

Report to reveal danger to patients posed by NHS IT database?

| No Comments
| More

Alex Deane, Director of Big Brother Watch - a campaign fighting intrusions on privacy - says of tomorrow's report by University College London on the NPfIT NHS Connecting for Health Summary Care Record scheme:

"This report reveals that there are serious and potentially irrevocable tensions at the heart of the Summary Care Record.

"Many GP practices aren't equipped to handle the technology and medical staff are suspicious of the data found on the system.

"We were told that the SCR would make our lives easier; this report shows that this insecure, inaccurate database is fraught with problems that pose a real danger to patients."


The coalition has performed a disgraceful u-turn on summary care records - Big Brother Watch

Highlights of confidential UCL report on summary care record scheme - IT Projects Blog

Subscribe to blog feed


-- Advertisement --