One of my regular sources for this blog is a seasoned Whitehall warrior who has been keeping me abreast of the progress (or otherwise) of the Cabinet Office's attempts to create an operation akin to the old Central Communications and Telecommunications Agency.
I had asked him for his thoughts on the current state of Cabinet Office attempts to produce coherant policies regarding the identities we are allowed to use when dealing with government. This morning he sent me a brain dump of thoughts. inspired in part, by the news that Mike Bracken had received an CBE.
He supports some of what Cabinet Office office is trying to do, particularly with regard to rebuilding in-house professional skills, but is of the view that improved programme management will do nothing to address the underlying incompatibility of the Cabinet Office approach to systems development with the Treasury rules for spending public
money. Nor will it address the need to find effective ways of persuading the Silos of State to spend the ring-fenced, target-linked budgets, for which they are responsible to the Public Accounts Commitee, in support of others.
I agree with him that attacking civil servants for myopia
is not the answer: because that is not the problem.
The problem arises from incompatible initiatives.
The examples he gave included:
- Privacy versus making money from selling personal data
- Agile procurement versus fixed priced-contracts
- Expecting private investment in "special versions" for HMG without commitment to purchase.
He then goes into detail on one example of the contradictions which Cabinet Office appears unable to reconcile: the never ending round of studies on ID policy, when what is needed is workable authentication policies - for which Common Law has provided frameworks for nearly 150 years (the first test case for a Cable Signature going all the way to a Supreme Court was in 1867).
"One small but critical area is knowing that the person who is online is an appropriate person for the transaction. In the same way as digital has been confused with online, this has been over-simplified to be assumed to always need identity of some form, despite HMG's own published guidance to keep a clear distinction between registering, enrolling and authenticating.
"In most European countries identification is conceptually
easy: there's an existing, government-controlled population register that must
be kept up-to-date, upon which can be built systems with various balances of
convenience and privacy, using assorted technology. But this is not the case in
the UK (nor the US). The UK position is, however, complicated by what was agreed during the last UK Presidency regarding cross-border on-line public services as part of an attractive but ambitious agenda: "No citizen left behind - inclusion by design".
"In May 2011 the system was going to go live in Aug 2012. No delays have been acknowledged or explained, but the spring 2013 date became October 2013 and is now March 2014. Openness was brandished, yet there's still no published architecture or protocol for academic scrutiny and peer review.
"There were some studies, but the order of events has been most surprising: the team working on the user experience started in January 2013, the privacy principles for the basic design went out for consultation in June 2013, and there is now recruitment for the team to work on the levels that have been used in regulated industries for years.
"There is strong political pressure for the emergence early in 2014 of a two-pronged European Regulation (on electronic identification and trust services). One aspect of that is the way that users can tell which website they are connected to, an aspect that .gov.uk remains silent about. (Click on the little lock and you'll see that the certificate for .gov.uk was issued to Fastly Inc in California.) Any form of UK representative in Brussels will face digressions on Snowden before the struggle to explain why parts of the proposed regulation don't match the common law system and mindset. Having Google lobbying can be counterproductive, even when what they are saying is right (and based on experience). A lot rests on efforts of groups such as the DPA, but bigger issues with Data Protection initiatives may drain energy.
"Those aspects which only matter for civil codes can expect less effort from UK, yet matter for UK international business, much as they do for US business. Studies such as STORK which have identified cross-border issues, and performed trials in certain sectors, are being relied upon as panaceas that they do not purport to be.
"It is possible to finesse the European position, avoiding
dangers of using Brussels as an excuse just before a European Election: it was
the previous government that got other Europeans to sign up (in 2005 with
target of 2010), and, since the regulation and UK architecture remain hidden,
it should be simple to find an incompatibility.
"At that stage we notice that it wasn't ID we wanted after all, just e-Authentication, which isn't mentioned in that part of the regulation which can and will work on the continent. And we then turn from the brash only-good-news stories from the East (and the interesting developments in Tallinn, Seoul, and Redmond) and learn from the quiet, privacy-friendly successes in Dublin and Ottawa."His conclusion was that "Cabinet Office should sort out the beam in their own eye before attending to the moats of others."
Civil Servants are, of course, not supposed to think politically - but we should never forget that they often have a much wider perspective than young policy wonks, even though their careers may be broken when they express public views. One of my Christmas present was "Empress Dowager Cixi" Senior Civil Servants are not called "Mandarins" for no reason. The latest biography of one of the most remarkable women in history gives me more sympathy for both the Cabinet Office reformers and those running the great Silos of State.
We need more public and constructive debate in 2014 on how to improve public service delivery at affordable cost but real progress is unlikely until:
- we can agree the objectives and priorities: including - are they "Digital by Default", "Quality of Service" or "No Citizen left behind - inclusion by design"?.
- we can work out how to motivate those who sacrifice their own budgets/targets to help achieve the common good: including - how do we reward this in actual delivery contracts?
Only then is it really worth the effort of working out what the current hotch potch of heterogeneous pan-European initiatives has to do with either a single digital market or "inclusion by design".
As point man, trying to make sense of what is happening and lead us to the promised land, perhaps Mike Bracken deserves rather more than a CBE. [My thoughts after re-reading the agenda to which the UK was signed up in Manchester, nearly a decade ago.]
I chaired a round table of 16th December to begin the process of trying to formulate a vision for a globally competitive and socially inclusive 21st Century Digital Infrastructure. To summarise the comments of one of the more waspish participants: "There is nothing quite so dangerous as a vision without a coherant and practical action plan. it is Goethe's ignorance in motion."
Have a paranoid New Year.