Dick Vinegar of the Guardian has just asked for my thoughts on likely Public Sector IT-related scandals in 2012 before going firm on his 500 words – he is a professional journalist and far more discplined in keeping to length. I began by saying that I did not think we will see any spectacular failures in 2012 because ASPIRE and DWP Universal Credit are not due to go live until 2013. They were brought forward subsequent to major projects review after my blog a year ago when I warned of the dangers. There is probably still time to switch to a less risky, incremental, implementation strategy as activities on the critical path, e.g. the ID strategy, slip . We will see what happens but I doubt they will be among the disasters of of 2012.
I said that thought we were far more likely to see dead, dying and duplicated legacy systems (many of which have long passed their sell by date) put out of their misery as part of the rationalisation and transition to a Government Data Service. I also thought that the process would be expedited by data breaches among those with ineffective security , albeit more of these now appear to be occuring among supposedly secure outsource suppliers rather than among those public sector systems that are still in house.
There is survey data, (unknown provenance) that over one in five of the UK population has already been impersonated on-line. Hence my comments that it would be unforgivable if the most vulnerable in society were to be persuaded to go on-line and have their digital identities systemically compromised as soon as they came to rely on them for receipt of benefits: herding the sheep online to be fleeced.
I therefore thought that the high profile project most likely to run into trouble in 2012 would be Race On-line, unless it is coupled with Get Safe Online, Bank Safe Online and items 11 and 12 of the Fighting Fraud Together Action Plan – which refer to the need to strengthen government issued credentials and associated on-line validation routines.
Then I received the following press release from David Moss:
“Brodie Clark and the scoop the media missed”
Itwas such an easy story to write when the pack was let loose last November.Brodie Clark had endangered us all by suspending biometric checks at theborder. Itwas so easy that, when Brodie Clark gave evidence to the Home AffairsCommittee, no-one noticed the bombshell he smuggled in.
Bordersecurity in the UK, the control of migration and the safety of the 2012Olympics all depend, we are told by the UK Border Agency, on biometric checks.Hundreds of millions of pounds of public money – your money and mine – havebeen spent since the coalition government came to power on security systemswhich depend for their success on the biometrics used being reliable.
Andwhat did Brodie Clark say? In a six-minute passage of his testimony, between 12:18and 12:24 on 15 November 2011, he said that the fingerprint check is theleast reliable security/identity check available at the border, it is the ninthand bottom priority for officers of the Border Force and when push comes toshove (literally) in the marshalling areas for airport arrivals, it is “verysensible” to suspend fingerprint checks, that is a practice of hisformer staff, he was at pains to emphasise, that he approved at the timeand still approves of.
Toparaphrase, Theresa May is quite right to be furious, but not with BrodieClark. Her fury should properly be directed at the credulousadoption of expensive technology that doesn’t work. That is what threatens thesecurity of the border and the control of migration and the safety of theOlympics.
It’sa major story. And the media missed it.
Luckily,the opportunity will soon be with us for the media to make good. Some time inthe next few weeks John Vine, the Independent Chief Inspector of the UK BorderAgency, will present his report on the Brodie Clark affair to the Home Office.
Alleyes on John Vine and that report of his. Let’s get it right this time.
Forbackground briefing, please see:
The Border Agency cock up referred to by David may have occurred some years ago but is nonetheless unforgivable given the advice already available fromCESG when the decisions were taken. I chaired an excellent workshopthey organised in 2004 on the state of the art with biometricapplications. CESG put the presentation materialonline for easy access by those reporting to the seventy or so projectmanagers from across government who attended the event. A year or so agoAngela Sasse (one of the speakers at the event) and I were askedto help review standard processes to aid the evaluation and procurementof biometric systems. Little progress had been made. The suppliers oftechnology were still in denial over the need to design hybrid systems,e.g smart cards which could also be used without complex biometrics,when high throughput is needed (such as entry to the Party Conference inManchester or Heathrow on the day before Easter).
I therefore predict that the most spectacular computer assisted cock-upsof 2012 will be linked to Border Agency and other processes for vettingvisitors to Britain for the Olympics – one of those events where allprevious atrocities, let alone lesser security breaches, have beencommitted by those carrying impeccable (and genuine) securitycredentials.