Government hires legal experts to fight publication of ID card reviews

The government is to hire internal and external legal experts, including a Queen's counsel, to try to block the publication of Gateway reviews of its ID cards programme - a scheme which ministers affirmed last week would go ahead at a cost of £5.4bn over 10 years.

The government is to hire internal and external legal experts, including a Queen's counsel, to try to block the publication of Gateway reviews of its ID cards programme - a scheme which ministers affirmed last week would go ahead at a cost of £5.4bn over 10 years.

The Office of Government Commerce (OGC), which is part of HM Treasury, will use the Treasury Solicitor's Department, external legal experts and a QC to fight a decision by the information commissioner, Richard Thomas, that two Gateway reviews on ID cards can be published.

Gateway reviews are independent assessments of projects and programmes at various stages in their lifecycle. They are mandatory on high risk IT-related projects, including the ID cards programme.

The Gateway scheme was instigated and is run by the OGC, which has refused all requests under the Freedom of Information Act for the results of the reviews to be published.

The OGC refused initially to provide copies of the Gateway reviews to even the information commissioner. On 11 August 2005, representatives of the commissioner had to make a personal visit to the OGC's offices to see the ID card Gateway reviews.

Only after the commissioner wrote to the OGC asking for a hard copy of the reviews - which were needed to reach a determination under the Freedom of Information Act - and only after he gave the OGC unspecified assurances, was information supplied.

A year later, in August 2006, the information commissioner ruled under the Freedom of Information Act that the OGC should publish two Gateway "zero" reviews on the ID cards scheme.

Gateway zero looks at whether the government has the right skills to manage the programme, whether all the major risks have been identified, whether there is a continuing need for the new systems and whether all the expectations for the programme are realistic.

If the OGC's chief executive, John Oughton, had accepted the decision of the information commissioner, he could have opened the way for Gateway reviews to be published on other risky IT projects, such as the NHS's £12.4bn National Programme for IT.

MPs and others would then be able to see the praise, concerns and recommendations of Gateway reviewers, and whether they had given programmes red, amber or green lights.

But the government appears determined to use all legitimate means to thwart the will of the information commissioner.

Treasury ministers have given approval for the case to be fought by an external QC, whose costs could be between £20,000 and £50,000. Further fees will be paid to external legal advisers and the OGC has told Computer Weekly it also plans to use the services of the Treasury Solicitor's Department.

The government holds all the aces. The appeal case will be heard by an information tribunal whose chairman, or deputy chairman, and two lay members are appointed by the government. Even if the tribunal backs the information commissioner and rules that Gateway reviews should be published, ministers have the power in certain circumstances to veto the tribunal's decision.

The government also controls the flow of money to the OGC and the information commissioner. With a restricted budget and a backlog of work, the information commissioner is unlikely to be able to spare the money to field a team of lawyers or a QC at the tribunal. The OGC, on the other hand, appears to have all the legal funding it needs, with ministers viewing the OGC's appeal against the commissioner's decision as a cross-government action.

The apparent inequality is compounded by the budget for the information commissioner's office being set by the Department for Constitutional Affairs - which has published on its website policy guidelines for departments on how they can, and in some cases should, refuse requests for Gateway reviews to be published.

If the government gets its way, and Gateway reviews remain secret, parliament will continue to have no dependable means of receiving the information it needs to scrutinise adequately questions of value for money on major IT contracts.

Gateway reviews to date

Gateway reviews so far on ID cards. None of the results of these reviews has been published:

  • Gateway zero (strategic assessment) Completed 30 January 2004
  • Gateway one (business justification) Completed 18 July 2005
  • Gateway zero (strategic assessment) Completed 14 January 2006
  • Gateway two (procurement strategy) Completed 11 April 2006

OGC's reasons for refusing to publish gateway reviews

The Office of Government Commerce's arguments in favour of keeping Gateway reviews secret:

  • The reporting of reviews could be taken out of context and create an inaccurate picture, which would require additional resources to correct
  • Disclosure would inhibit the candour and frankness of officials
  • Lack of candour may reduce the likelihood of adverse recommendations, which would harm the public interest
  • The risk of disclosure may result in more cautiously worded draft review documents, which would lead to delays in completion of the reports or dilution of their substance

In his response, information commissioner Richard Thomas said that ID cards would have significant impact on the lives of individuals and their relationship with the state. He ruled that allowing the public an opportunity to better understand the development of the ID card programme outweighed the arguments put forward by the OGC.

He added that the reports "do not contain information which would cause participants to be less willing to contribute openly and fully in future Gateway reviews".

Should there be evidence of officials being less than candid, "The organisations involved must take the necessary measures to ensure that their staff continue to deliver the quality of advice that they are expected to provide as part of their official duties," the commissioner said.

Read more on IT risk management