some recent bits and pieces

Caught up in too many day to day issues, I’ve fallen behind with links to some of my recent articles … so here’s a quick attempt to make amends.

My May CIO column, “Let’s not go Dutch on G-Cloud“, takes a look at how the UK Coalition Government is doing 1 year on, with its strong emphasis on open public data, web services, open standards and the re-use of components. Many substantial challenges remain, including the need to disaggregate commodity requirements from bespoke, adopt horizontal efficiencies across vertical functional silos, and review public policy to simplify overly complicated legislation and processes.

And my June CIO column looks at the wider significance of the AlphaGov project – the latest iteration of the main Government portal. Not in itself an innovation (there have been many attempts since 1999 to create a better web presence for the UK Government’s services), but its approach does indicate a welcome change in cultural attitude – allowing more risk, experimentation and feedback in public.

Last week, Computer Weekly published my thoughts on the Government’s new identity assurance proposals in “Back to the future with government ID plans“. These combine the earlier UK model (from around 2000) of federated identity with more recent thinking around user control over their personal data. The proposals hold great promise – but there is plenty to get right on route, not least the issue of eliminating “hubs”, with their serious privacy and security vulnerabilities. Rebuilding the necessary trust required to make these latest proposals successful will require the underlying technical architecture to match the aspirational policy intent. More on this in the near future.

Advertisements

4 comments

  1. Jerry,

    I have no problem with (David’s) adoption of multiple identity token providers in Cabinet Office’s ‘new'(-ish) ID assurance strategy. As you know, this was one of the suggestions James Crosby made in his largely-unread report – David was in the room when I discussed some of the concepts with him, IIRC – and it’s been in the air for years before that. (BTW, I like your efficient, elegant articulation of the underlying market/government dynamics of the past decade or so. Very helpful.)

    But I fear the problem with the current strategy goes a great deal deeper than the ‘hubs’.

    From what I have read and discussed, the strategy / model not only permits but incentivises precisely the sort of bureaucracy-driven ‘meta-database’ data-matching exercises that Guy, I and others have been banging on about (against) for years. I’m afraid the system I’ve had described to me makes some of the same fundamental mistakes as the last one, and the one(s) before that – not least that it serves the bureaucracy before the citizen… who, absolutely critically, is not the same as ‘a customer’!

    (Yes, there are economic dynamics here. But retail analogies are insufficient, distracting and dangerous.)

    A key sentence for me in your CW piece is: “In this role it will need, for example, to ensure that third-party identity providers cannot exploit the insider knowledge they will be able to acquire about us – at least, not without our informed, active and explicit consent.”

    From where I sit, I’m afraid you state a too narrow case: in a truly trustworthy system, it should (must!) also be the case that government cannot exploit such knowledge. Not least because of the power imbalances / inevitable coercion inherent in applying for state ‘services’ (I use inverted commas because – although content to pay it – I don’t personally consider, say, tax to be a service) make ‘informed consent’ problematic at best, and possibly impossible at worst. The £64billion dollar question is, given it shows no sign of developing self-restraint any time soon, how might the state be restrained in this?

    You are right, though: for now, the key task for government is rebuilding trust. But they won’t do that with this, and they will leave themselves vulnerable to ‘market failure’ and (future) NO2ID(s) – and us all to yet more painful messes – unless they go back to first principles, not just old models. When I see some signs of this, I might be hopeful.

    I’ve seen none yet.

    1. Phil

      Great contribution, as usual. (I also, in passing, agree on the abuse of the word “customer” – if we are “customers” and we don’t like a Government service, where else can we take our “custom”? Nowhere of course …. let’s stick with “citizen”).

      I should indeed have ensured Government was also on that list, not just the third parties. In moving away from its current all-seeing hub model, Govt has the opportunity to remove these points of privacy failure, and hence vulnerability, from the system. That is certainly the political intent from all whom I’ve spoken to: the technology must align, and be proven to align, with the policy. This will certainly require improvements to the current technical architecture, which I’m assuming will be made iteratively over the next few months as there is more detailed consultation on how it can best be made to work. And both the primary target system (the updated trusted third party model) and any fall-back system in the event of market failure, must both ensure they are built around the citizen and the improvement of their public services. Any other approach would be doomed to another costly, front page failure and would carry a high political cost.

      I certainly don’t underestimate the challenge ahead. This needs a well-resourced team of highly capable, smart people – and to work in a very open and transparent way as part of restoring trust. There are some very real issues here that have haunted the whole domain for a long time, particularly from a centralist/organisational viewpoint – ie. “we either need a pre-existing common identifier or dynamic data matching of people across multiple systems”. Switching to a citizen-centric model should help tackle these issues in less crass privacy/security ways. And in terms of what data actually gets passed around, this does not need to be attributes themselves but merely confirmation of entitlement (eg “licensed to drive = YES”, not the driving licence itself with all its other personal details). I seem to recall a certain Stefan Brands had some rather good slides on this topic.

      Signs of hope? At least an intent to do it better … the real work is only about to begin. I’d hope you and other experts alike would be brought close to ensure that this programme does not repeat, again, mistakes of old.

  2. “I’d hope you and other experts alike would be brought close to ensure that this programme does not repeat, again, mistakes of old.”

    You’d think, eh? But, after a tentative initial attempt at engagement while I was still doing No2ID, nothing. OK, I was ill for a bit. I’m better now, and have been for months but people who tell me “they’re listening, they’re willing to reach out” don’t even seem to be able to land me an after-hours beer with one of the principals…

    I’m afraid I am not anything like convinced enough (yet) to directly engage with a programme that seems to be trying to get a spec ‘on the cheap’ for a strategy that still ain’t grounded in the necessary principles. There are good folks involved, and I’m sure they think their hearts are in the right place. But I still, for example, got blank stares (maybe well-hidden panic? or too polite to pooh-pooh me?) when I spoke about token- or credential-based ecosystems quite recently.

    (I’m beginning to suspect that this may be the only truly citizen/human-centric approach anyway. Permissioned ‘stores’ look more and more like a dangerously seductive kludge, and a ‘fitness peak’ off which it may be hard to shift if we climb too far up that hill before properly implementing tokens – by which I may mean making them, and consequent hard-core data minimisation, a universal legal / design ‘requirement’ of some form.)

    Possibly controversially, I think doing the ‘open data’ stuff with personal data right now – and potentially for a long time yet – would be fantastically dangerous. ‘Consent’, security and DP in the wild is so utterly screwed up that I personally wouldn’t risk any sort of ‘mass release’.

    I might however take a single field or item of data – preferably one that exposes / is implicated in difficult driving problems – and follow the consequences for replacing it with a token all across ‘the system’ for a representative sample of informed, consenting citizens as a way into the problem. But that the citizen can’t reliably be told where all her data is now, much less how it interacts, indicates that even the most basic – and necessary – mapping hasn’t been done yet! How can you design for situations when you don’t even know where the data is, much less what it’s plugged into or what falls over when it’s wrong/inaccurate/not there?

    Yes, Stephan’s stuff looks good – and clearly MS has all the IP and most of the tech to do (a version of) all this. But maybe that’s a political problem? For all UKgov seems happy enough to hand huge chunks of our lives over to megaconsultancies, there seems on the one hand to be some institutional/bureaucratic reluctance to (be seen to) get in bed with – sometimes for good reasons – specific infocorps (brands citizens have heard of? can’t be that simple…) and on the other hand still a huge degree of naivety amongst politicians about particular bits of ICT as ‘the solution’.

    Not forgetting – as Guy keeps trying to remind everyone, including me! – that there’s absolutely no point trying to get the policy and technology ‘right’ if you are not willing to ensure the (much) broader legislative architecture is up to snuff too.

    1. Then we should talk … over an after-hours beer!

      There are many, many moving parts here that need to be properly resourced and thought-through. My original short piece was an attempt to highlight just some of those and the many painful lessons of the last 13+ years that are essential to understand if this time around is going to prove successful. It would be sadly ironic indeed if the intrinsically flawed former national ID proposals were to have been given large budgets and resources when what could be a much better approach is instead run on a shoe-string. That alone would demonstrate a lack of serious commitment to moving towards a genuinely citizen-centric, privacy-based model. Let’s hope that this is not the case – and that the right people and resources will be brought together to tackle the many outstanding issues, from legal to commercial to technical.

      (Incidentally, Stefan has long been a free man again … and I believe his IP etc is all openly available for use anyway regardless of tech/platform)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s