114 posts • joined Friday 19th June 2009 15:20 GMT
I'm no tax expert, so don't ask me how that applies to subsidiaries of Amazon that don't have a presence in the UK
See CFCs, permanent establishment, tax residence, thin capitalisation, every combination of double tax treaty and, as you mention, transfer pricing.
Cloud computing = losing control of your data
The NAO must of course abide by the procurement rules.
Equally, as auditors, they have a duty of care. They must keep their clients' data confidential. Handing that data over to a third party and storing it beyond the jurisdiction of English law makes it hard to guarantee confidentiality.
Next time the NAO want to investigate DWP, or whoever, there might be an objection that the NAO can't guarantee to keep the data revealed to them confidential. DWP, or whoever, might refuse to co-operate with the investigation on that basis, and so contracting with AWS, however indirectly, might mean the NAO can't do its job.
Incidentally, it's not just the NAO of course. Consider, for example, Halarose Ltd, who have contracts with 80 local authorities in the UK to maintain their electoral rolls. Where is the data stored? With AWS, in Ireland. Under who's control?
Given that AWS have no – that's no – servers in the UK, how come they're allowed on G-Cloud's CloudStore, where all the customers owe a duty of care to keep our data safe, confidential and under their control?
It's an old saying, a bit of a cliché, but worth repeating – the the only time you're really safe is when CloudStore's down which, recently, has been quite a lot.
... I know you ain't Spartacus
... you is more like an Amazonian astrosurfer, whereas Spartacus was Kirk Douglas (né Issur Danielovitch Demsky) from nowhere near the Amazon.
IBM need help ...
... from Stephen Fry, http://www.dmossesq.com/2013/10/cloud-computing-and-sizzling-stephen-fry.html
Only he can provide the historical perspective and the technical grasp of evocon (evolutionary economics) which Amazon so obviously possess and which has eluded IBM in the first 100 years of its existence.
1. Chapeau bas to Caspar Bowden.
2. Given that most people can't read the Guardian, how can UK awareness be raised?
"As for the secret surveillance agenda, most people in the UK do not seem to care about it, because they lack accurate information in the media about what exactly is happening."
One idea: -
Communications Data Bill
For years, the Home Office have been advocating the Communications Data Bill and the Interception Modernisation Plan before it on the basis that the security services must have the interception tools needed to defend us against terrorism.
The implication was that the security services didn't have these tools.
It now transpires that they do have them.
Which means that the Home Office were deceiving parliament, the media and the public.
That ought to be a story the media would consider running.
Even if they believe that interception is justified the media might at least ask why the Home office been wasting parliamentary time?
Communications Data Bill – why bother?
"In July 2012, Britain's top spook Charles Farr made a rare public appearance: sat across a table from MPs in Parliament, he was quizzed by backbenchers scrutinising Home Secretary Theresa May's widely criticised plan to snoop on Brits' internet connections."
"Theresa May's widely criticised plan to snoop on Brits' internet connections" is the Communications Data Bill. It is widely criticised. The Home Office has put in a lot of hard work trying to get it, and its predecessors, passed into law.
After all, per Edward Snowden, GCHQ already have the technology needed. And William Hague, the Foreign Secretary and political boss of GCHQ, says that their work is perfectly legal. So does Sir Malcolm Rifkind, the Chairman of the Intelligence and Security Committee.
Surely the Bill is redundant.
Why does the Home Office waste all that energy trying to push through an unpopular bill that is unnecessary?
One would genuinely be interested in an answer.
Sell the sizzle, not the sausage
ElReg readers already know that the Government Digital Service (GDS) is all sizzle, no sausage.
Never mind the lack of sausage, GDS are hard at work selling.
GOV.UK has its awards from the Design Museum and D&AD. That helps. They have the imprimatur of Tim 'Government As A Platform' O'Reilly and Martha Lane Fox, no mean salesman herself. The BBC and the Guardian think GDS are exciting and are providing free PR (http://www.dmossesq.com/2013/06/gds-pr-blitz.html). Well done ex-Guardian man Mike Bracken and ex-BBC man Tom Loosemore.
And now the Times have joined in (http://www.dmossesq.com/2013/08/toe-curling-gds-pr-blitz.html). And Policy Exchange. How did that happen?
It is inconceivable that GDS could have gained the support of Policy Exchange while Charles Moore ran it. But he handed over the reins years ago to Danny-now-Lord Finkelstein, a different kettle of fish altogether, whose gib is cut the other way and who luckily is very senior at the Times.
This is soap opera, of course, but then who buys the sizzle? Individuals. Individuals with personal preferences. Individuals not necessarily endowed with the skills or the will to examine the effectiveness of an IT department.
It's all a bit depressing but there is the occasional laugh. Like the Tweet from ex-Conservative Home editor Tim Montgomerie, hired by Danny-now-Lord Finkelstein to write SDP opinion pieces. Mr Montgomerie is a bit of a sizzle aficionado and in his opinion (https://twitter.com/TimMontgomerie/statuses/309258485252636673): "One of the outstanding successes of this Coalition is likely to be its digital strategy http://twitter.com/Policy_Exchange/status/309257138381938688".
Re: Before you slag them all off..
"MyDex are all about helping people to own and be gatekeepers to their personal data. Most Reg readers would like Mydex."
Why do you say that?
How journalism works – Re: That Times article ...
If you enter "rachel sylvester" and "i am told" into the Times search box and hit enter you get 39 hits. That's 39 separate articles in which she has used the phrase.
I suggested to Private Eye once that they start a new column, "Eye am told". No dice.
GOV.UK is not Government on the Internet, but of the Internet
Not my words. The words of ex-Guardian man Mike Bracken, executive director of the Government Digital Service and senior responsible owner of the pan-government but non-existent identity assurance programme. And he's right. You commentards just have to be more agile, http://www.dmossesq.com/2012/10/govuk-is-not-government-on-internet-but.html
As for worrying about statistics being accurate, how old-fashioned can you get? Just ask Stephan Shakespeare, the founder of YouGov who has been inexplicably asked to devise a national data strategy, https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/198752/13-744-shakespeare-review-of-public-sector-information.pdf – search on "publish early even if imperfect" and you will see the way.
Re: location markers
"... unless people actually, y'know, do the science, you never know which bits of obviousness are actually true ..."
What's a phone? An IMEI? A phone no.? Sometimes you use someone else's phone. Sometimes someone else uses your phone.
A discipline will develop stitching the patchy record together over the years, over the IMEIs, over the phone no.s, excluding the other people's use of one phone, including the use of other phones, into one person.
It will have to.
Because there will still be a job to do, creating new identities, e.g. for ambassadors travelling under a false identity or people in witness protection programmes. The location identity created for them will have to look realistically patchy.
From my misspent youth, Dematerialised ID, May 2003, http://dematerialisedid.com/BCSL/29%20May%202003.pdf pp.31-3, §4.9.
DWP using same PR agency as HMV?
"... the [Universal Credit] project has been repeatedly hampered by a perceived IT management crisis that the DWP has strongly denied."
Not so long ago, HMV strongly denied that they faced any trading problems.
TBL "cannot imagine a perfect security regime" for the government snoopbase. Neither can anyone else. So the Department for Business Innovation and Skills (BIS) midata project is a no-no since it requires us all to store our personal data on a personal snoopbase or PDS (Personal Data Store).
TBL says that "the surprisingly-accurate advertisements served to users of social media websites ... represent a privacy threat to many internet users". Too right. So the BIS midata project is a no-no since the whole point is make the economy grow by targeting adverts more accurately.
What do BIS have to say about TBL's comments? http://search.theregister.co.uk/?q=midata
And what does TBL think about the UK's eight "identity providers", our official snoop facilitators? http://search.theregister.co.uk/?q=identity+assurance
Round II promises to be very busy
Census – Francis Maude speaking at the ICO conference in March 2012 promised a new way of doing the census in 2021. There can be no suggestion that the census would constitute a single national identity register. http://www.cabinetoffice.gov.uk/news/information-commissioners-conference-francis-maude-keynote-speech
Electoral roll – June 2011 Individual Electoral Registration Bill promises a new way of compiling the electoral roll, including data-sharing across government departments to check for completeness. Associated impact assessment notes that this data-sharing is illegal. Copies of the electoral rolls compiled constituency-by-constituency would all be stored unedited with the credit referencing agencies. There can be no suggestion that this electoral roll would constitute a single national identity register. http://www.cabinetoffice.gov.uk/sites/default/files/resources/individual-electoral-reform-impact-assessment.pdf
Personal Data Stores (PDSs) – July 2012 midata review of midata and consultation introduces concept of everyone having one or more PDSs, files which identify you and include unlimited transaction data stored with a trusted third party in the cloud. The cloud isn't safe. The web isn't safe. Why trust the third parties? Why concentrate a lot of data about yourself in one place? Breaks all the rules of cybersecurity advocated by the Department for Business Innovation and Skills (BIS). But BIS want you to have a PDS because it will "empower" you. The only supplier of PDSs they ever mention is Mydex, whose chairman sits on the midata advisory board at BIS. And the Government Digital Service (GDS) want you to have a PDS because it will allow you to verify your identity when you access public services. GDS have appointed seven "identity providers", one of them being Mydex. All part of GDS's Identity Assurance Programme (IDAP). GDS are part of the Cabinet Office. Another part of the Cabinet Office is responsible for cybersecurity. They warn individuals and businesses to beware of the web. £10 million of the £650 million cybersecurity budget was used to fund IDAP. No doubt it all makes sense and the suggestion of inconsistency is frivolous. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/32687/12-943-midata-2012-review-and-consultation.pdf
Remember what a good job Bill Crothers did at IPS on the ID cards scheme ...
... G-Cloud in safe hands, UK in safe hands
Soory to say but Chris Chant on Twitter not impressed
Not all small suppliers have trouble getting listed -- Skyscape, for example
Skyscape Cloud Services Ltd have only £1,000 of share capital, all owned by one man, but they got onto the Mr Crothers's G-Store and they're now due to host ex-Guardian man Mike Bracken's https://GOV.UK and Phil Pavitt's HMRC local office data. If they got past Mr Crothers's stringent procurement tests surely anyone can.
Re: That's quite the amazing government press release
"So that eight party they haven't quite announced yet is facebook? Or at least google? Some party we've at least heard of? No?"
We could try being logical about it. The system has to be "operational" for 21 million people "from Spring 2013", see notice in OJEU,
Where are you going to register 21 million people?
You need a national network of premises. Bank branches (RBS and Lloyds)? Retailers (Tesco and Sainsbury's)?
But there's only £25 million on the table to do the job, so why be logical?
(Incidentally, do you notice something? No biometrics.)
Re: Ah, the out-sourced ID card
It's not an ID card, I tell you, it's a personal data store, a PDS, when will you get this into your head?
And why can't you tell the good news? With identity providers, now, at last, everyone will have their own ... nanny.
Now brush your teeth.
Akamai 1 - 0 Skyscape
Enter nslookup www.gov.uk and back comes the answer:
Check up with RIPE on that 220.127.116.11 address and you get:
inetnum: 18.104.22.168 - 22.214.171.124
descr: Akamai Technologies
status: ASSIGNED PA
source: RIPE #Filtered
Things are looking good for the Akamai theory and not so good for Skyscape.
Re: GOV.UK + IdA + G-Cloud + midata + ... + NSTIC - Government Gateway
I dug on www.gov.uk and got a poor user experience:
What are you looking for?
Sorry, but there are no results for 'akamai'
Searching again using different words
Browsing from the GOV.UK home page
Visiting the support pages if you need more assistance
Using Google found a few thousand references to Skyscape and GOV.UK including this one
Hosting GOV.UK in the cloud to cost GDS record-breaking £600,000
Government Digital Service signed a deal with Skyscape last month
By Derek du Preez | Computerworld UK | Published 10:29, 10 October 12
The Government Digital Service’s (GDS) infrastructure-as-a-service (IaaS) deal with Skyscape to host single domain website GOV.UK, which was procured through the G-Cloud, is worth an estimated £600,000.
Denise McDonagh, G-Cloud programme director, revealed the figure in an article for the Financial Times, where she said that the deal is the biggest sale to date from CloudStore and is “an important milestone for G-Cloud, showing that the public sector is ready to embrace low-cost utility cloud services”.
The meaning seems pretty clear. From what you say, Mr Newton, these claims are simply false and GOV.UK is after all not being hosted on Skyscape.
Is this possible?
Re: GOV.UK + IdA + G-Cloud + midata + ... + NSTIC - Government Gateway
Akamai? Maybe they've disintegrated?
Mr Newton, I am as mystifyied as you, please explain the following:
Government Digital Service
Introducing a new supplier (Skyscape)
by Mark O'Neill on 18/09/2012
... To meet the needs of GOV.UK, we are planning to work with a number of different Infrastructure as a Service providers. We are happy to announce that the first cloud hosting provider we are working with is Skyscape.
HM Government | G-Cloud
.gov.uk hosting bought through G-Cloud
Posted on September 18, 2012 by Eleanor Stewart
We’re really pleased to be able to announce the first major sale of Infrastructure As A Service. Government Digital Service have signed a contract with Skyscape for:
1) Compute as a service
2) Compute as a service (test & development)
3) Storage as a service
This is all intended to support the exciting work they’re doing on .gov.uk to revolutionise the way citizens access information and services online.
GOV.UK + IdA + G-Cloud + midata + ... + NSTIC - Government Gateway
Savings? Improving the user experience? Those are the issues Messrs Bracken and Maude might like to restrict us to in our discussion. But there are a few more:-
1. You can't deliver public services on-line if you can't identity the users. GOV.UK needs IdA, identity assurance, major announcement due next Monday, or read leaks to the Independent,
2.1 GOV.UK is being hosted in the cloud by a one-man company, Skyscape Cloud Services Ltd. Bit small?
2.2 GOV.UK is being hosted in the cloud. Loss of control over data, staff, costs ...
3. Identity assurance relying on Facebook, Google, Twitter accounts may not be quite as reliable as the identity assurance offered by the Government Gateway but the Gateway's going anyway and soon Facebook and the others will have become part of the British Constitution. Not mentioned in Francis Maude's blog post but nevertheless the case.
4. The Enterprise and Regulatory Reform Bill continues to meander through Parliament and, if it gets through, we will all have PDSs (personal data stores). PDSs are the foundation on which midata is built but, again, mysteriously, they make no appearance in Mr Maude's missive.
5. It is tempting to say that ex-Guardian man Mike Bracken is over-fond of Google and will do anything to further its interests including giving it the UK to play with, a power apparently in his remit. Tempting, but wrong, because what he really loves is Estonia. GOV.UK is his way of making the UK just a little bit more Estonian,
They go up to 17,
The savings are for me, the costs are for you
"A taxpayer service that saves taxpayer money... Hmm".
There may be savings. We may find out when we see the audited accounts. But wherefrom comes the touching belief that these savings will be enjoyed by taxpayers?
Go back to the Bible, Martha Lane Fox's 10-page letter to Francis Maude, and you will read:
"I recommend that any savings from the reduction in duplication should remain in departments, once transition costs and ongoing funding for the new central team have been taken into account".
Take another look at Skyscape
Skyscape get a brief mention at the end of this Reg article. It might be worth taking a further look at the company.
The G-Cloud team include Skyscape on their CloudStore shop but without making any recommendations as to the company's suitability.
GDS have decided to host GOV.UK on Skyscape's servers and HMRC are putting their records there also. So every transaction between the public and the government will depend on Skyscape and ditto all our tax records.
Skyscape is too young to have filed any accounts, it only has £1,000 of paid-up share capital, there is no company secretary and only one director, who also happens to be the only shareholder -- all GOV.UK transactions and all tax records depend on one man, Mr Jeremy Robin Sanders.
What is Eleanor Stewart (G-Cloud) thinking of?
Has Lin Homer (HMRC) seen what her CIO Phil Pavitt has agreed to?
And is ex-Guardian man Mike Bracken the right man to be chief executive of GDS? All his staff have worked hard to get Martha Lane Fox's GOV.UK up and running/testing and then he goes and hands the lot over to a one-man £1,000 company?
One has taken these matters up with him -- http://www.dmossesq.com/2012/10/gds-and-skyscape.html
One awaits a response.
Google – a latter-day Pied Piper of Hamelin
Google have been approached by the Government Digital Service (GDS, part of the Cabinet Office) to help with our government's attempts to provide identity assurance so that public services can be delivered online/become digital by default.
Google have been approached to help with the Dept of Business Innovation and Skills so-called "midata" project.
And, as cloud computing service providers, they have been linked to the plans for G-Cloud.
If Google succeed in getting contracts for all or some of these initiatives they will effectively become part of the Constitution. On that, Ms Harman is right.
In the end, the decisions will be made or strongly influenced by Sir Bob Kerslake, head of the home civil service, and Francis Maude, the Cabinet Office minister. Are they qualified to make those decisions?
They are advised by people like Andy Nelson, government and Ministry of Justice CIO, and ex-Guardian man Mike Bracken at GDS. The latter, at least, seems to be under the misapprehension that governing the UK is a bit like running Amazon or eBay.
My point, to repeat, is that here in the UK we are being driven towards cloud computing and public services which are digital by default and which rely on an undeliverable identity assurance when we know from the experience of Estonia and others that the dangers involved are serious and unsolved.
In order to allay any fear of those dangers, the seriousness of the Estonian debacle of 2007 and of other cyber-failures are consistently downplayed – revisionism.
We are looking here at a wilful re-run of the Pied Piper of Hamelin, http://www.dmossesq.com/2012/04/amazon-google-facebook-et-al-latter-day.html
It is refreshing that this should get such balanced coverage in The Register.
Now you're doing it: "I know from personal exerience that there were problems, but nothing major". Make your mind up. Was it serious or wasn't it?
Guardian Technology blog, 25 January 2008, 'That cyberwarfare by Russia on Estonia? It was one kid.. in Estonia', http://www.guardian.co.uk/technology/blog/2008/jan/25/thatcyberwarfarebyrussiaon
Journal of Strategic Studies, 24 February 2012, 'Cyber War Will Not Take Place': "... unlike a naval blockade, the mere ‘blockade’ of websites is not violent, not even potentially; unlike a naval blockade, the DDoS attack was not instrumentally tied to a tactical objective, but an act of undirected protest; and unlike ships blocking the way, the pings remained anonymous, without political backing ...", http://www.tandfonline.com/doi/abs/10.1080/01402390.2011.608939
Guardian Technology blog, 24 August 2007, 'Kevin Poulsen on Estonia's cyberwar': "Earlier this year, there was a lot of kerfuffle about a so-called cyberwar which struck Estonia's government - our European correspondent Ian Traynor reported the details, and it became big news on the web ... The tale has got the Wired treatment, prompting former hacker Kevin Poulsen to write a really interesting and detailed blog post on Wired.com explaining why thinks the story is overbaked ... Essentially his point is that Estonia (one of the world's most wired economies) took a bit of a beating, but the effects were overplayed thanks to overdramatic government response. The Estonia attack wasn't sophisticated, and cyberwar has already been with us for a while, he suggests ...", http://www.guardian.co.uk/technology/blog/2007/aug/24/kevinpoulseno
That'll have to do to be going on with.
It is common to belittle DDoS attacks. Bruce Scneier compares them to a crack group of commandos invading a country and imposing their rule by barging to the head of the queue in the post office. I am glad you agree with me that DDoS attacks can be serious but that is not the common judgement.
In the Guardian article referred to, http://www.guardian.co.uk/technology/2012/apr/15/estonia-ussr-shadow-internet-titan, we find the following:
"This is how a lot of myths were created," remembered Pärgmäe. "Those outside the country couldn't access Estonian websites, but they didn't realise that people inside still could."
You and I agree about the gravity of the DDoS attack but Katrin Pärgmäe, who is in charge of public awareness at RIA, the country's internet authority, treats it as a myth. That looks to me like revisionism.
Why? Why would anyone want to lie about the facts of this case?
Because governments all over the world including our own want to "transform" public services by delivering them over the web and only over the web.
"Estonia is seeking to reinvent itself from a cheap place to source top-notch programming expertise into the Nordic Silicon Valley and bio-tech centre."
That's not the only thing they're trying to reinvent.
They're also trying to reinvent their recent history. The country was brought to its knees in 2007 by simple DDoS attacks. Only possible because they're so reliant on the web in their highly automated economy. Nothing to see here, they now say, move along please.
Francis Maude was taken to Estonia by ex-Guardian man, Mike Bracken, to have a peek at the future. Let's hope he also had a little peek at the past, http://www.dmossesq.com/2012/05/francis-maude-seeks-future-in-estonia.html
A rare insight into the Home Office's modus operandi
As we all know, automated face recognition doesn't work.
The 2004 UK Passport Service biometrics enrolment trial proved it. As do all other trials. £12.8 million of public money is being wasted.
This matter was taken up in the world-famous case in front of the Information Rights Tribunal, David Moss v Information Commissioner and the Home Office, http://dematerialisedid.com/bcsl/foi.html.
During that case, evidence was submitted by the Home Office and by IBM. Take a look:
Re: At least the Aussies have sense
Funny you should mention that.
29 March 2009, Sunday Times, "Spy chiefs fear Chinese cyber attack", by Michael Smith:
"... equipment installed by Huawei, the Chinese telecoms giant, in BT’s new communications network could be used to halt critical services such as power, food and water supplies ..."
"Ministers expressed concern that replacing the Chinese components with British parts would clash with government policy on competition."
Security? Competition? No contest.
We should take a holistic view of CSC
It was revealed/alleged in the Sunday Times yesterday that British Aerospace's computers had been hacked by the Chinese, who stole secrets to do with the Joint Strike Fighter over a period of 18 months. BAE outsource their IT to ... CSC .
CSC currently face a class action brought against them by their own shareholders .
CSC were docked $250 million by the US Armed Services Board .
In addition to the Department of Health, CSC are also retained by:
The UK Border Agency, who use CSC to collect the biometrics of UK visa applicants overseas. When we decide that we can no longer afford to pay for this schoolboy stamp collecting habit, CSC may expect the golden goose to stop laying .
The Identity & Passport Service. When the public finally tire of paying three times too much for their passports, CSC may legitimately expect once again that the golden goose will stop laying .
Re: Biometric Systems in Aviation #2 of 2
The airport operators may not install biometrics technology to help to reduce headcount. But UKBA do, please see the evidence of Dame Helen Ghosh, Permanent Secretary at the Home Office, when she appeared before the Home Affairs Committee on 22 November 2011, http://www.dmossesq.com/2012/01/theresa-may-damian-green-helen-ghosh.html :
"... there are plans, over the SR10 period [up to 31 March 2015], to reduce the staff of the Border Force by around 900 people, from almost 8,000 people at the start of the period. But that is driven as much by technological introductions like e-gates, as well as a risk-based approach. Border Force will be getting smaller ...".
Are UKBA investing our money wisely? Does the biometric technology their plans depend on work? Does it work well enough to replace human beings? All the respectable published academic evidence suggests that the answers are no, no and no.
In light of which, with the Olympics coming up and border security an even greater concern than usual, it's about time the Home Office gave us some performance figures to work with, something which, disclosure, they currently resist, and resist very energetically, http://dematerialisedid.com/bcsl/foi.html .
Re: Biometric Systems in Aviation #1 or 2
Thank you for that interesting post, Mr Ankers.
Who is making the investment in biometrics here? Is it a private sector airport operator, risking its own money? Or is it UKBA, a public authority investing public money, i.e. your money and mine? There is a fusion, or confusion here, which it would be useful to resolve.
In your experience, what are the performance characteristics of the iris scan and face recognition biometrics that you mention? What is the failure to enrol rate, the false match rate and the false non-match rate? And what are the volumes involved, have your systems registered 5,000 airport users, 5,000,000, ...?
With two-dimensional face recognition, many studies suggest that the false non-match rate is between 30 and 50% for the first two months after registration, which is useless, and then falls off a cliff -- sort of double useless. There is obviously no point fusing the iris scan biometric with 2-D face recognition. But are your clients perhaps using 3-D face recognition?
In which case, that's fine, but it stops being centrally relevant to the matter at hand, because UKBA and their smart gates don't, they rely on 2-D.
Aadhaar is an Indian identity management scheme operated by the Unique Identification Authority of India (UIDAI) to register all 1.2 billion Indians, identifying them by their biometrics only. They're on track to register 200 million Indians by 31 March 2012 and have just been authorised to register the next 200 million.
Here's a bit of homework, two short reports to read:
1.Role of Biometric Technology in Aadhaar Enrollment -- http://uidai.gov.in/images/FrontPageUpdates/role_of_biometric_technology_in_aadhaar_jan21_2012.pdf
2. India boldly takes biometrics where no country has gone before -- http://www.planetbiometrics.com/creo_files/upload/article-files/India_boldly_takes_biometrics_where_no_country_has_gone_before.pdf
From 1., you will find that UIDAI are using fingerprints and iris scans as a single, composite, "multi-modal" biometric. The biometric failure to enrol rate is 0.14%. The false positive identification rate is 0.057%. The false negative identification rate is 0.035%.
From 2., you will find that UIDAI recommend that any national identity management scheme which doesn't use iris scans is doomed to "catastrophic failure". Ditto if the scheme isn't multi-modal. Ditto if the scheme doesn't use competing matching algorithms at the back end. Catastrophic. Failure.
Q1. What are the performance figures for the UKBA scheme equivalent to UIDAI's 0.14%, 0.057% and 0.035%? If we don't know the answers to those questions, we don't know if the UKBA scheme is good, bad or indifferent.
Q2. UIDAI don't bother to use face recognition. Why do UKBA?
Q3. UKBA don't use iris scanning, multi-modal or competing matches. What is to stop their scheme, IABS (the Immigration and Asylum Biometric Service) from being a catastrophic failure?
Q4. Do you think IABS will make the UK border secure and the 2012 Olympics safe? Why?
Choose what to be scandalised about
"UKBA is busy investigating the scandal that erupted when it was claimed that fingerprint checks were regularly abandoned"
It's only a scandal if fingerprint checks work. The scandalised assume that they do. But then the scandalised don't necessarily know the first thing about the technology and don't have to use it.
Brodie Clark, former head of the UK Border Force, did have to use it. And he said the technology doesn't work. You can watch him say it to the Home Affairs Committee here -- http://www.parliamentlive.tv/Main/Player.aspx?meetingId=9445&st=11:36:43 starting at 12:18
Now, how sure are you that there was a scandal?
Still wavering? How about we add in the fact that at Calais, for "clandestines" only, UKBA have abandoned fingerprinting? Staff have got better things to do -- http://www.dmossesq.com/2012/01/theresa-may-damian-green-keith-vaz.html
You can be scandalised about fingerprint checking being dropped if you like. Or you can be scandalised about fingerprint checking being adopted in the first place. I'd go for the latter, me.
According to Wikipedia, it's something to do with French turkey-farmers: "misfeasance in public office is a cause of action in the civil courts of England and Wales and certain Commonwealth countries. It is an action against the holder of a public office, alleging in essence that the office-holder has misused or abused his power. The tort can be traced back to 1703 when Chief Justice Holt decided that a landowner could sue a police Constable who deprived him of his right to vote. The tort was revived in 1985 when it was used so that French Turkey producers could sue the Ministry of Agriculture over a dispute that harmed their sales". But not just French turkey-farmers.
The pressure on John Vine -- misfeasance in public office 2
John Vine, Independent Chief Inspector of the UK Border Agency, is the man who reported Brodie Clark to Rob Whiteman, Chief Executive, on suspicion of suspending fingerprint checks too often.
Brodie Clark is the now ex-head of the UK Border Force who said in his evidence to the Home Affairs Committee that fingerprint checks are the ninth and bottom priority for officers of the Border Force, they are the least reliable security/identity checks made and, when the occasion arises, it is very sensible to suspend fingerprint checks rather than any of the others.
Mr Vine was due to investigate the Brodie Clark affair further and report to the Home Office by 31.1.12. His report has now been delayed.
All details here -- http://www.dmossesq.com/2012/02/john-vine-report-delayed.html
The commissioning of smart gates has now been delayed.
And so has IABS.
IABS is the Immigration and Asylum Biometrics System. This is a new system being introduced to beef up border security and particularly to help to make the 2012 Olympics safe. Jackie Keane, a senior civil servant at UKBA, was supposed to get IABS in by 31.12.11. In the event, most of it is now scheduled for deployment this month and the Olympics bit next month, March, getting dangerously close to the Olympics themselves.
IABS details available here -- http://www.ukdirectgov.com/homeoffice/ukba/sitecontent/documents/aboutus/workingwithus/ukba-news1/issue-10_178d2d3.pdf (p.5)
Since (constructively) dismissing Brodie Clark for suspending fingerprint checks, UKBA has suspended fingerprint checks at Calais for stowaways. Damian Green MP said his staff have got better things to do. Not looking good for UKBA at the tribunal -- "so you dismissed Mr Clark for doing what is now policy, Mr Green ...".
Please see http://www.dmossesq.com/2012/01/theresa-may-damian-green-keith-vaz.html
Information rights -- misfeasance in public office 3
The biometrics for smart gates and fingerprint checking at the border and at the upcoming Olympics are provided by IABS, the Immigration and Asylum Biometric System, please see http://www.ukdirectgov.com/homeoffice/ukba/sitecontent/documents/aboutus/workingwithus/ukba-news1/issue-7_178d2d3.pdf, p.5.
IABS is the responsibility of Jackie Keane, a senior civil servant at the UK Border Agency, and was due to go live by 31.12.11. In the event, it has been delayed. Most of it is now due to go live by 29.2.12 and the Olympics bit by 31.3.12.
The suppliers involved are: IBM, Morpho, Home Office IT, Fujitsu and Atos.
Do Morpho's biometrics work?
According to IBM, yes they do.
Could we, the public, please see IBM's report, which gave enough confidence to the Home Office that these biometrics work to make them spend several hundred million pounds of your money and mine on gizmos like smart gates?
"No", said the Home Office.
"No", said the Information Commissioner's Office.
The case comes before the Information Rights Tribunal on 24.2.12, over two years after the initial Freedom of Information request was submitted, please see http://dematerialisedid.com/bcsl/foi.html
Perhaps the tribunal will say "Yes".And perhaps we will see then that Whitehall has been knowingly wasting our money on duff technology, giving that money to the nice people at IBM, Morpho, Home Office IT, Fujitsu and Atos. That would be misfeasance in public office. Perish the thought.
Biometrics -- misfeasance in public office 1
Several Home Office officials have asserted that smart gates are being installed because they are confident that they work. The confidence of these officials is based, they say, on the results of trials conducted, particularly at Manchester Airport.
John Vine is the Independent Chief Inspector of the UK Border Agency. He inspected Manchester Airport and said in his report that: "We could find no overall plan to evaluate the success or otherwise of the facial recognition gates at Manchester Airport and would urge the Agency to do so [as] soon as possible".
All details available here -- http://www.dmossesq.com/2011/11/whitehall-on-trials.html
Were the officials lying? Were they misled? Is John Vine not very good at inspecting? Don't know, can't answer any of those questions.
But someone had better answer them because wagonloads of public money are being spent in the UK on systems whose success depends on the chosen biometrics being reliable. If they're not reliable, and if Whitehall knows that they're not reliable, then many officials will be liable to charges of misfeasance in public office.
hpTellYourArsefromYourElbow() = false
Today HP tells us via the Guardian via ElReg that:
"[cloud computing] technology is making the [DWP] initiative possible"
"cloud platforms could support the effort to make applications available beyond the commissioning body"
Can this be the same HP who were reported by IT Pro on 2 June 2011 as saying (http://www.itpro.co.uk/633898/updated-government-g-cloud-is-dead-says-hp):
"Government G-Cloud is dead"
"IT PRO learns from the UK HP managing director the Government has completely canned the G-Cloud project"
"The UK Government G-Cloud project has been killed off by the Coalition, according to the managing director ... of HP in the UK"
"Nick Wilson, who has been heavily involved in Government IT planning, revealed to IT PRO yesterday the Coalition had dropped the cloud initiative in favour of focusing more heavily on data centre consolidation"?
Yes, it can.
Ex-Guardian man Mike Bracken lays an egg
Ex-Guardian man Mike Bracken says on the GDS blog:
"The days of creating different user names and passwords for every new website are numbered, thank goodness. There is a strong desire to work collaboratively across the public and private sectors to develop solutions that meet users differing needs. That desire is international. The USA’s National Strategy for Trusted Identities in Cyberspace and the EU Project STORK pilots testify to the opportunities."
"Project STORK" in that quotation links to https://www.eid-stork.eu/ where you might expect to see a lot of opportunities testified to. Instead, what you find is this:
"The aim of the STORK project is to establish a European eID Interoperability Platform that will allow citizens to establish new e-relations across borders, just by presenting their national eID."
But we don't have a "national eID", we Brits, do we. Is Mr Bracken suggesting that we should have a national electronic identity? If not, what is he suggesting?
Many people won't know this, but the UK leg of Project STORK is the UK Government Gateway, the very system that the Cabinet Office want to get rid of. If they succeed, how will we Brits partake in any of the exciting opportunities which are testified to by Project STORK?
Obviously that last point is otiose as far as regular ElReg aficionados are concerned. They will remember the article 'How much of the EU's data will the UK lose?', http://www.theregister.co.uk/2009/09/02/uk_eu_data_menace/
But does ex-Guardian man Mike Bracken realise how important the Government Gateway is for any Brit who wants to avail himself of the opportunity to set up a new business in, say, Greece?
Calling all mooncalves
For a brief while there yesterday, there was a story on the BIS website called "The midata vision of consumer empowerment". It's gone now.
But there is a press release, available at http://nds.coi.gov.uk/content/Detail.aspx?ReleaseID=421869&NewsAreaID=2
And Ed Davey, the minister responsible, has blogged on midata at http://blogs.bis.gov.uk/blog/2011/11/03/giving-consumers-the-midata-touch/#comment-2054
1. The claim is made repeatedly that midata empowers people and that midata gives them unprecedented control over the use of their personal data. How? BIS give no answer. Suppose you fill your "personal data inventory" (PDI) with a lot of your Lloyds Bank data (Lloyds are one of the midata partners) and then pass a selection of that data to British Gas (another midata partner), perhaps to open an account, how can you control what British Gas do with the data? You can't. You get no new powers with a PDI than you had before there were any PDIs. There is no sense in which you are newly empowered. The BIS press release is misleading.
2. There are unexplained claims that having a PDI will help you to make decisions. Unexplained, at least, in the BIS press release. But there is an explanation here -- http://forum.no2id.net/viewtopic.php?f=2&t=35514 The purveyors of PDIs, previously known as PDSs, believe that analysing the data in your PDI will help you to decide who to marry, see particularly comments at 08 Jun 2011 18:19:11
3. midata is clearly closely related to the Cabinet Office's Identity Assurance scheme (IdA) as noted by ElReg. At least it should be. But on Monday 31 October 2011, the Cabinet Office held an IdA conference. The impression was that they were in control. There was no mention of midata, which appeared, unheralded, three days later on Thursday 3 November. Is midata, as FatsBrannigan asks, and so do I, a freelance operation by BIS? Is the Cabinet Office in control?
4. Ed Davey is Lib Dem MP for Kingston and Surbiton. Here he is claiming that the UK economy can be expanded by making it easier for people to give their data to marketers in a handily formatted container designed to suit them. Socially dodgy. Economically dodgy. Politically dodgy.
Even more exclusive
The Cabinet Office and the Technology Strategy Board (TSB) hosted a conference on 21 October 2011 entitled "Ensuring Trusted Services with the new Identity Assurance Programme".
Francis Maude, Cabinet Office Minister, announced that he had allocated £10 million from the cyber security budget to IdA (the Identity Assurance Programme).
The TSB is a grant-making quango with £300 million a year to invest. They have agreed £40 million of funding for 24 suppliers to IdA, see http://www.innovateuk.org/_assets/0511/tsb_trustedservicesdirectory520.pdf
So that's £50 million so far, not £10 million.
Mr Maude said in his talk that no primary legislation would be required for IdA. This was later corrected by someone else.
The assertion was made both by Mr Maude and Mike Bracken, the ex-Guardian SRO of IdA, that public services have to be digital by default because Martha Lane Fox says so. This enhancement to the UK Constitution is news to everyone.
Ms Lane Fox has also pointed out that over 9 million people in the UK have never used the web. So how will they access public services? Post offices and libraries, said Mr Maude. Less than convincing.
The Cabinet Office have had a while to think about this. These 9 million people will not be excluded from public services. There will be an "assisted digital" service for them.
What is the assisted digital service? That's all covered by the blog on GDS, the Government Digital Service, Executive Director, ex-Guardian man, Mike Bracken. On 28 July 2011, someone posted on the matter here, http://digital.cabinetoffice.gov.uk/2011/07/28/an-introduction-to-assisted-digital/#more-1054. That was the first post about assisted digital. And the last.
So how are the Cabinet Office going to serve 9.2 million people? Answers on a postcard, please.
The big question with the Cabinet Office, of course, is does anyone listen to them? There was no-one at the conference from the Home Office. Or the Department of Health. HMRC were there, they spoke briefly, and it was quite clear that they don't need IdA. DWP were there, they spoke briefly and it was quite clear that they were prepared to design their front end to UC (universal credit) to fit in with IdA. Which means using a lot of brown. So, no.
The Proposition Lead on IdA was there and confirmed that the Cabinet Office still have to think through what happens if somebody's identity is hijacked on IdA. He also confirmed that there is a certain amount of risk transacting over the web and we'd just have to live with it.
How is IdA going to assure identities? Still not clear. There was some talk of voiceprints and voice authentication. That was from DWP. And at least two of the TSB investees are voice biometrics suppliers.
Everyone said "agile" a lot, and "cloud". And "Martha Lane Fox".
Can anybody find a useful job for the Cabinet Office to do?
The Government ICT Strategy - Strategic Implementation Plan, moving from the "what‟ to the "how" is available at http://www.cabinetoffice.gov.uk/sites/default/files/resources/govt-ict-sip.pdf
"The approach set out in this plan ensures that departments will now work in a collegiate way", it says on p.4. In the light of past experience, unlikely. The reason Transformational Government failed back in 2006-07 was precisely that other departments didn't turn up to meetings called by the Cabinet Office. The drubbing handed out to the Cabinet Office by the Department of Health a few weeks ago suggests that nothing has changed. Francis Maude, Ian Watmore, Joe Harley and Liam Maxwell have no authority.
"... we can drive down our costs by creating a more open and competitive marketplace ...", it says on pp.4-5. Heard that one before. It's never happened. Why should it happen now?
"This ... comprehensive implementation plan ... will ... increase digital inclusion ... and ensure information is shared", it says on p.5. How will it increase digital inclusion? There are still nearly 10 million people in the country who have never used the web. The Cabinet Office couldn't get the other departments to share information before -- how will they make them share now? Do we want them to share? Is that a good thing?
"Successful implementation of the Strategy in central government is projected to deliver over £460m savings in-year in 2014/15", it says on p.7. That's not very much. It's less than was wasted on FiReControl. It's less than the begging letter CSC have on the table at the Department of Health (£3 billion, please). And the savings depend on the strategy being implemented successfully. When did that last happen?
"... the government‟s priority areas of activity are the creation of an environment for a common and secure ICT infrastructure ...", it says on p.10. Secure? Everyone from the Pentagon down seems to operate insecure websites. How is the Cabinet Office going to avoid the same fate?
October promises to be a busy month. The Cabinet Office intend to publish their Cloud Computing Strategy, End User Device Strategy, Green ICT Strategy and ICT Capability Strategy (a slim volume), see p.14. That's a lot of publishing. What's it meant to achieve?
There is an answer. See p.56, Channel Shift, The Challenge, the Cabinet Office are going to "make the lives of citizens simpler and easier". So, just like ID cards.
The perfect man for the job, just look at his CV
OK, so he couldn't hack it at the Football Association. But compared with that, imposing his will on Whitehall will just be a walk in the park, won't it?
Efficiency? Reform? It's all there, http://www.dmossesq.com/2011/10/you-just-cant-keep-good-man-down.html
Who will be the first to write an application which allows motorists to transmit messages of their own devising to OnStar, proving definitively that they were travelling the right way down that one-way street, wearing a seat belt and doing no more than 20 mph?
These security swords, eh?, they always have another edge.
The last word in excellence
Will Ms Davis make a good CIO at Connecting for health?
While we are waiting for the future to unfold, we can only divert ourselves with an examination of her record to date.
1. She is currently the Executive Director of Operational Excellence at the Cabinet Office. Do we have more operational excellence since her advent, yes or no?
2. Before that she was the Executive Director of Strategy at the Identity & Passport Service. Was it a good strategy, yes or no?
3. Before that, according to the Telegraph , she wanted to set up a public service IT academy. Do we have a public service IT academy, yes or no?
4. Before that, same source, she worked in the Delivery and Transformation Group, all something to do with the Transformational Government initiative. Has government been transformed, yes or no?
5. In his report on DEFRA’s Rural Payments Agency , David Hunter lists the members of the RPA Board. And there, almost the last line of Mr Hunter’s 75-page report, is Ms Davis, Non-Executive Director, MIS, Change. Was she a successful non-executive director, MIS, change, yes or no?
- Xmas Round-up Ghosts of Christmas Past: Ten tech treats from yesteryear
- Analysis Microsoft's licence riddles give Linux and pals a free ride to virtual domination
- Special Report How Britain could have invented the iPhone: And how the Quangocracy cocked it up
- Massive! Yahoo! Mail! outage! going! on! FOURTH! straight! day!
- Bring it on, stream biz Aereo tells TV barons – see you in Supreme Court