If you were born before yesterday ...
... you might remember that Meg Hillier was one of the many Home Office ministers who failed to improve border control, but don't let's be picky ...
240 posts • joined 19 Jun 2009
... you might remember that Meg Hillier was one of the many Home Office ministers who failed to improve border control, but don't let's be picky ...
No it's not HMRC's fail. They've successfully used the Government Gateway for about 17 years now. They don't need GOV.UK Verify (RIP).
It's GDS's fail. GOV.UK Verify (RIP) offers HMRC nothing – 60% of attempts by the public to use it fail and it can't handle companies and partnerships and trusts, both of which would make it hard to collect tax.
The UK Government's identity assurance scheme, GOV.UK Verify (RIP), has contracts with seven "identity providers" whose job it is to verify our identity.
Equifax's business activity is currently interrupted.
Without Equifax, those three "identity providers" can't do their job. GOV.UK Verify (RIP) can't work.
There has been no comment yet from the Government Digital Service. There never is. GOV.UK Verify? RIP.
Biometrics based on facial recognition doesn't work. Not at the mass consumer scale.
Given which, it is bizarre to berate the Home Office, as ElReg do, for not having a facial recognition biometrics strategy. You might as well demand a horoscope strategy.
Given which, there is no civil liberties problem here. Our civil liberties can't be infringed by a technology that doesn't work.
Both our location and the network of people we contact and who contact us are available to the police from mobile phone records. That's more of an issue. As is the failure of the UK Home Office to obey the law. But facial recognition biometrics? No. The only questions there are why are the police wasting their time and our money.
Mockery is the best response. To throw up your hands in horror at the infringement of civil liberties is to help the biometrics salesmen to make their case.
More amused mockery, please.
Some companies, such as Maersk, did direct business with Ukraine, which would explain how the malware got on its system, the F-Secure man added. "However, one victim we spoke to had no ties to the Ukraine at all, so it is a mystery as to how they got infected. Its spread via VPN is one possibility."
Early 2012, and Aadhaar is threatened with termination. UIDAI saves the project by publishing two papers on the reliability of the mass consumer biometrics technology used by Aadhaar:
The claimed biometric failure to enrol rate was 0.14%. The claimed false positive identification rate was 0.057%. The claimed false negative identification rate was 0.035%.
Such figures were and still are several orders of magnitude better than anyone had or has ever achieved for mass consumer biometrics.
How did UIDAI claim that Aadhaar would achieve them with a population of 1.2 billion people? Answer, by ditching biometrics based on face recognition, adopting flat print fingerprints and irisprints combined to form a single multi-modal biometric and by using three competing matching algorithms. Any other approach, UIDAI said, was doomed to "catastrophic failure".
Five years later, have UIDAI achieved those impressive performance figures? An independent audit is required.
If they have, will the suppliers of the biometrics systems in use warrant their performance? If not, why not?
If they have, then the UK Home Office must explain why it continues to embrace "catastrophic failure". (The Home Office continue to fund face recognition, they no longer fund irisprints and they do not use competing matching algorithms.) And the UK Home Office must follow India by publishing its own performance statistics.
If UIDAI have failed to deliver, five years later, then Aadhaar will once again be in danger. So will every other government-backed mass consumer biometrics project in the world.
Government Digital Service
Government Technology blog
22 May 2015
The Technology Leaders met last month and took a collective decision to not extend the support arrangement for 2015. The current support agreement ended in April 2015.
... where the true masters of AI are even now using software to classify user feedback, please see Using machine learning to classify user comments on GOV.UK.
What does that involve?
They look at three features of the user feedback. That helps to classify it. With 88% accuracy in the case of one class.
And what are those three features?
Answer, "the ratio of upper case characters to total characters, the total number of characters entered in the text box, and the ratio of exclamation marks to the total number of characters".
Earlier, in Understanding more from user feedback, GDS said "this approach can also be used to tackle a range of text analysis challenges ... such as quickly understanding policy consultation responses".
No more AI scepticism, please.
... I read that IBM had emulated S/370 on a PC and I realised I could run TSO at home.
It's not the money. Prof Weerakkody's paper is all about the ignorance and prejudice of the project participants. That's what sank DEFRA's Basic Payment Scheme and DWP's Universal Credit. Both projects have burned their way through eye-wateringly gigantic piles of money. There was no lack of it, it's not the wallets that were "glued shut", it was the minds of the participants. That could usefully be reflected in a more accurate headline.
... where, out of 12 "identity providers", there are just seven left, of which two ask us Brits to download viruses ("apps") onto our mobile phones.
With Digidentity, it's optional.
With Morpho, it's mandatory. The app permissions comprise:
But don't go worrying about your privacy.
1. read phone status and identity
2. take pictures and videos
3. find accounts on the device
4. use accounts on the device
5. connect and disconnect from Wi-Fi
6. full network access
7. receive data from Internet
8. view network connections
9. view Wi-Fi connections
10. prevent phone from sleeping
11. modify system settings
"This is is only the second time that British cops have openly trialled live automated facial recognition (AFR) systems in the UK ... Last year, Leicestershire Police also trialled AFR at Download Festival ..."
Airport security isn't the only use for face-recognition software: it has been put through its paces in other settings, too. One example is "face in the crowd" on-street surveillance, made notorious by a trial in the London Borough of Newham. Since 1998, some of the borough's CCTV cameras have been feeding images to a face-recognition system supplied by Visionics, and Newham has been cited by the company as a success and a vision of the future of policing. But in June this year, the police admitted to The Guardian newspaper that the Newham system had never even matched the face of a person on the street to a photo in its database of known offenders, let alone led to an arrest.
Worrying about this technology working only encourages the police to spend our money on it. Better to laugh at them for falling for the salesmen's patter.
"It is not known what quantity of uninfected meat Ben was force-fed ..."
... but we do know that he is an expert on the Black Death.
You may be right about these unnamed companies but GDS are meant to be different. They're meant to have the digital future coursing through their veins. They speak it like a native. Others may make a mistake digitalwise but GDS can't, almost by definition. GDS are in Whitehall, where no-one understands the first thing about digitisation according to the current and previous executive directors of GDS, precisely because they know everything about it. And they don't wear suits.
I'm pleased to hear that there are counter-examples. But most people get no notification. We await GDS's GOV.UK Notify.
We await also their GOV.UK Verify (RIP), which is supposed to provide adequate proof that we are who we claim to be. Which is what the EROs need.
Of course, if GOV.UK Verify (RIP) worked, we wouldn't need the EROs. We wouldn't even need to register to vote. GDS could decide our entitlement to vote for us using attribute exchange and all the non-existent open data registers which support the non-existent GaaP, government as a platform.
All we would need to do is vote.
Or would we? Could GDS use data science to work out for us what we should vote?
Soon we won't be needed at all. GDS can cater to all our user needs.
There was a major campaign to get people to register to vote. When they tried to register to vote, that was unexpected. Or unprecedented, according to GDS.
Just how unexpected or unprecedented?
Cast your mind back to 21 April 2015 and the BBC's More people register to vote 'than ever before':
A record-breaking 469,000 people registered to vote online in one day for the 2015 general election - as the deadline closed on 20 April.
GDS's apply-to-register-to-vote platform is not communicative. You submit your application. And you wait. Some applications will be successful, i.e. the Electoral Registration Officer adds you to the electoral roll. And some will fail. You don't find out you've failed until you find out you can't vote.
Prediction: more newspaper headlines about all the people, whose applications have failed, being silently disenfranchised, followed by Oliver Letwin explaining that that's inevitable.
Not many people know this but someone issued a warning exactly two years less 10 days ago about the duplicates problem. That message is presumably still on its way from the dinosaur's stubbed toe to its brain.
"The Gov.uk voter registration site ... is one of many websites and online services run by GDS."
Is that true?
Or are Computer Weekly right when they say that the site is run by the Foreign Office?
Has Matt Hancock finally refused to speak his lines?
The GOV.UK Performance platform tells us that HMRC conducts about 420 million PAYE transactions p.a. That's mainly companies submitting their PAYE returns. Submitting them over the Government Gateway.
Check p.6 of the Red Book and you'll find that HMRC expect to raise £182 billion in income tax in 2016-17 from this source and £126 billion in NI. Most of the £138 billion of VAT depends on returns submitted over the Government Gateway, as does the £43 billion of corporation tax.
Take away the Government Gateway and our public services will be unfunded.
The question is, how will HMRC replace the Government Gateway?
HMRC have been in the digital business for decades. Unlike some people we could mention. Will they replace the Government Gateway with GOV.UK Verify (RIP)?
GOV.UK Verify (RIP) doesn't "know" what a company is. Or a partnership. Or a trust. It's not the obvious choice.
GOV.UK Verify (RIP) operates an identity hub, which connects people and relying parties like HMRC. That could perhaps provide a transport layer for tax returns. But it's not the only option. Just as well, given the questions about the security of the GOV.UK Verify (RIP) identity hub.
Individuals and legal persons have used the Government Gateway for 15 years now. That requires submitting a modest amount of personal information to HMRC and other relying parties to identify us. In the main, that personal information stays with the relevant government department.
You might hope that any replacement for the Government Gateway would be similarly careful with our personal information ...
... in which case, that rules out GOV.UK Verify (RIP) which requires us to reveal colossal amounts of personal information to large numbers of private sector organisations in the UK and abroad.
It has been suggested that these two organisations have only signed an MOU because they read in the papers that major companies do that sort of thing. Having a charter sounds quite important. Also, doing things internationally.
In fact, the MOU isn't just attitudinising. Its consequences will be quite practical. We could, for example, one day, have an Australian chief executive of GDS here in the UK.
Looking further into the future, it is conceivable that our two countries share a common language and even collaborate over a resilient international telecommunications network.
Of course there may be friction. Which MOU wins if there is a conflict between the Australian MOU and the Korean one engineered by Mr Maxwell in 2013? But then of course that's why we retain a seat on the UN Security Council.
... and a hurricane promptly tears through the Caribbean.
Verizon is a certified "identity provider" working for the UK's identity assurance scheme, GOV.UK Verify (RIP).
Guess what happened today.
Verizon's name disappeared from the Government Digital Service's list of "identity providers" we Brits can sign up with.
Ann Treneman's parliamentary sketch in the Times, 18 December 2007, This is shaping up to be Gordon Brown’s Winter of Disc Content:
The details of three million learner drivers in Britain have gone missing from a facility in Iowa City, Iowa.
... surely, nobody who lives in Britain should have to have their driving licence details stored there. (Or not, as the case now is.)
If we have to have globalisation, the details should be stored somewhere more glamorous than Iowa, which is famous for its early presidential primary and its giant pigs. I am sure that none of the three million Brits ever thought that they would be stored on a hard disc in Iowa City ...
Only the Government could lose three million learner drivers in a place where they cannot drive anyway but if they could they would be on the wrong side of the road.
... a “hard disc drive” had gone missing from a “secure” facility.
Why did she [Ruth Kelly, Transport Secretary at the time] call the facility “secure”? This is, by definition, an insecure facility. The whole thing was proof, if more were needed, that this Government has L-plates. I am not sure that it should even be driving, much less be allowed on what used to be called, rather quaintly, the information superhighway.
Sir David [Varney]'s aim, set out in a report he wrote for Mr Brown at the end of last year , is to create a giant centralised government database containing information about everybody in the country. It would establish what he calls a "single source of truth" about each individual - "made more robust through the introduction of identity cards" - which could be accessed by any department that wanted to verify who somebody was. It could also be used to target services more efficiently at individuals.
And now? What's changed?
The same Biblical language is being used. That hasn't changed.
For "identity cards", read "GOV.UK Verify (RIP) accounts".
The promise remains better public services.
And information about us all is still to be shared by benevolent government departments.
Mr Loosemore recommends that this sharing should only take place with our consent. That might have carried some weight if he could explain how the Trust and Consent layer in his GaaP model could be effective but he couldn't. And if were still deputy director of the Government Digital Service (GDS) but he isn't.
A review of GDS must conclude that Whitehall has learned nothing in nine years. The pursuit of a single source of truth is damned to failure now just as much as it was in 2006.
Please see Bloomberg, 30 June 2015, JPMorgan Reassigns Security Team Leader a Year After Data Breach.
JP Morgan could have ticked the Cybersecurity Disclosure Act box in good faith. That didn't stop the bank from being part of one of the biggest hacks in US history, JPMorgan's 2014 Hack Tied to Largest Cyber Breach Ever.
9 November 2015: "Minister for the Cabinet Office Matt Hancock has today announced a new Ministerial Group on Government Digital Technology. It will lead and drive through reforms to the UK’s digital public services, one of the government’s top priorities".
Who is on this committee? What skills do they have and what powers? Did they approve Cloud Foundry?
The Privacy and Consumer Advisory Group have set out nine tests of the control users have over their data, please see p.3. We must check how many of these tests GDS-produced Cloud Foundry platforms pass. We can be pretty sure that they won't get into double figures. It's not impossible that the answer be zero. Then what?
The punched card ... The big B ... I'm getting flashbacks ... To the old Burroughs Medium Systems operator's console, the lights on which would display a big B for Burroughs if the input-output and the CPU were optimally balanced, please see here and particularly here, 200 megabytes of head-per-track vertically mounted 1 metre diameter disk, 128 kilobytes of core memory, ... Is there a doctor in the house?
No mention of kids or hoodies in the ElReg article.
The SIs are still firmly in control at DWP, DH, HMRC, HO, etc ... That's the problem. Despite all the talk of revolution, GDS haven't unseated them in the past four years and they don't look like doing so in future.
GDS have now been promised £450 million to change the relationship between people and the government. Suppose that read "PA Consulting have now been promised £450 million to change the relationship between people and the government". How would that be different?
Have GDS become an SI? They're inordinately pleased with themselves and they've got their quota of expensive failures and late deliveries. What else do they need to become full members of the SI club?
As things stand, you and I are going to have to look elsewhere for the revolution.
The Spending Review has one pot of money (£1.3 billion) for HMRC's computerisation and another pot (£1.8 billion) for every other bit of government. HMRC is special.
Of course it is. HMRC raises most of the money the government spends, the balance being made up with borrowing.
Thanks in part to the 15 year-old Government Gateway – the platform GDS rarely mention – HMRC has raised several trillion pounds this millennium.
It's not just the Gateway. You've got to hand it to HMRC. Organisations have been transacting digitally with HMRC, e.g. VAT returns, more and more, for years, and individuals, too, e.g. self-assessment. HMRC got that up and running. Before GDS existed. HMRC deployed iXBRL nationwide, which required major project management prowess. And RTI, too, where they provide free software to small employers and a support service that worked the one time I needed it.
Cutting the telephone support for taxpayers is a catastrophic mistake. Apart from that, the rest of Whitehall and local government have got a lot to learn from HMRC.
Plans to pump an extra [?] £450m for the Government Digital Service to fuel the "digital revolution" was the shock take-away announcement in George Osborne's Spending Review yesterday - from the perspective of technology spend at least.
It came as particularly unexpected as the body's top brass left en masse several months ago following reports that its budget was being slashed ...
Suppose that GDS got the £450 million because "the body's top brass left en masse several months ago"?
Readers are reminded that
and, what's more,
"Kids today", even "phone bloggers", don't pay to lobby the government. Businesses do.
Living under surveillance causes psychiatric disorders. We know that but it has no traction with the unconverted.
You get political traction when you lobby government, as businesses do, and with them it's not so much privacy that they need as confidentiality. The secrecy they need when they have a new product coming to market or when they're planning a takeover is generally regarded as legitimate in a way that lying to an insurance company about HIV, to take Andrew's example, is not.
To get political traction on the downside of surveillance, may I suggest, the argument needs to move from personal privacy to commercial confidentiality.
NSA pays £100m in secret funding for GCHQ, the Guardian told us in August 2013.
Money is changing hands.
Surveillance costs money and that money has to come from somewhere.
While the security services are surveilling all and sundry that must include businesses, not just phone bloggers. The security services must come across not just personal but commercial confidences, e.g. the takeover by Berkshire Hathaway of Heinz, please see Heinz bought by Warren Buffett's Berkshire Hathaway for $28bn: "Shares in Heinz soared nearly 20% in New York to hit the $72.50 price being offered".
Armed with their advance knowledge, the security services could have secretly bought £100 million-worth of Heinz and tucked a £20 million profit into the budget a few days later.
That wouldn't go down well with Berkshire Hathaway or any of the other rich-as-Croesus enterprises who spend a fortune on political lobbying. That's where to get the traction.
And if the result is secure-ish email for businesses then individuals as well will get secure-ish email.
French authorities want fingerprint and facial scans of everyone entering or leaving the EU.
Why would they want that?
We know that it can't be for border security – mass consumer flat print fingerprinting and face recognition are flaky technologies far too unreliable to secure any border.
France is home to the biometrics company Morpho (previously Sagem Sécurité). Never mind the fact that the technology is useless, if the EU wants to record and store the biometrics of several hundred million residents and travellers the effect on Morpho's turnover would be agréable.
Why wouldn't they want that?
“Symantec believes that the recent ruling will create considerable disruption and uncertainty for those companies that have relied solely on safe harbor as a means of transferring data to the United States.”
Who are these "companies that have relied solely on safe harbor"?
Take for example Eventbrite, the San Francisco-based event organiser incorporated in Delaware:
On 19 October, Minister for the Cabinet Office Matt Hancock will host the UK’s first ever Job Hack as part of the government’s commitment to ending long-term youth unemployment.So there's Mr Hancock inviting young hopefuls to a jobhack and telling them to register through Eventbrite, who tell us on their website that:
The event will bring together a diverse group of talented and creative people who will work collaboratively to come up with solutions using data.
We are looking for developers and designers to come and join us on the day. If you are interested in taking part, register and tell us a bit about yourself.
13.1 Servers.It always was daft for the Government Digital Service and others in the UK to use Eventbrite for their boondoggles. Now the European Court of Justice say that it's not just daft, the European Commission were flat wrong to say that the harbour is safe.
13.2 Safe Harbor Frameworks.
We participate in the US-EU & US-Swiss Safe Harbor Frameworks covering Personal Data gathered in the European Union member countries and Switzerland. Our participation means that we self certify that we adhere to the Safe Harbor principles of notice, choice, onward transfer, security, integrity, access and enforcement with respect to such personal information. For more information about these frameworks and our participation in them, please visit the US Department of Commerce’s Safe Harbor website at http://www.export.gov/safeharbor/.
... if this starts costing real profits in the US then ...
See New York Times, 21 March 2014, for example:
“It’s clear to every single tech company that this is affecting their bottom line,” said Daniel Castro, a senior analyst at the Information Technology and Innovation Foundation, who predicted that the United States cloud computing industry could lose $35 billion by 2016.
Forrester Research, a technology research firm, said the losses could be as high as $180 billion, or 25 percent of industry revenue, based on the size of the cloud computing, web hosting and outsourcing markets and the worst case for damages.
We'll have to find out from Mr Worstall at the Weekend what a " debt per GDP ratio" is before anyone can answer your question.
The Economist used to tell me that the Japanese are very keen savers, their problem is the reverse of debt, they won't spend (apart from recently buying the FT) and when economic growth stopped that led to deflation which made them even less inclined to spend which shrank the economy further and every political attempt to reverse that unhappy spiral has failed.
Meanwhile, back to the My Number card. My Number system raises red flags in Japan ahead of notice release in the Asia Times highly recommended – a master class in bathos:
• The Japanese government is "determined to accurately explain the merits of the system".
• "The issue of how children are to use the cards is another matter to consider".
• "It is also unclear whether all the terminals necessary to scan My Number information will have been installed in retailers in time for the start of the system ... Moreover, who is to pay for the machines’ installation has yet to be decided".
• "It also seems likely that the cards will be difficult to use at food vendors or for services such as take-out delivery".
• "That said, the system is not without its merits ... Receiving natural-disaster relief will also become smoother ...".
When I was young we all used to believe that our politicians and public administrators here in the UK were incompetent. The death of GOV.UK Verify RIP suggests that there is no reason to change that belief.
We also used to believe that the politicians and public administrators in other countries were better than ours. We were jealous of them.
Looking at this Japanese My Number initiative, for example, and the Indian Aadhaar disaster and Estonia, that jealousy was, in retrospect, entirely wasted.
It’s all reminiscent of the early days of Cray in the 1970s and 1980s, when Cray’s eponymously named systems were for friends and Cold War allies only. Supercomputers were on a list of technologies whose export to foreign powers was tightly controlled by Washington DC ... In the mid-1980s, the CIA reckoned (PDF) that the purchase of a single Cray-1 could have doubled the total scientific computing power available to their ideological enemies in the USSR.
I remember newspaper reports of a Control Data machine being sold to the Russians. They didn't have any dollars to pay for it with. They bartered for it with ... Christmas cards, presumably quite a lot of them.
Can't find a link in any of the comics I used to read – Computer Weekly, Computing, Stop Press – but Google turns up this link, which includes Pepsi-Cola's sale of concentrate to Hungary in return for film distribution rights, but not the sale of ditto my friend C_________ did for dried onion soup.
The T-Mobile hack is just as much a UK story as a US one. Experian is a FTSE-100 company. They oil the wheels of commerce and of marketing, including political marketing. They are also an appointed "identity provider" for the UK government's identity assurance programme, GOV.UK Verify (RIP): "When you’re using digital services, you need to be sure that your privacy is being protected and your data is secure".
GOV.UK Verify (RIP) is run by the Government Digital Service (GDS), who have so far remained silent about the T-Mobile hack and every other problem that the programme faces. Where is their head? In the sand.
GDS are more outspoken when trying to sell the putative virtues of GOV.UK Verify (RIP) to entrepreneurs, their argument being that sharing our personal data with all and sundry via GOV.UK Verify (RIP) will cause the UK economy to grow.
Unlike GDS, the venture capitalists who back entrepreneurs cannot afford to have their head in the sand. They will have noticed T-Mobile even if GDS haven't and their cheque books will by now be firmly locked in their desks. GOV.UK Verify RIP.
Reproved, that's me.
Biting the hand that feeds IT © 1998–2017