Digital Catapult Showcases Kemuri

The KemuriSense smart power socket was invented because it did not exist.  Older people living alone are not all the same, you would not expect this with 2.5 million over the the age of 75.  Some will refuse to wear telecare devices and most will not accept continuous video surveillance.

One is now on show in the Digital Catapult in 101 Euston Road. It has been honoured by the presence of at least three Government Ministers: Francis Maude, Vince Cable and Ed Vaizey.  Look at the Digital Catapult Showcase presentation.  It gives the rationale for passive predictive monitoring for reducing the risk of hypothermia, dehydration and immobility.  And it has a ten year vision for ubiquitous networked power sockets for offices, industry and smart homes.

KemuriSense Smart Power Socket

Compulsory Voter Registration: Yes, No or Maybe

The question is simple.  Will electoral registration become compulsory? An answer in June 2012 from the Cabinet Office is not the ‘Yes’ or ‘No’ we might have expected:

“The Electoral Registration and Administration Bill provides that Electoral Registration Officers (EROs) will be able to issue a civil penalty to individuals who, when required to make an application, fail to do so. There will be safeguards in place to ensure that only those who refuse repeated invitations can be fined, and registration officers will have to take specific steps to encourage an application before they can issue a fine. We expect the number of fines levied to be similar to the number of prosecutions for failing to respond to the canvass under the current system, of which there are approximately 150 per year. This will provide strong encouragement for people to do their civic duty and register to vote. It is not the Government’s intention to allow people to opt-out of registering to vote, or to opt-out of jury service. Equally there is no provision in the Bill to allow people to remove themselves from the register should they so wish. EROs will however be able to remove entries from the register where they have evidence that the application submitted was fraudulent, or is no longer accurate.“

Maybe, or don’t panic, seems to be the response from the Electoral Registration Transformation Programme (ERTP).  Central policy is yet again, leave it to harassed local government EROs to decide on how to implement the Law.

LAs frozen out of IdAP

Quarkside has heard that the Cabinet Office do not want Local Authorities (LAs) to compete in the Identity Assurance market against the private sector. This is strange because LAs could be more cost effective, given access to standardised private sector products or services.  Assuming that DWP will pay for Id Assurance, couldn’t any of the seven companies on the Id Assurance Programme (IdAP) framework ask LAs to front enrollment for their products?

LAs probably have the most capable local enrollment infrastructure – with the possible exception of Job Centres or some Post Offices.  Many towns with over 100,000 population, no longer have a General Post Office.  For example, Woking residents now have to dive down to a basement of WH Smiths.  What the policy makers have not accepted is that certain levels of trust should have face to face enrollment.  If somebody is receiving benefits of tens of £ thousands each year, wouldn’t eyeballing the person increase the level of trust in credentials presented at later stages?

Quarkside’s suggestion for a process that sets financial trust levels based on the transaction values may not be all that crazy.  Could it have a significant impact on fraud reduction?

GCloud doing sensible things, but needs tweaking

A recent Cabinet Office presentation of the GCloud to SOCITM London had some good news, and some things to do better.

Good:  There are lots more suppliers and the offerings are much simpler, and less costly to purchase.  They are preparing the terms and conditions for the next round and consulting on changes that make sense.  Suppliers in the audience pressed there need for longer contracts; even two years is not enough for the more complex requirements of information sharing in local government.

Must do better:  The presentation did not mention standards.  The messages from LeGSB are not getting through. Virtually the whole audience thought there was room for suppliers to say which interoperability standards they would use. It is the only way to develop multi-agency services from bottom-up.

Will we see the resurgence of the e-GIF and LGIP (Local Government Integration Practice)?

Will we advance as far as India?

Will Liam Maxwell’s targets for Open Standards be met?

Recommendations for LAs for Citizen Id Assurance

The Cabinet Office has done a good job in explaining many of the Citizen Identity issues for local government.  Here are their unexpurgated recommendations:

——————————————————

There is a strong sense of enthusiasm for securing wider understanding of HMG’s plans around citizen IdA. LAs are keen to identify whether, how and when their plans may be aligned to a national approach and to minimise any risk of future isolation. Additionally, an excellent potential opportunity for effective re-use of centrally developed standards and technology is recognised. To help LAs in moving forward, the following recommendations are made:

1. Provide assistance to LAs

so that they may align with the IdAP vision:

• Publish IdAP vision and strategy at earliest opportunity
• Publish IdAP deliverables roadmap and timeline
• Enable LAs to utilise HMG procurement framework.

Publishing and effectively disseminating the vision and strategy along with the deliverables roadmap will provide LAs with clarity on GDS technology and approach and aid them in formulating their own plans. Whilst LA procurement frameworks exist for a number of software application solutions, there does not appear to be any such framework that would apply to procurement of IdA services.

2. Work nationally with all suppliers

including LA suppliers to:

• Review the landscape of IdA provision
• Promote the national perspective.

A review of LA service providers for example to clarify which suppliers will only offer their own proprietary service for IdA, which are open standards based and may therefore present no interoperability issues, whether individual suppliers are offering a consistent product/service across their customer base, would provide information to enable useful engagement with those suppliers.

Engaging service providers will also help influence negotiations and reduce the risk of LAs being ‘boxed in’ by embedded suppliers (i.e. those suppliers from whom software systems such as online council tax are purchased).

3. Publish a common set of features & standards for IdA

such as a minimum feature list. Build on good practice guides such as the Requirements for Secure Delivery of Online Public Services(RSDOPS).

A common set of features would also help to clarify relationships between Levels of Assurance (0-3, Bronze – Gold etc.), factor authentication, and generally develop a common language that will minimize misunderstandings.

4. Engage with LAs to pilot federated IdA solutions

and further explore current non-federated approaches.

Many LAs are keen to collaborate to help develop and test federated solutions in their local environment. It would also be instructive to explore alternative non-federated approaches that have already been taken by some LAs such as Harrow to online citizen IdA

5. Widen lines of communications to LAs

Through:

• Knowledge sharing platform
• Newsletters
• Social media (e.g. blogs, tweets).

There is a sharp appetite to share, learn, collaborate, inform and be informed. Additionally awareness-raising across the public sector would help address some of the barriers and issues facing authorities in relation to increasing understanding of the concerns within LAs and partner organizations, help to clarify thinking around potential solutions and increase efficiencies through avoidance of ‘re-inventing the wheel’.

6. Develop good practice guidelines

for implementing assisted digital for IdA

7. Customer insight research

is required to:

• Investigate user attitudes to and perceptions of trust, data sharing and the role of 3rd party identity providers
• Usability/accessibility studies should be undertaken and good practice for IdA defined and published
• Develop a communications plan and national campaign to raise citizen awareness and trust.

8. Develop a national brand for federated IdA

to encourage citizens to trust the new approach.

—————————————–

This seems to have been a such low key report that nobody has talked about it.  There’s only common sense without any scare stories.  Who will take up these recommendations?

£21bn Cyber Crime cost contradicted

Cyber Crime (eCrime) is global, but it needs local solutions.  It needs political will to engineer a major reduction in eCrime.  The problem is that politicians need to recite credible evidence to justify expenditure to their key constituents, eg citizens and small businesses.  Such evidence is reviewed in a report published by Cardiff University, “eCrime Reduction Partnership Mapping Study”.

One of the authors, Dr Michael Levi, launched the review in Parliament yesterday.  In wanting to avoid headline-catching assertions, he obliges you to read the 80 pages to extract any gems:

•  Estimated losses to UK business of £21billion (Detica and Cabinet Office) do not “meet acceptable quality standards”.

•  The size and scale of eCrime is unknown and good data is not collectible;

•  Criminals profit from eCrime, with tax and welfare being the greatest source of income;

•      SMEs and individual victims do not get any justice response, nor do the Police plan to provide it. Malware, phishing or illegal copying are not on the radar.

On this evidence it is difficult to imagine that many politicians will be inspired enough to lead on promoting local eCrime reduction partnerships formed from police, business, government and local authorities.  Self-help may be the way forward, but how do you inform people of the true risks and methods of avoidance?  It may be practical to initiate a scheme like Neighbourhood Watch, but sustaining success would depend on charismatic leadership – not on bureaucratic data collection and dissemination.  It is a fact that the offer of advice creates fear, and the perception that things are worse than the evidence suggests.

IER Update – Compulsory registration

To be fair, the IER Progress Presentation July 2012 did not use the word ‘compulsory’ for voter registration, but the meaning is clear.

• “Opt-out” dropped
• Civil penalty for people who refuse to register ….but ERO must take steps before can be used

This is the result of the consultation process for the Electoral Reform Act (2012).  The objective is to reduce risk of losing voters with more levers to drive registration and to build a more accurate register during the transition to the new scheme.  Believers in our democratic system should be pleased – the current method is too incredible for foreigners to believe.

We have also been given an overview of the IER Digital Service.

This separates the web application used by the citizen with two centrally controlled and hosted systems.  One is run by DWP and the other by the System Owner (Cabinet Office or DCLG?).  Local Authorities (LA1 to LA400+) are expected buy and operate a system from one of four Electoral Management Systems (EMSA to EMSB).  The lines and boxes are easy to draw, but what are the implications to the local Electoral Registration Officers (EROs) and their ICT service departments?

Some more questions spring to mind:

1.  If citizens have to register on the national site, what local credentials do they have to provide?
2. Does the DWP verification imply that somewhere they hold a register of all voters? If so, how does this map to the national policy not to hold national identification scheme?
3. How much trust can the LA put on the identity of the voter, knowing that DWP data is 34% inaccurate?

No doubt all will become clear in due course and the risk register will be opened up to let us all see the major concerns.   The Cabinet Office “want to talk to as many people as necessary – what forums, groups and networks do you know of that could help spread the word?”

SOCITM should be high up the list of organisations to help in the impact assessment to local authority ICT systems.  The current register may have additional local uses that have not yet hit the radar.

IER (aka IVR): data matching shambles

Individual Electoral Registration (IER, and also previously known as IVR, or Individual Voter Registration) is the subject of many Cabinet Office papers. Over 400 Councils, their Electoral Registration Officers (EROs) and their ICT departments are faced with one almighty problem to get it operating smoothly in time for the 2015 general election.

The lack of preparation was apparent by November 2011. The Cabinet Office have developed a framework and run a number of data matching pilots with LAs.  The results are no surprise.

“Of the data sets tested in the pilot the DWP data set had the highest match rate (the proportion of the electoral register that could be successfully matched within the national data). On average, two- thirds of the electoral register (66 per cent) could be matched within this data set.”

This is typical for the quality of data matching between local and central government data bases. The experience with the Child Index (aka ContactPoint) and the Data Connects work contains innumerable lessons that have not been learnt. More effort should have been placed on developing an implementation framework that assumes that data quality will be poor.   We all know that 90% of data cleansing effort goes into error handling and the Cabinet Office should not assume that data matching will be good enough.

The fact is that quality isn’t good enough is reinforced by the March Electoral Commission report. To quote:

“The pilots did not follow processes, in terms of the IT systems and matching arrangements, which would be used for nationwide data matching. The evaluation cannot therefore draw conclusions about how the costs of these pilots would translate to a national roll-out.”

In effect we have lost at least two years in the programme. It will be no surprise if this is proclaimed as Yet Another Government IT Failure (YAGIF). It will not be a failure of ICT, but a failure of mandarins to understand how LAs operate.

A Cabinet Office key finding is:

 “Generally, the level of public interest or concern regarding the pilots was reported to be low”

A cynic might think IVR can fail without embarrassment – Electoral Reform is in the portfolio of the Deputy Prime Minister.

Cabinet Office eID follows Quarkside?

At the end of May, the Cabinet Office reported that Identity Assurance goes to Washington.  They seem to have taken heed of January’s Quarkside support of the OIX standard for eIDs.  This is the Open Identity Trust Framework (OITF) Model that does not require a central hub.  Perhaps the headline claim is a little strong, since there is no evidence that anybody there has read the blog!  Nevertheless, given that a central eID scheme has been ruled out by Government policy, it is a small step in the right direction.  Although a central scheme would be the most efficient to operate and implement, federation of eIDs is technically feasible.

Now for the next set of issues:

• Can the Government use a current implementation of OIX that prevents identity fraud, such as duplicate identities or impersonation?
• Will private sector identity providers, such as Google, provide eIDs at a price that makes commercial sense to themselves or citizens?
• Will the scheme be ready in time for Universal Credit with sufficient trust in electronic credentials?

With a risk manager’s hat on the answers to all of these is probably “No“, ie greater than 50% chance of missing targets.  Failure of Quality, failure of Cost and failure of Time; the fundamental triumvirate of project management.  Will this be another ill-fated YAGIF (Yet Another Government IT Failure) – which is actually a Governance failure, not ICT?

The OIX framework does not obviously include the high levels of trust that public sector agencies will need to dispense £billions with on-line transactions.  Something akin to an Identity Trust Matrix may be necessary, tailored to the specific needs of service providers such as schools and the NHS.

IER: Matching Mayhem

The Cabinet Office recently published a number of papers on the  Introduction of the Electoral Registration and Administration Bill.  With barely a third of electors bothering to vote in local elections, what is the likely impact of any new processes in increasing the number of voters?  It does not feature in any of the documents.  Reducing fraud and increasing accuracy seems to be the driver – not democratic accountability.

• It is a widely held view that the current system for registration is vulnerable to fraud and a public perception that this allows electoral fraud to occur.
• Individual Electoral Registration (IER) should therefore improve the accuracy of the register and allow people to register in different ways. 

The preferred option is to pre-populate the electoral register with electors who can be validated against public data sources in 2014/15 and then require the remaining electorate, future house movers, and new voters to register (and have their registration validated) from 2014/15 onwards.

As previously reported by Quarkside, the scary part is the data matching against public data sources by 400+ local authority Electoral Registration Officers (EROs). “…confirmation is expected to pre-populate the register with 57% of the eligible electorate“, leaving 43% to be found by other means.  This assumption is derived from the 2012 Electoral Commission report on Data matching schemes.  Delving deeper into this, we find a startling recommendation that

• The pilots did not follow processes, in terms of the IT systems and matching arrangements, which would be used for nationwide data matching. The evaluation cannot therefore draw conclusions about how the costs of these pilots would translate to a national roll-out.

Not only that, the poor quality of the matching data showed:

• … the average match in the pilot areas using Department for Work and Pensions data was 66%.

And everybody knows, the highest costs are the result of solving poor data quality problems.  Has this been factored into the Cabinet Office calculations.

• The process, as tested in these pilots, was labour intensive with significant work required to analyse the data. Those involved felt that the level of work required would not be sustainable in the future.

The prognosis is not good – but we shall battle on regardless of all the warnings emanating from Local Government EROs and computer service departments.  We need a secure, consistent, governance framework that can be followed by all Councils – at a price the nation can afford.