Central must go Local

“With pressure to reduce spending, it is more important than ever that central government engages effectively with local government to draw on its expertise and capability in designing and delivering good quality, efficient public services.”

 The Great E-mancipator led me to this quote from a National Audit Office report “Central government’s communication and engagement with local government“.

They were not pulling punches when they wrote, ” insufficient engagement with fire and rescue authorities was one factor that led to a major project to replace control rooms being cancelled in 2010. The project did not have the support of the majority of the end-users essential to its success, which wasted a minimum of £469 million“.

DCLG are doing more now, but are other big central government departments actively improving communications and engagement?  What is the risk of similar wastage on Universal Credit, Individual Voter Registration and all things connected to e-Identities?  They should check their risk registers this week – and make sure they have enough LA engagement.

 

 

Cabinet Office eID follows Quarkside?

At the end of May, the Cabinet Office reported that Identity Assurance goes to Washington.  They seem to have taken heed of January’s Quarkside support of the OIX standard for eIDs.  This is the Open Identity Trust Framework (OITF) Model that does not require a central hub.  Perhaps the headline claim is a little strong, since there is no evidence that anybody there has read the blog!  Nevertheless, given that a central eID scheme has been ruled out by Government policy, it is a small step in the right direction.  Although a central scheme would be the most efficient to operate and implement, federation of eIDs is technically feasible.

Now for the next set of issues:

• Can the Government use a current implementation of OIX that prevents identity fraud, such as duplicate identities or impersonation?
• Will private sector identity providers, such as Google, provide eIDs at a price that makes commercial sense to themselves or citizens?
• Will the scheme be ready in time for Universal Credit with sufficient trust in electronic credentials?

With a risk manager’s hat on the answers to all of these is probably “No“, ie greater than 50% chance of missing targets.  Failure of Quality, failure of Cost and failure of Time; the fundamental triumvirate of project management.  Will this be another ill-fated YAGIF (Yet Another Government IT Failure) – which is actually a Governance failure, not ICT?

The OIX framework does not obviously include the high levels of trust that public sector agencies will need to dispense £billions with on-line transactions.  Something akin to an Identity Trust Matrix may be necessary, tailored to the specific needs of service providers such as schools and the NHS.

7DIG: Identity Trust Matrix

Here is a suggestion for a visual chart that will help people to understand risk they are taking in electronic transaction between a customers and suppliers of goods or services.  How much should a supplier trust a potential customer? – and vice versa?

 Identity Trust Matrix

Suppliers look at the vertical axis and decide how much value is at risk if the customer avoids paying for what is delivered – whether by deliberate fraud or by accident.  In other words, what level of trust can be placed in customers’ electronic credentials?

Customers look the horizontal axis to gauge whether the Trust Level of a credential is sufficient to meet the value of potential purchases.

Each transaction is given a Trust Index with a calculated value from 0 to 100.  These are split into three ranges of high, medium and low risk – from a supplier’s perspective.

• RAG         Risk                 Trust Index  Proceed?
• Red          High Risk           10-100       Unwise to proceed
• Amber      Medium Risk      2.5-10        Proceed with caution
• Green       Low Risk              <2.5         Sufficient eID to proceed

The amber area of the matrix is where the reputation of each party should be considered in addition to the trust level.  What is the trading history of both customer and supplier? Ebay traders understand this principle.

Clearly, the matrix depends on the agreement of Trust Levels of credentials.  Quarkside has not developed a firm proposal, but here are some starting suggestions for four ranges (with maximum low risk value):

• 1         (£10)         Username and password.
• 2,3      (£100)       Additional personal secrets;
• 4-6      (£1000)     Documentary evidence of identity, such as banks’ “Know Your Customer” requirements.  Inclusion of credit agency data.  Face to face interviews by the enrolment agency may be needed. Sufficient to obtain a passport;
• 7-10     (£10,000)  Biometrics necessary to complete transactions.  The highest levels would have government security vetting and very strong protection against counterfeit credentials.

If this sparks any interest, suggestions to help definition of trust levels will be considered.  The background to the need for an Identity Trust Matrix will be the subject of future posts, following the 7DIG framework.

Root Identity Principles. Don’t panic.

Here are some principles of Root Identity, arising as a result of a recent Eurim meeting – Principles, quoted in full.

1. Only the state needs an assured root identity (level 3). Therefore most people (but not all) have a root identity logged with a state.
2. A Level 3 identity is only required for “beyond reasonable doubt” which is itself a subjective legal term, but the test required for criminal prosecutions. Even then it is not always needed as the test is to prove “beyond reasonable doubt” that a bit of wet carbon performed the action in question. So for murder etc the identity does not matter per se. For criminal fraud, identity theft, etc. it does. So for most things a Level 2 “balance of probabilities” identity is all that is required as a civil prosecution requires this test.
3. Most Government and pretty much all private sector interactions only require a level 2 ID. This is normally a persona linked only during registration in some way to the root ID (e.g. passport for ‘know your customer’).
4. Many interactions only require a Level 1 identity “User asserted” or a Level 2 identity with Level 1 attributes. Only the minimum level required should be used in transactions and relationships.
5. There should be no way to link level 2 personas via a root identity. The only time this should ever occur is when a person asserts the link between two personas and shows they are both linked to the same root. E.g. showing a passport and credit card to exchange currency.

This seems to clarify a number of points, certainly at the level of most interaction with local authority and voluntary sector agencies.

ICT Skills Shortage. Mulligatawny Message.

Jos Creese’s blog Public Service Reform and IT exposes the problem faced by non-central government:

“… the opportunities are significant to use existing local IT investment, infrastructure and skills to help reduce the impact on the public of contraction across the wider public sector.

There are, in my view, huge opportunities for local public services to work together. Too often in the past, government policy has focussed on national join-up (for example the NHS, Police, etc), but this has not delivered sufficient pace at an acceptable cost. We do need national policy and vision, but we also need local implementation. “

The problem lies in the skills deficit, particularly for small districts in our feudal two tier system of local government.  How can hard-pressed ICT managers (CIOs may not exist there) be expected to implement TOGAF, OpenID and EAS in a structured approach to enterprise architecture?  How will they cope with Open Source procurements for eID and Individual Voter Registration?

Just watch the space if you want to see evidence of massive duplication of effort.  ICT strategic planning and enterprise architecture skills are spread too thinly for optimum efficiency.  It’s close to a recipe for Mulligatawny Soup.

Jos is right though, the smaller agencies authorities need to work together locally, in partnerships, where they can share a bowl of scarce skills.

Digital Democracy: Challenge to MPs.

Digital Democracy, a Quarkside link, needs more support:

“Digital Democracy was Nationaly (sic) launched yesterday has resulted in many new members. Thanks to those that have made proposals and have been participating on the site. However, site members don’t seem to be making as many proposals as we would hope! Please let us know if there is any particular reason for this.”

Democracy is a form of Governance. Bang in the middle of Quarkside’s trilogy; Process, Governance and Technology. Digital is a form of Technology. The remaining question is whether the Process is fit for purpose.

Their Founding Principles are:

• To empower individuals and groups of people whose viewpoint has been marginalised from a decision making process, where their quality of life is affected by the outcome of the decision.
• To facilitate people’s democratic involvement in decision making.
• To promote democratic reform and individual / group empowerment across and throughout communities, regions, nations and legally recognised organisations.
• To create forums that enable individuals to express and discuss issues, then collectively take decisions.
• To encourage power structures / decision makers to align their decisions with the collectively expressed views of those affected by the decision.
• To encourage power structures / decision makers to routinely scope the opinions of those affected by their decisions, and then to ensure that decisions are informed by the views of those affected by the decisions.

In the spirit of cooperation, the home page headline is “Digital Democracy enables you and your community to discuss and prioritise issues, then challenges your MP to respond“.  That’s not much of an Outcome.  An opportunity to reach an MP has many more effective channels.

The Governance of the system is weak.  The ability to prioritise is subject to People in pressure groups who don’t have a strong eID.  Credibility is diminished if MPs can’t be certain it is their own constituent expressing an opinion.  There was a cry for more proposals, but the number of votes doesn’t give encouragement for people to contribute more.  It is not a secret ballot.  Total number of votes is all that could be shown until the closing date.  Massive, single issue, campaigns are needed to reverse government policy.  Local referanda governance is probably the minimum necessary to carry any great political weight.

The Technology looks little different from old style forums.  It does not have many of the desirable features of WordPress.  All of the proposals are national.  The Founding Principles want to encourage local democracy, so it needs a tailored link on every MP’s constituency web site.  Perhaps something on DirectGov could help.  A Twitter feed is not going to have any impact unless it has a celebrity prepared to provide an occasional tweet.  Tom Watson?

Good luck, but as a number of MPs have said, “We have enough mail to keep our assistants busy, we need more as much as a hole in the head.“

NHS: Not Here Sir. Receptionists rule the roost.

GPs are going to be the gatekeepers of the NHS. Well, that’s what I thought. It seems that bureaucratic, control-freak, receptionists may have even more power than anticipated from this personal anecdote.

My simple request was to move from a surgery 5 miles away to one 400 yards away.  The distance, historically, was not a problem with visits being made once in a Preston Guild.  The right to select my own GP would appear to be in line with the NHS Charter giving patient choice.

In cometh the bureaucracy.  A receptionist gave me a form to fill, but I would have to return with identification before proceeding. (Thinks, would an eID have helped?). This I completed and duly presented some time later.  The dragon at the hatch said I shouldn’t have been given the form, because it had to be completed on the premises and gave me a virtually identical form and told to refill exactly the same details.  What a waste of time, but then it was my time not hers.

However, the application was refused because I had an old driving licence, which proved to her that I had not recently changed address – the sleuth was correct.  I moved more than 25 years ago.  My plaintive request for selecting a surgery I could walk to, and helping to save the planet, was not a good enough reason.  She was obviously proud of her role in the prevention of Patient Poaching.  Only after I claimed a tenuous, but significant, relationship to the senior partner did she relent.  She gave me leave to appeal, by letter, if I could find some good reason. When I asked what sort of reason, she helpfully suggested criticising my current GP, whom I have never met.  It’s not what you know, but who you know.

So I have had to waste more of my time, and the GP’s time, in writing a letter and a blog.  If the receptionist, or the GP refuses to accept me (the NHS web site says that the surgery is accepting new patients) then:

“However, if the GP does refuse to accept you, then they must have reasonable grounds for doing so. These must not have anything to do with race, gender, social class, age, religion, sexual orientation, appearance, disability or medical condition. The GP must give you the reasons for their decision in writing.”

The message about us being in the Post Bureaucratic Age has not reached the parts that gatekeepers protect.

eID: Apps need Assertions

eID in a federated environment has many complex governance aspects.  It does have a major impact in the applications which may use it.  Stian Sigvartsen has been running a blog for a couple of months on “Achieving a federated single view of the customer“.  The benefit of the postings is an exposure of some technical detail.  Take a look if you are that way inclined.

The broader message is that the human brain is the most cost effective processor of short lists of potential identity matches.  Matches are often obvious when combined with local knowledge and it is possible make assertions of identity with an indication of probability.  Records would show the eID of the asserter and a time stamp.  All assertions can be then incorporated into incrementally improving federated searches.  Audit trails would then be so much easier to follow.

These concepts need to be built into all identity registration schemes, such as Individual Voter Registration.

 

eID: Chaos Compounded

The EU has tried to bring some order into the confused world of Identity Management, Electronic Identities (eIDs) in particular.  In the UK’s insular way, there has been little reference to the detailed research completed last year on the State of the Electronic Identity Market.  Again Toby Stevens pointed the way.

Page 38 merely scratches the surface of the problem.

eID ecosystem

No wonder that many mere mortals at Eurim meetings have problems in deciding what to include in a message for MPs.

• How many civil servants are aware of this detailed research and are each of the departmental identity silos including it in their policy and strategy documents?
• Who has the time to read and understand all the implications?
• The area is so complex, why doesn’t the UK Government set up a single, authoritative, font of knowledge about eID?

Breeder Battle at Id Gurus Gathering

Identity Management was the topic of Eurim’s latest gathering of gurus. The bad news is that three points came clear:

• The UK has a lacks coordination of both policy and strategy. Each Government department and agency has its own vision and way of moving forward.
• The advance of standards and software will have to be provided by the private sector – and they need a business model that will eventually show a profit. They will need a secure revenue stream for providing identity management services.
• The world is moving forward quite happily without UK input. The UK’s position of leadership will change to that of followership at great cost to the economy. Global trade needs trusted identities with supporting agreements on liability and indemnity. The UK Government is not fully engaged in EU or international deliberations. On opportunity may be missed to become the headquarters of an identity governance industry.

There was only one organisation at the table with an eye on the commercial opportunity. Their national network could extend their services to provide identity registration for the public. 90% of the population are within 10 miles of their facilities.  Good for all of us.

Unfortunately, we were left with (at least) three unresolved questions:

• Which third party credentials will be accepted by Central and Local Government agencies?
• Who is responsible for governance of all UK identity schemes?  The National Archives as keeper of public records was suggested, but they may not be in the radar of five Cabinet Office working parties.
• Is a ‘root identity’ necessary?  There were two strongly voiced divergent opinions on ‘breeder documents’. The Chatham House Rule prevents naming the parties. But Quarkside promotes the management of multiple identities (personae), which do not require a ‘root identity’ or ‘unique identifier’.

The good news is that everybody seemed to agree on a definition of identity assurance levels for electronic IDs that will make sense to our MPs.  This is all they have to remember:

• Level 0: Anonymous – no personal data registered.
• Level 1: Self-asserted – likely to be the same person returning.
• Level 2: On the balance of probability – good enough for civil action.
• Level 3: Beyond a reasonable doubt – good enough for a criminal conviction.

This may have the technical experts reeling – but it is more important to get our politicians moving in the right direction than giving lessons on the differences between the five As: Assertion, Assurance, Authentication, Authorisation and Accreditation.