Federalism: US solution for UK?

Public sector silos are the root cause inefficient shared information services.  It is a bold statement that needs some justification. Islands of automation can and do succeed; they have autonomy.  Local authorities and small agencies can manage any governance issues.  The real problems arise whenever attempts are made to share data outside the organisation’s sphere of control.  This is clearly the place for common understanding and cries out for standards.

Whilst these thoughts are not new, more practical technology backing is coming out of a British inspired development, which has been effectively migrated to the USA.   The Americans have a more natural affinity for federalism:

“The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.” – Tenth Amendment, United States Constitution

So let us accept silos, don’t be ashamed of them, but also mandate interoperability enablers to a federation.  Laws that everybody has to obey are the key to success.  This could start with an agreement to understand ISO 18876.  It could continue with agreements on reference data and the limited amount of data that needs to flow between agencies.  With a bit of luck, it could finish with identity management where trust is also shared.

Infrastructure Free needs Standards

Westminster City Council is certainly sticking to its “Infrastructure Free” strategy.  It was referenced by Computer Weekly in July 2008, declaring an objective of completing the programme by 2015.  In January 2011,  Computing quoted David Wilde, the CIO, as saying:

“The council’s goal was originally to become infrastructure free by 2015, but we will probably get there by late 2013 or early 2014,”

The change of Government seems to have accelerated the process, even if all his staff have not been fully informed.  At Kingston University’s IMKS Forum, a presentation just repeated the 2015 date.

It was also interesting to hear that Westminster are not going for an all-singing all-dancing ERP system.  They are selecting best of breed for each application and selecting an integration platform.  This gave me the chance to get in my usual plug for enterprise architects to study the international standard for interoperability between heterogeneous systems (ISO 18876). It establishes an architecture and a methodology for:

• data sharing and data integration;
• specification of mappings between models;
• data transformation.

Because the speakers were also expressing the need for standards when contemplating any form of information sharing, I also put in an advertorial for providing support for the Local e-Government Standards Body (LeGSB).

There seems to be a growing realisation that ICT has the potential to improve efficiency of public services – and that common standards will help.  It just needs stronger leadership to make sure that practical standards are adopted.

Shared Services Swamp

There are fewer partnerships formed in the public sector than might be expected for maximum efficiency. Part of the problem is that partners have to start building partnerships from scratch. It is like a fresh learning exercise and many fail by missing some factors that are critical to success. People need to understand and document the risks from the very beginning.

It was a continuous thread in the latest Government ICT Conference (Jan 26th 2011).  Ample evidence from case studies from HMRC, DCMS, DCLG, Cabinet Office, Leeds, Kent and Herefordshire showed that different approaches can produce huge benefits.  But they all used ‘s’ word (standards with a small s).  We were informed that the Government is spending more time deprecating standards than publishing them. Improving outcomes is the target, interoperability is seen as key – and the Information Commissioner will not get in the way of data sharing.

Even though most agencies will accept technical infrastructure standards – they won’t co-operate on information governance standards.  There is no longer a central clearing house.  Organisations simply set up silo standards without consideration of how useful information might be in another silo.  Methods that would help, such as ISO 18876, are unknown or ignored.  ICT leadership, that is the Government CIO, should publish a Standards Policy.

A final example of head in the sand is that many years ago there was some research done on a standard for partnership formation.  At a cost of several million pounds from DCLG (ODPM), pilot projects completed and a simple Roadmap process was developed and tested. The findings are even more relevant today.  Look at this document to see how easy it should be.  It is only 4 pages long (plus appendices).  The executive summary is only half a page.

If all partners start singing from the the same, standard, hymn sheet – then progress towards efficient, sustainable, shared services could be much quicker.

Identity Fallacy – No2UID

This is a tough blog. The ideas started six years ago, when I was battling with solutions for multi-agency information sharing, but they have not gone away. Robin Wilton (@futureidentity) privately reminded me. “I know you’re ahead of your time, but some are finally cottoning on to what you said 5 yrs ago”.

How can I describe it clearly and simply to non-technical politicos, and eventually be accepted by academics and suppliers? It is the non-technical who provide the leadership that could make it happen. In the context of public sector services, I want People in Power to say, in three quarks,

1. A person does not need a Unique Identifier (UID).
2. The Law does not demand a UID.
3. Use just sufficient data to identify a person.

Recently I heard highly respected technical advisers saying in Eurim Identity Governance meetings. “You must have a root identity.” I contest this statement if it equates to, “You must have a UID on some central database”.   No2ID are right as far as they go, but do not take the argument to the next logical stage – what to do next. Looking at the Quarkside principles for Process, Governance and Technology, this emerges:

• Citizens and officials understand their own requirements and can agree an acceptable set of processes.
• Governance, rights, responsibilities and constraints must apply within the Law.
• Technology looks simple if Process and Governance are agreed – trusted public sector credentials are an objective.

Public Jobsworths always quark three questions when somebody presents themselves for a service: “Who are you? What do you want? What are your entitlements?”  Jobsworth refuses service if he is not satisfied with the answers to any of the three. This blog only considers “Who are you?”, assuming the existence of the other two questions.

Quark 1: A person does not need a Unique Identifier (UID)

“Who are you?” equates narrowly to Identity. It is only Identity at a sufficient level of trust the meet the requirements of a specific entitlement. In the simplest case, the person can be completely anonymous; in a municipal car park, only the ability to pay makes sense. However, they may keep a record of your car registration number. Requests for Housing Benefits are at the other end of the scale. The identity offered does not need a unique code.

It must be the right person, who must not use false documents as evidence of identity. Identity evidence has to be fit for purpose. To repeat; you do not need a UID.

Quark 2: The Law does not demand a UID

Requests for evidence of Identity are necessary in most circumstances.  A National Id Card might have been useful, but the maintenance of a National Identity Register is effectively outlawed.  No2ID and others mounted a most successful campaign; Id Cards will not re-appear any time soon. However, the Identity Documents Bill 2010-2011 has sanctions against people using false identities and Clause 10, according to No2ID, “creates much broader data-sharing powers than the parallel ones in the 2006 Act.”

I have argued against reliance on central Identity registers for many years, in many forums. The overwhelming evidence is that allocating UIDs leads to errors, duplication, inconsistency and incompatibility. Take the revered National Insurance Number (NINO), it does not cover every person in the UK who might be entitled to a public service, children if you want an example. There are restrictions on where NINOs can be used and re-purposed.  Look at the governance problems engendered by the defunct ContactPoint.  The Data Protection Act permits cross-referencing of computer files when fraud or a  crime is suspected.  Individual voter registration can use both local and central government databases to verify identities.

Nowhere is there a reference to a UID.  UIDs are technologists’ shorthand for a key that identifies a record in a data store, it does not identify a person.  It identifies a computer record.

Quark 3:  Use just sufficient data to identify a person

This is the point of the debate – looking to the future. Only a combination of evidence from several sources can be used to identify a person accurately. This reflects life as it is. People legitimately have choice of names and addresses without breaking any law. People possess credentials for each of their chosen identities; stage names, maiden names, peers, protected witnesses and many more.

Administrative computer systems need to be interoperable for efficiency and accuracy of bureaucratic processes. Poor interoperability is the current norm because of unjustified reliance on poor quality UIDs. The alternative to failed and failing UID processing is to use Linked IDs (LIDs).

LIDs map between entities on disconnected data stores, such as databases, managed by different public sector bodies.  Mapping between identities is embraced in the ISO standards for systems interoperability (ISO 18876). They should be engineered to comply with Kim Cameron’s Laws of Identity.

The technical architecture builds on the rights of a person to manage their own identity data, like Mydex and PAOGA, plus the ability for officials to add assertions of identity from other sources. These assertions can be graded and ranked, within the law.

If this blog raises any interest, I have lots of old material that could be resurrected as a starting point for some innovative technology.  My proposal, made five years ago, was based on properties of Google. Not Google, but cloud based technology that permits intelligent searching of linked data, leading to identifying the right person.  The user interface does not expose any more detail than a citizen is prepared to give as evidence of identity. It is also analogous to credit reference checking, where a strength of identity can be given rather than a credit limit. I hope that it won’t take another five years before the hegemony of UIDs and root identities can be broken.

I want to put a LID on the idiotic and wasteful pursuit of UIDs in the public sector.  No2UID.