1 Start with needs*
2 Do less
3 Design with data
4 Do the hard work to make it simple
5 Iterate. Then iterate again.
6 Build for inclusion
7 Understand context
8 Build digital services, not websites
9 Be consistent, not uniform
10 Make things open: it makes things better

It’s a great start. For digital services it strikes me as close to ideal; better than we could have thought to ask for. What we would still ask is that the notion of “starting with needs” and “doing less” be extended to policy and public services more universally.

On this basis it makes sense and feels achievable to go 100% digital for that hwich can be digitised. But it’s not just a digital thing. This is the culture we need across the board.

Which? offers up a good intro to what the smart metering plan means for UK consumers, along with a ‘No selling, just installing’ campaign.

But there are more issues. This is a huge sum of money to commit at any time and especially now with the country broke. Will we get good value? Is the £11.7bn figure the pre-inflation, pre-ballooning costs and pre Cook’s-constant estimate (the MoD rule of thumb is to take the first estimate and multiply by pi to get the eventual real figure).

Given this move is about changing behaviour we have to ask are the incentives right across government, regulated utilities and consumers?

Then there’s the data. Which? broaches the matter. As I understand it, the smart meters generate a highly detailed picture of your energy usage. The plan is to create a new company to which all the data gets uploaded. Users can then access the data through the portal of their own supplier.

Will the system be sufficiently secure, given what is at stake? And whose data is it anyway? To proponents of individual control over individual data this looks hopelessly messy, expensive and risky.

Ross Anderson and others warned early and often that NPfIT, the ID scheme and other vanity megadatabases were headed for disaster. So we’d do well to heed what he and Shailendra Fuloria also of Cambridge Uni now write in their very helpful 2011 paper Smart meter security: a survey.

It covers smart metering issues including security, personal privacy, threats to the infrastructure and fraud. As well as being gifted with a vast brain and clear understanding of technology, Ross has achieved a whole series of deeper insights earlier than others by focussing on security economics and analysing the inevitable results of perverse incentives. In this case, the authors conclude:

…it is a fascinating case study in security economics:
systems are much harder to protect when incentives conflict, and
smart metering exposes perverse incentives galore.

Of course we’ll all have smart meters or smart energy monitoring devices. But is the government’s great smart-meter project destined to be part of the non-ideal databankendammerung?

It feels wrong in many ways. It feels every inch like the last big project trying to sneak through before a new principle takes hold: the principle that individuals should as far as possible control their personal data. That changes everything. This project looks like one for the chop.

Thx to Alex, Vin, Luke and FIPR colleagues

1 .This submission synthesises some discussion from the IdealGovernment.com blog, work by Ctrl-Shift Ltd and work of Mydex CIC.

2. It makes some overall observations on government IT before focussing on the architecture and role of personal data. It envisages a “Big Society” future of more participative public services coupled with reduced expenditure.

Overall observations on cost, efficacy and design of government IT

3 .PASC enquires about the overall strategy for government IT including procurement policy and practice. Much has been written about how Whitehall and public services spend too much on IT, and the lack of efficacy, poor value for money and ever increasingly intrusive nature of government’s large central databases. The very designs conceived under the Transformational Government policy, in the climate of the “War on Terror”, create an environment in which breaches of data protection and human rights law are inevitable.

4. It’s true that Government expenditure on IT has been excessive in the last decade. It’s the highest per capita spend of any major European economy, approaching the very high per capita spend of Nordic countries which offer higher and far more e-enabled levels of social care. Reasons include large, unmanageable centralised systems, excessive supplier margins, inflexible contracts which exact punitive charges for essential changes. But above all the problem is a deeper and wider failure to ensure government IT is based on the right intentions.

5. It would be a mistake to examine IT, including procurement and practice, in isolation of what public services are trying to achieve and what role public-sector IT plays in
information-age society. Talking to officials, other IT experts and suppliers won’t be
enough; to understand the effects of public-sector IT on people’s lives you have to talk to job-seekers, taxpayers, patients, students etc and judge how their real experience of public services measures up against aspirations. This is hard to do but there are proxies: user/patient/traveller associations, feedback services such as PatientOpinion and MyPolice, commercial market research and NGOs such as Citizens’ Advice Bureaux.

6. What will emerge is that many major government IT systems are not just poorly designed; they were never designed at all. They were never rooted in an understanding of the individual’s journey through life episodes and their interactions with public services. Ctrl-Shift’s work suggests that a very high proportion of services failures can be seen in the light of “information logistics”: the right person didn’t have the right information at the right time. This causes great inefficiencies for the organisation, and is frustrating and disempowering for the individual. But it’s solveable.

7. Structured processes and language exist to make it possible for customers to help create effective services. The discipline which understands this best is “service design”.

It’s possible to design and create government IT systems with empathy, but we never did. The public cycle of identifying a social problem, forming political resolve, drafting legislation, procuring and implementing IT based services was never a “service design” process, and turns out largely to have failed as an IT system design process.

8. The final general observation is that to attack government IT expenditure in isolation is to look at one percent of the problem.

9. Amazon or YouGov prove that an organisation taking a smart approach to IT can eliminate large swathes of running costs. Government’s running costs are ten times what it spends on IT so this administrative overhead is perhaps 10% of the public expenditure problem. But Facebook, iTunes, Wikipedia and countless other examples prove that you can do quite different things or achieve results in a quite different way with contemporary technology.

10. To assess the impact of public-sector IT on public spend you need to look at public spend as a whole. The big-money question for government IT is what are the opportunities to use contemporary technology in a smart way to deliver core programmes: health, education, welfare, tax, transport, defence. Failure in strategic use of IT costs the UK far more than IT which is merely ineffective or cost more than it should. PASC should if possible focus on the big picture.

The biggest opportunity: personal data

11. The biggest specific opportunity for radical improvement in public services at low cost lies in rethinking the approach to personal data and the opportunity it affords to improve the data logistics that underpin public services.

12. The present approach in government (and across all businesses with many customers) is entirely organisation-centric. Organisations hold personal records, often many times over. We know of no study which maps the full extent of government’s holdings of personal data, or which measures the quality of that data. HMRC holds perhaps 1bn records, the typical local authority has perhaps a dozen personal records per resident (with one customer database for each line of service).

13. The theory behind these databases or “customer-relationship management” (CRM) systems was that the organisation that achieves single version of the complete truth about its customers can cut costs, perhaps outsource customer contact, upsell, drive a shrewder bargain and achieve higher profits and overall deliver a complete “personalised” service. Furthermore, customers would like this service, and trust the organisation more.

This “organisation-centric” or CRM mindset informed the last administration’s Transformational Government policy.

15. The problem is the data never lives up to expectations. The inaccuracies, omissions and duplications are such that it’s expensive to operate and ineffective in delivering services. Worse, the process is so annoying and alienating for customers that they walk away from the so-called “relationship” in droves. We opt out of direct marketing, the edited electoral roll, we try to minimise the data we release or mislead organisations with inaccurate data.

Mydex’ ethnographic research (which we can share with PASC) describes people who are somewhere between depressed and in denial about what happens to their personal data “out there”. The more they learn the less they like it. It’s the very antithesis of a “Big Society” approach. Government is a substantial and growing part of the problem.

17. The alternative is to add a person-centric model for personal information management which can work with the existing organisation-centric model in a structured and scalable way. Many individuals have mobile phones; most of us are online with access to a computer and the Internet. The person-centric data model sees the individual equipped with structured personal data store (PDS) so they can control, manage and share their data. The PDS has additional capability. They can gain external verification of claims: proof they have a drivers’ licence, a passport, are on the electoral roll or have accounts with a given bank or phone company. They are then able to share their data for example with a pre-completed and verified form, or as a “subscribe to me” service that underpins a relationship.

18. An early stage of this is being piloted by several London Boroughs, Cabinet Office and DWP in the Mydex Community Prototype. Full learnings on the technical, legal and social implications of the “person-centric” model can be made available to PASC from February 2011, along with an initial exploration of the implications for government IT.

19. This model of online working which adds a person-centric structure to the existing organisation-centric structure has been called in the UK “buyer-centric commerce” or “customer-managed relationships” and in the US – where much of the original thinking on social networks and user-centric identity on which this builds was done – it is known
as “vendor-relationship management” (VRM).

20. The implications of this person-centric architecture for a “Big Society” with participative public services at its core are considerable. First in terms of cost saving when individuals have a convenient and trusted way to help clean the administrative content in records held many dozens or hundreds of times across public services.

People will have a “tell them once” service but under their own control and provided at no cost to government.

Public services can then be planned and delivered on the back of clean data with clear potential for efficiency. Beyond that one can envisage user-driven journeys, through health, education of job search for example where the logic, the design and function are available from a competitive market of “apps” at the user’s end rather than through huge central systems. This puts the energy and inventiveness of tech markets at the disposal of next-generation public services.

22. PASC should consider this possibility and make recommendations in preparation. This is not something which government has to “do”; it’s a fundamental change in the personal-data ecosystem for which it can prepare and which it be instrumental in catalysing.

23. There is an analogy, which is the recent history of the “Power of Information” and data.gov.uk in changing the government mindset towards public data (I this case non-personal data about things, statistics, numbers, assets, geography). This very promising
process drew on far-sighted political will and the effort – often voluntary – of a series of experts over three years.

24. PASC should consider a recommendation for a comparable new “Power of Personal Information” report or programme which looks at how government and the public sector works with personal data. This would examine the potential for what the new person-centric model could bring to the public services mentioned above but also national priorities such as the Census, voting, volunteering, child protection and CRB checks, smart energy metering and the London Olympics.

25. Pursuing this approach might entail:

– a high-level Power of Personal Information study looking at the implications and prerequisite conditions for flows of “volunteered personal information” that are possible with a person-centric model
– cost-benefit analysis or business case by line of public-sector activity
– a test or audit of readiness for each public service to work with the new model
– test of compatibility with existing legal and security requirements

26. Prerequisite also is resolving government policy towards online identity, for example
by moving explicitly towards a US-like “trust framework” model (such as was envisaged in UK policy in 1999/2000).

Both Labour and Tory manifestos included commitments to start to restore control over personal data to the individual (a sentiment wholeheartedly endorsed by LibDems but omitted from the manifesto probably for reasons of brevity). That is the personal data environment in which future government IT will operate. PASC would do a great service if it focusses government minds on the questions this raises.

William Heath
co-founder: Mydex CIC
co-founder: Ctrl-Shift Ltd
Moderator: idealgovernment.com
21 Jan 2011

The focus of my review is to identify any ways in which this IP system may be inhibiting innovation and economic growth, perhaps by making it harder for young internet companies to develop new products and services in the software sector or in creative industries. If we can find the choke points, we can then think about how to ease them.

As the review goes on, I will be blogging here to talk about our work. I’d like to share questions with you as they arise and to invite discussion.

Can’t say fairer than that. He starts out asking us all what we’d like to see the review achieve (see my tuppenceworth below). Idealgov has always focussed more on public-service efficacy and ID-nitwittery side but government’s role in copyright is also far from ideal. So leave him a comment!

I’d like to see a strong case made for shorter copyright term, defence of fair use and format-shifting. Kick software patents into the long grass. Highlight the value of open data and the remix culture. Use language in a balanced and measured way, avoiding terms such as “theft” or “piracy” unless they’re really appopriate. Point out that p2p and filesharing are valuable new ways to share content legally. Try to find a way forward which does not increase surveillance or criminalise a vast proportion of (especially young) people. Takes Gowers’ review on board.

But you’ll of course reach your own conclusions based on the evidence you gather.

What I’d like to see in the process is a rational and evidence-based approach. Full engagement with public interest or consumers and with artists as well as lobbyists working for old media (try to discount the weight you give submissions in proportion to the lobbying budget behind it). Listen carefully to what the hardcore reformers are saying – Stallman, Lessig, anti-Acta activists, the Pirate Party, FSF, ORG, OKF. They’re often far more rational and always a great deal more fun than BPI, RIAA, FAST and other apologists for Das Kapital.

The litmus test is: are these views motivated by a sense of right and wrong, a true love of culture, a real understanding of the nature of the emerging information age? Or is what I’m hearing just a predictable blend of fear, greed and bullsh*t?

Ignore Feargal Sharkey. But summon Lily Allen as en expert witness, just for the fun in seeing what she says next, and so you can put her face on the cover of your report. Good luck! Doing this blog is a very encouraging start btw.

“You will all have experienced procurements that seemed to go on forever, cost millions of pounds and took countless hours of your employees’ time and energy. I know how frustrating this can be and I can promise you here today that we will do things differently…But there will also be things we expect from you. Government will no longer offer the easy margins of the past. We will open up the market to smaller suppliers and mutuals and we will expect you to partner with them as equals, not as sub-ordinates. The days of the mega IT contracts are over, we will need you to rethink the way you approach projects, making them smaller, off the shelf and open source where possible. We will expect you to be transparent in all your dealings with us and for the terms of the contracts we sign with you to be published online.”

Sounds promising…anything we can do to help?

The non-ideal 2012 [correction: 2011] Census will see Lockheed Martin paid £500m-odd of money we can ill afford to undertake a clunky process of data gathering which will take 2-3 years to complete and feed back.

But if everyone had a personal data store such as Mydex….

….one could simply add to the personal data store the fields needed to complete the Census questionnaire. ONS could invite people to volunteer this information, or could see how far it got compelling it by law with threats of dire consequences. It could poll the information once every ten years if that were good enough for statistical purposes and for planning public services. Or it could poll people’s personal data stores ever 10 months, 10 weeks, 10 hours, 10 minutes, or 10 seconds. Lockheed Martin could go back to making rockets and bombs. We’d save a pile of money. And we’d start to be able to plan public services based on real needs and preferences instead of an out-of-date decennial view.

The immediate question (to anticipate any ONS trolling [amendment: pushback]) is universality. How can you possibly make PDSs universal in the way the census needs to be? Perhaps the answer is: given the huge benefits both to the individual and the state of working with PDSs, how much incentive can we plan for the individual to help this to spread far, wide and fast? Remember the core principle has to be gaining the individual’s trust, so intrusive data gathering and playing fast & loose with the data is ruled out.

But if you want a Big Society fuelled on accurate, up to date data on personal needs, circumstances and preferences this has to be the way to go. The 2012 2011 Census is going to feel about as far from Ideal as procuring a Stealth bomber to run the country’s Neighbourhood Watch Schemes.

Mydex: A Manifesto for UK Public Services

One area government IT has made progress is with public data, with the “power of information” policy and the data.gov.uk portal, which recognises the value of ‘unlocking’ data held by the Government for reuse by added value service providers.

Next we need a comparably radical rethink on personal data. This starts with a return to the role of personal identifiers and intermediaries set out by UK officials a decade ago, and as recently adopted by the Obama Administration. This means:

• assume that access to on-line public services will be through a market or ecosystem of accredited third-party identifiers (issued for example by a range of existing online services, credit bureaux, or banks
• drop the false notion that it’s generally essential to know who people are
• challenge the assumption that personal data is “owned” by service-providing departments to be shared at their convenience
• instead, recognise that the individual is not only the rightful owner, but also the only technically feasible point of integration of exponentially growing volumes of personal data, and therefore the only possible place where “personalisation” can happen
• recognise furthermore that structured, scalable personal data managed by individuals is set to become the source of immense new economic value, and that the individual is a rightful
beneficiary.

This change in mindset includes a specific challenge to secret parts of government entrusted with keeping Britain safe. A safe society isn’t the outcome of dysfunctional public services designed to aid surveillance.

Britain has a far better chance of being secure with public services designed to work for individuals and front-line public servants, which respect human rights and dignity. When the data are cleaner, the relatively small number of exceptions stand out more clearly.

On-line identifiers need to work under the user’s control, with minimal disclosure and revealing information only to justified parties. They need to be consistent and convenient (see Kim Cameron’s “Laws of Identity”).

In the short term the UK can copy the US administration: announce that future access to online services will be via third-party identifiers, and then provide for the emergence of a “trust framework” so a range of identifiers are accredited for suitable purposes. Many services can be accessed anonymously, and for many more all that is needed is a consistent user experience. It’s not always necessary to identify people to check their entitlement.

But sometimes individuals will need to invoke stronger identification credentials online: for “Know Your Customer” processes or to meet the most stringent visa requirements for example.

Government IT therefore needs to anticipate a world where individuals are equipped with

• highly evolved personal data stores
• the ability online to invoke strong authentication or verification
(e.g. proof of qualifications, licences, credit, nationality or identity)
• selective disclosure, i.e. the ability to share the minimum necessary in a particular circumstance.

This doesn’t require major new procurement. It means:

• review each main service function to take into account the role
of user-driven records for health, education, welfare, transport, or
other areas such as the Census or the London Olympics
• quickly participate in at least two live prototypes of user-driven
services across multiple organisations supported by independent
online verification services
• where there is benefit, re-engineer the public services (health,
education etc) users can drive new services.

Just as the existing “Power of Information” has created new APIs to allow structured public data out of government systems to create new value, so this “empowered citizen/customers” agenda will see new APIs that allow structured personal data in. This means public services can be driven and personalised by users, and new service packages created for them by third parties.

This “empowered citizen/customers” agenda might even reveal a revised role for the National ID Register as a voluntary service offering online verification as part of a trust framework, for the most demanding cases.

Happily, the urge to save money will usher in the right identity policy and in turn protect our privacy.

The area to focus on is data logistics. When Alan Mitchell and I browsed through hundreds of complaints about public services recently we observed that very few are about privacy and none at all about problems with identity. But the vast majority point to poor information logistics. The key person – official, professional, or the unhappy individual – just didn’t have the right information at the right time.

This causes irritation, frustration, offence, and vast expense. It’s extremely annoying for individuals not to be able to get hold of information they need, to have the wrong information, or to have to give the same information over and over again. It’s unjust, time-consuming and possibly worse to get the wrong treatment or service because the service cant get the information or has the wrong information.

It’s unnecessarily expensive for public services to attempt to maintain hundreds of different records about the same person (but neither feasible nor desirable to amalgamate them into panoptical mega-records). If you provide services on the back of incomplete and inaccurate data there’s every chance the service will be poor and unnecessarily expensive.

And it’s hard to plan and prioritise if you’re not in touch with your customers and people try as far as possible to withhold data from you. If we built churches using the last census there would be a few Jedi cathedrals lying empty.

If we can fix this (and we think it can be done) then people can get better, more responsive service, restored individual responsibility with a path to empowered self-service. HM Treasury also gets a triple dose of cost savings.

It means restoring control over personal data to the individual and building trust on the side of the individual.

User-controlled digital identifiers within an identity assurance framework are prerequisite, and that is just what Cabinet Office is now quietly proposing. Better privacy is a by-product (and a legal requirement, let’s not forget). But the compelling reason to pursue better data logistics with user-driven services is saving money.

That’s not to say the underlying problems ContactPoint was meant to help with – caused by poorly co-ordinated and overstretched childrens’ services – have gone away; they haven’t.

The question of how technology best supports front line professionals, without disproportionate and unwarranted intrusion remains unanswered. It’s part of the scope of the Munro review, which provides first feeback in September, and a final report in April 2011. I suspect we’re in good hands here. I’d hazard a guess that Dr Munro will focus relentlessly on the crucial matter of protection of the relatively small number of children at real risk, and not attempt to boil the ocean of the welfare, diet, propensity to obesity and general wellbeing and conformance to social norms of every child. And I also bet that the role she recommends for ICT in helping child-protection professionals will be conformant to data protection and human rights law in a way that ContactPoint was not.

The Databankendämmerung must spread, just as we must escape the limitations of the Accentureweltanschauung. There are other ill-advised and intrusive central databases on which we should call time: eCaf; NHS SCR; the NHS Detailed Care Record; NHS Secondary Uses Service; long term comms data retention generally and the Intercept Modernisation Programme in particular. Kind friends won’t let me forget that I’ve promised to do a special celebration to mark the end of the Benighted ID Scheme and its lavish quantities of nugatory PA consulting.

The LibDems always opposed the “Database State”. The Tories were quick to spot that the last administration had taken a wrong turn and were politically vulnerable. But when Labour Ministers stopped listening exclusively to Cheltenham and Whitehall and resumed listening to the outside world (about eight weeks before the last election) they too quickly came to their senses as well.

It’s best not to see this in political terms, because really it’s a question of information logistics. Remember Troubleshooter? If John Harvey-Jones could revisit us and contemplate the dozens, hundreds of databases which public and private organisations run each trying to scrape, grab and update their versions of us, and then looked at the average householder spending a week and a half updating the different customer service systems of every entity we ever have to deal with (through episodes from moving house to losing a wallet) recording and sharing the same data over and over again, filling out endless forms with different callcentres and web sites and usernames and passwords, ….he would just laugh his vast laugh, wouldn’t he? And as he laughed he’d start to calculate the waste and loss of value, and huge tears would roll down his generous cheeks.

The Database State is an issue of civil liberties, justice and equality, of course. But there more than that: it’s been clear for a good year that the country heading for bankruptcy. It has been clear for a decade we need radical reform of public services. It has been clear ever since people started chipping in their ideas to IdealGov that the role of technology in this radical reform is about user participation, about quick wins and creating a foundation of trust.

The radical money-saving reforms have to be based on accurate personal data. They have to be built with tech systems that work. They have to draw on people’s supportive, active participation.

Some databases are valid and unobjectionable of course: DVLA, TV licensing, the electoral roll. Many public-sector databases can be fixed. The point about the Databankendämmerung isn’t that all databases are evil. It’s that the state can’t fix society’s complex human problems with giant databases.

Weirdly enough, however, the opposite will turn out to be true. Even the worthwhile databases are still plagued with errors, omissions and duplications, They need our help. Databases can’t fix society. But, given the tools, society can start to fix the databases. That’s a much more promising way forward.

Sam did some of these for publicexperience. His one let you just type your experience straight in. The PO one just offers recent feedback, with options for filters. Has PO got the other sort I wonder?