Posts filed under ‘UK’
The page About This Competition describes it eloquently:
“The government produces masses of information on what is happening around the UK. Information on crime, on health, on education. However, this information is often hidden away in obscure publications or odd corners of websites. Data tucked away like this isn’t of use to the ultimate owner of that information YOU.”
Refreshingly, the government goes on to say, “We’re confident that you’ll have more and better ideas than we ever will.”
The Guardian newspaper, which has been campaigning for freeing up government data since 2006, has been an enthusiastic supporter of the competition. With a decent prize pool of £80,000, there has been plenty of interest with over 450 people entering the contest.
In addition to five ideas that need further work and four prototypes that are already running, the judges have announced the five ideas that will be built:
• Can I Recycle It? : recycling information based on post code
• UK Cycling : planning cycling routes
• Catchment Areas : boundaries of school catchment areas
• Location of Postboxes : nearest one to wherever you are
• LooFinder : a mobile texting or website for the nearest public toilet
The first of these, Can I Recycle It, was the overall winner.
A US-equivalent competition, Apps for Democracy, run by the District of Columbia has pulled in 47 submissions over the 30 days it ran.
Clearly, the idea has international appeal for governments. For New Zealand, there are some key messages:
1. While there are already some very good examples of government agencies freeing up their data, such as Statistics NZ’s, Making More Information Freely Available, doing more can unleash much greater creativity. People will themselves work out what problems to solve, where the opportunities are, and ways to add social and/or economic value.
2. The five ideas that emerged winners are all based on geospatial data. Perhaps this reflects the attractiveness of visualisation and the growing popularity of Google Maps. Geospatial data should therefore get priority attention.
3. Governments aren’t typically associated with competitions and cash prizes but, handled right, they could potentially be a viable way to stimulate interest. And, it’s a great way for people to know what data (including formats) the government already makes available.
4. However, even the success of Show Us a Better Way doesn’t imply that all the underlying issues have been resolved. For example, about the time the winners were announced, the Ordinance Survey (which owns all of UK’s mapping data) sent a reminder that its data was free for non-commercial use only. Worse, it ruled out letting people use its data with Google Maps due to licensing issues. This may stall all the five winning ideas. It’s a reminder that licensing, copyright, and pricing all need to be addressed before data is truly free.
5. Also, there is a need to figure out what ‘free’ actually is. Is it the UK-style freely available or the US-style free of cost?
6. This is also a reminder of the non-rival nature of data and information, i.e. one person’s use doesn’t stop others from also using the same data and information for the same or different purpose. Freeing up data can therefore have a multiplier effect since the marginal benefit of providing an extra unit is the sum of the marginal benefits received by each of the individual users.
To go back to the beginning, the Power of Information review highlighted how “The cost-benefit calculations that historically underpinned what information is collected, who can use it, and how it is paid for are rapidly becoming outdated.”
And that raises some opportunities and challenges that New Zealand needs to seize.
[Original post at http://blog.e.govt.nz/index.php/2008/11/17/showing-us-a-better-way/]
When HMRC (Her Majesty’s Revenue and Customs) lost personal information of nearly half the UK population, I called it “mind boggling”. I also thought that it would be the last time I’d write about data breaches. What could top that?
Never underestimate the Brits. They’ve now pushed the bar even higher.
All it took was a flash drive found in the car park of a pub, The Orbital. It had user names and the hashed passwords of Government Gateway accounts, which provides centralised authentication to important online services such as tax returns. Worse, the flash drive had the source code, security software, and a step-by-step guide to how the Government Gateway works. And, the fact that it belonged to Daniel Harrington, an IT analyst at Atos Origin, the company which manages the Government Gateway.
The flash drive was lost about two weeks ago. Daniel must have just started to believe that his prayers had been answered with the flash drive forever lost. No such luck. Tellingly, it was turned into a newspaper (The Mail on Sunday) rather than given back to the government.
The point isn’t that the flash drive was lost. What was all that data doing on it in the first place? The Prime Minister is pointing the finger at Atos Origin which is fingering Daniel for breaching operating procedures. Really? Sounds exactly like Chancellor Alistair Darling pointing to a junior official in the HMRC case. It really shouldn’t be so easy to evade accountability.
Why was the flash drive unencrypted? The passwords were encrypted but, throw enough resources at it, and it shouldn’t be that hard to break. It’s impossible to say how many copies of the flash drive may be in circulation.
Some will use this to question the UK’s plan for a National Identity Card. Others will again proclaim the death of passwords. Yet others will cry that it’s the tip of the iceberg- who knows how many other unreported breaches of this magnitude are happening around the world? I’m sure at least a few will wonder what if it had been biometric templates.
Me, I mourn the blows to trust in government and online services all over the world. And the frightening reality that past lessons are simply being ignored, taking us ever closer to a tipping point.
I was both moved and intrigued by Robin Wilton’s plea to support an e-petition “to create a dedicated Military & Veterans Hospital within the UK.”
Moved because it seemed to be a worthy thing to do; intrigued because I wanted to see how they would verify that I met the condition of being a British citizen or resident to sign the petition.
Turns out that all that’s required is a valid address and postcode. If you’re an expat, you don’t even need that. So, “Earnest Hope” became the 41,380th person to sign the e-petition.
It left me wondering just how many other signatures are from people like me? And, does it really matter if the bulk of them are actually from eligible folks?
Also, isn’t there a better way for checking online whether a person is a UK citizen/resident?
That got me thinking about how to verify whether or not a person is a New Zealand citizen or resident. In-person checking is simple enough but what about an online check? Can’t think of a simple way that already exists.
I’m just back from attending eGovernment 2008 in Canberra. For me, the big draw was an opportunity to attend a three hour workshop focussed on the UK’s Government Gateway. I sure wasn’t disappointed- the insights into the Government Gateway were quite an eye opener.
Attending the conference also led me to reflect on how online authentication is working for the Queen’s subjects in the UK, Australia, and New Zealand. It’s quite fascinating how each of them reflect diverse approaches and are also very much a product of their times.
First, Australia. Still very PKI focussed, as in standard X.509 certs in the user’s computer. There are some good intentions from the federal policy body AGIMO (Australian Government Information Management Office) to move on to solutions that work for people (not computers) but the mindset of the average government official is definitely digital certs.
A good example of this focus is the success of VANguard. VANguard’s authentication service is probably best described as an authentication broker whose main function is to allow for interoperability of digital certs issued by various CAs. This is a good step so that businesses (it’s mostly business-focussed) can use the same digital cert with multiple RPs. It’s a back-end hub so that various front-ends and portals, such as bizgate in South Australia, can draw on its functionality. Still, it has all the limitations inherent in the old PKI designs.
It’ll be interesting to see how AGIMO’s proposed National e-Authentication Framework will differ from their existing AGAF (Australian Government e-Authentication Framework) which is separate for businesses and individuals.
Back to the UK’s Government Gateway. From the outside, so much of the focus has been on the UK’s plans for a national identity card that people, including me, can’t distinguish the good stuff they have done and are continuing to do in the online authentication space from the bad. Jim Purves, Head of Product Strategy in the Cabinet Office gave terrific insights into the chequered history of the Gateway as well as plans going forward.
The Gateway is very privacy-protective, very focussed on providing authentication and SSO for the UK Government’s online services. They are introducing SAML 2 soon but that also has the downside of continued support for all the current protocols. They’ve had some significant funding challenges in the past but now have “strategic investors” from within government so the future is bright. Trust and confidence in the Gateway is at an all-time high.
Purely speculative on my part but I think they’ve got a big cloud on the horizon- when the national identity card folks come calling. That could potentially lead to a fundamental change in approach. That’s the unfortunate steamrolling impact of the national identity card. Also interesting how they handle pan-European interoperability but, with a strong Liberty Alliance foundation, I imagine they are well placed to handle that.
So, how does NZ stack up? The proper comparison is with the GLS or Government Logon Service (which will be re-branded igovt later this year). There’s no doubt that the GLS is the most privacy-protective of the lot and has all the right moving bits.
But, there is clearly one area that the GLS should look at- adding a web services (ID-WSF) capability in addition to the current browser re-direct (ID-FF). That will provide many new opportunities off the same infrastructure, such as acting as an authenticating receiver for XML messages. The UK’s Government Gateway currently does that for all electronic tax filings direct from standard tax and accounting packages.
All in all, interesting times and much thinking…
It’s become a bit of a worn cliché to say that the Internet is changing everything. Many things are obvious- from the read-write web to social networking to online transacting.
But there are also less obvious, more tectonic shifts happening. These are slow societal shifts that will ultimately change the shape of society itself. These deep changes are not readily apparent amongst the constant shrill of everyday headlines. Nevertheless, they are happening- every day, all the time, in imperceptible increments- leading to fundamental shifts stretching over years.
So it was with interest (and with a vested interest) that I read the results of the survey results from the UK’s Oxford Internet Institute as a part of a project called Me, My Spouse and the Internet. As the Institute’s Director said, “This study is a dramatic illustration of the potential for the Internet to reconfigure social relationships.”
The results from the study show the role played by the Internet in the relationships of a representative sample of over 2,000 married Internet users in UK. Some highlights include:
1. 20% of married Internet users admitted to reading their partner’s emails and text messages; 13% to having checked their partner’s browser history.
2. 6% of married Internet users first met their partner online. Just over a third of these were through an online dating site. People meeting future partners online had greater education and age gaps.
3. Face-to-face communication was (still) the most reported way for married Internet users to discuss personal matters and resolve problems but other channels were also used, including text messaging (27% of users), and email (14% of users).
4. Disclosing a partner’s intimate details and other shady online activities got a big thumbs down from partners.
Hmmm… there doesn’t seem to be anything about what married Internet users think about their partner’s blogging activity yet. Or if there any blogging widows out there. That’s a sign for me to move on…
Leading Kiwi blogger Russell Brown was quite complimentary about the blog launched by the State Services Commission. He made particular mention of the guidelines for staff blogging that are also available to everyone under a Creative Commons licence.
Blogging guidelines are a good thing for both employer and employee. They help make clearer the boundaries and expectations. Navigating the minefield of blogging as an employee is hard and therefore guidelines are a real must to even get started.
Blogging as a government employee is even harder (see a previous post about this). Yet, the risks have to be taken by both government and employee if more two-way open government is to be achieved.
On the other side of the world, the UK Government has also resolved to issue guidelines for blogging and social networking by civil servants. It’s difficult to take the claim at face value that the move is not connected with the case of Civil Serf.
Civil Serf is the pseudonym for a 33-year old Londoner civil servant, thought to be working for the Department for Work and Pensions. Her nom de plume reflects her intent to slag off the government and civil service. There’s always a ready audience for insider revelations and dirt, especially if it is about big corporates and governments.
I will, however, point out that the word serf comes from the Latin servus, meaning slave. Civil Serf is hardly bound to and required to serve the government- presumably she made a choice to work in the public service. And part of that choice was to adhere to a set of rules and regulations.
What about freedom of speech? Sure, that’s critical and legally protected but in this case I think Civil Serf probably breached the spirit if not letter of UK’s Civil Service Code. No employer, government or private, is going to take kindly being put down in public. A recent example is the worker fired by Warehouse for her comments on Bebo.
Anyhow, Civil Serf’s blog has disappeared after the Sunday papers on 9th March wrote about her. Since November last year, her comments were tellingly often quoted by mainstream journalists working for the Telegraph and Times. There’s a good video of the story at puffbox.
Almost universally, comments to stories about the Civil Serf saga at various online sites are on her side, praising her for an insider’s view of “government ineptitude and hypocrisy.”
While there are merits to both sides of the arguments about Civil Serf, there is no doubt that the Internet provides a powerful tool for people to air their views pseudonymously. And, while not an unbounded right, freedom of speech is a cherished right that is benefiting hugely from the Internet’s inherent support for pseudonymity.
In the UK, OGC (Office of Government Commerce) has developed a very successful project review methodology for the British Government called Gateway. After being adopted in Australia, it is now being implemented in New Zealand by the State Services Commission for major capital projects.
According to a presentation given at a 2007 government IT conference, Gateway reviews will be a key part of monitoring and quality Assurance of major ICT-enabled business Government projects.
It was therefore interesting to see that the UK’s Information Commissioner’s Office (ICO) wants compulsory Privacy Impact Assessments to be part of the Gateway review process. A senior official is quoted in Computing as saying, “We do not want the government to develop systems that may contravene data protection law and cost millions of pounds to put right. And we do not want systems to be developed that will not enjoy public confidence because people feel that their privacy is being eroded.”
The OGC has rejected an across-the-board approach of requiring Privacy Impact Assessments for all projects reviewed. Instead, it favours a case by case approach.
It is worth keeping an eye on how this plays out in the UK and whether that flows into NZ.
Recent reports from both sides of the Tasman have once again shown public resistance to widespread fingerprinting. At least for citizens…
In NZ, following significant negative reactions from public consultation, police will only have the power to collect and store fingerprints “for the purpose of enabling the commencement of a prosecution.” Police will not be able to require fingerprints from people suspected of non-prosecutable offences, such as minor traffic infringements, or for routine identity checking.
Further, they would have to destroy those records as soon as practical once they decide not to arrest or charge a person with an offence, or if the person is acquitted.
This is quite a change from the original proposal that led to a very interesting debate about mobile scanners in Parliament.
Across the Tasman, ZDNet Australia reports that “there is a culture of resistance to fingerprinting in the community- a factor which may be holding back government from adopting the technology…Fingerprinting in Australia is not seen as an inviting technology.”
Further, CIO Magazine reports that despite a new ISO standard to provide a security framework for using biometrics for authentication of individuals in financial services (ISO 19092:2008), Australian banks are likely to restrict themselves to only exploring more use of voice verification.
As the ZDNet article points out, the Australian government continues to have a big interest in introducing biometrics. And, just as in other countries such as the UK, they want to start with non-citizens.
Not surprisingly, their choice is a group of people who have limited capacity to object.
I would certainly be uncomfortable with my ISP selling my browsing information to a third party to serve me targeted advertising. But that’s exactly what three UK ISPs (BT, Virgin Media, and Carphone Warehouse) are planning to do.
Worse, the third party is Phorm (previously 121Media) which is run by Kent Ertugrul, a serial entrepreneur whose past ventures include PeopleOnPage, an ad network that was blacklisted as spyware by the likes of Symantec and F-Secure. Instructions to remove it as spyware are provided on several websites such as Adware.
Web users will be identified only by an anonymised number. Phorm’s service, called Webwise, doesn’t actually collect or store personal information and therefore touts itself as “setting a whole new gold standard in online privacy.”
Does it? Perhaps it looks like that on the surface but there seems to be three problems:
- First, there are precedents where similarly anonymised data has been de-anonymised.
- Secondly, there aren’t easy ways for people to opt out or even be properly informed/consulted.
- Finally, I think this represents the limitations of privacy laws in UK and other countries where the focus is on controlling collection and storage of personal information. A second aspect of privacy- spatial privacy or people having the right to control their private space that was highlighted by the Law Commission’s report- deserves equal protection but is largely ignored by the law.
In my house, the family shares the Internet connection so my ads are probably going to be: Bratz dolls, the latest SingStar release, the new Black Eyed Peas CD, compost, and dog biscuits.
Security theatre at its best or just plain daft? Take your pick…
Thanks to Dave Kearns’ IdM Newsletter pointing me to an article about a Wales nursery, Nursery installs hi-tech fingerprint security system.
The school has introduced a fingerprint scanning system that allows only authorised parents and staff to access the nursery. Apparently, this is to reassure parents following the disappearance of Madeleine McCann. There are additional unspecified “video and audio systems.”
Why not just chip the kids and be done with it? Make the chips GPS-trackable and all those concerned parents and school authorities can be assured that their wee tots are safe. Better still, parents can locate ‘em any time online. That’ll be handy as tots have a nasty habit of becoming teens.