Posts filed under ‘UK’

Showing us a better way

The UK Government’s competition Show Us a Better Way is living up to its name. The competition is run by the Power of Information Taskforce.

The page About This Competition describes it eloquently:

“The government produces masses of information on what is happening around the UK. Information on crime, on health, on education. However, this information is often hidden away in obscure publications or odd corners of websites. Data tucked away like this isn’t of use to the ultimate owner of that information YOU.”

Refreshingly, the government goes on to say, “We’re confident that you’ll have more and better ideas than we ever will.

The Guardian newspaper, which has been campaigning for freeing up government data since 2006, has been an enthusiastic supporter of the competition. With a decent prize pool of £80,000, there has been plenty of interest with over 450 people entering the contest.

In addition to five ideas that need further work and four prototypes that are already running, the judges have announced the five ideas that will be built:
• Can I Recycle It? : recycling information based on post code
• UK Cycling : planning cycling routes
• Catchment Areas : boundaries of school catchment areas
• Location of Postboxes : nearest one to wherever you are
• LooFinder : a mobile texting or website for the nearest public toilet

The first of these, Can I Recycle It, was the overall winner.

A US-equivalent competition, Apps for Democracy, run by the District of Columbia has pulled in 47 submissions over the 30 days it ran.

Clearly, the idea has international appeal for governments. For New Zealand, there are some key messages:

1. While there are already some very good examples of government agencies freeing up their data, such as Statistics NZ’s, Making More Information Freely Available, doing more can unleash much greater creativity. People will themselves work out what problems to solve, where the opportunities are, and ways to add social and/or economic value.

2. The five ideas that emerged winners are all based on geospatial data. Perhaps this reflects the attractiveness of visualisation and the growing popularity of Google Maps. Geospatial data should therefore get priority attention.

3. Governments aren’t typically associated with competitions and cash prizes but, handled right, they could potentially be a viable way to stimulate interest. And, it’s a great way for people to know what data (including formats) the government already makes available.

4. However, even the success of Show Us a Better Way doesn’t imply that all the underlying issues have been resolved. For example, about the time the winners were announced, the Ordinance Survey (which owns all of UK’s mapping data) sent a reminder that its data was free for non-commercial use only. Worse, it ruled out letting people use its data with Google Maps due to licensing issues. This may stall all the five winning ideas. It’s a reminder that licensing, copyright, and pricing all need to be addressed before data is truly free.

5. Also, there is a need to figure out what ‘free’ actually is. Is it the UK-style freely available or the US-style free of cost?

6. This is also a reminder of the non-rival nature of data and information, i.e. one person’s use doesn’t stop others from also using the same data and information for the same or different purpose. Freeing up data can therefore have a multiplier effect since the marginal benefit of providing an extra unit is the sum of the marginal benefits received by each of the individual users.

To go back to the beginning, the Power of Information review highlighted how “The cost-benefit calculations that historically underpinned what information is collected, who can use it, and how it is paid for are rapidly becoming outdated.”

And that raises some opportunities and challenges that New Zealand needs to seize.

[Original post at]


November 17, 2008 at 10:18 pm 1 comment

UK: Raising the breach barrier, again

When HMRC (Her Majesty’s Revenue and Customs) lost personal information of nearly half the UK population, I called it “mind boggling”. I also thought that it would be the last time I’d write about data breaches. What could top that?

Never underestimate the Brits. They’ve now pushed the bar even higher.

All it took was a flash drive found in the car park of a pub, The Orbital. It had user names and the hashed passwords of Government Gateway accounts, which provides centralised authentication to important online services such as tax returns. Worse, the flash drive had the source code, security software, and a step-by-step guide to how the Government Gateway works. And, the fact that it belonged to Daniel Harrington, an IT analyst at Atos Origin, the company which manages the Government Gateway.

The flash drive was lost about two weeks ago. Daniel must have just started to believe that his prayers had been answered with the flash drive forever lost. No such luck. Tellingly, it was turned into a newspaper (The Mail on Sunday) rather than given back to the government.

The point isn’t that the flash drive was lost. What was all that data doing on it in the first place? The Prime Minister is pointing the finger at Atos Origin which is fingering Daniel for breaching operating procedures. Really? Sounds exactly like Chancellor Alistair Darling pointing to a junior official in the HMRC case. It really shouldn’t be so easy to evade accountability.

Why was the flash drive unencrypted? The passwords were encrypted but, throw enough resources at it, and it shouldn’t be that hard to break. It’s impossible to say how many copies of the flash drive may be in circulation.

Some will use this to question the UK’s plan for a National Identity Card. Others will again proclaim the death of passwords. Yet others will cry that it’s the tip of the iceberg- who knows how many other unreported breaches of this magnitude are happening around the world? I’m sure at least a few will wonder what if it had been biometric templates.

Me, I mourn the blows to trust in government and online services all over the world. And the frightening reality that past lessons are simply being ignored, taking us ever closer to a tipping point.

November 3, 2008 at 11:17 pm 1 comment

UK: e-petition and proof of citizenship

I was both moved and intrigued by Robin Wilton’s plea to support an e-petition “to create a dedicated Military & Veterans Hospital within the UK.”

Moved because it seemed to be a worthy thing to do; intrigued because I wanted to see how they would verify that I met the condition of being a British citizen or resident to sign the petition.

Turns out that all that’s required is a valid address and postcode. If you’re an expat, you don’t even need that. So, “Earnest Hope” became the 41,380th person to sign the e-petition.

It left me wondering just how many other signatures are from people like me? And, does it really matter if the bulk of them are actually from eligible folks?

Also, isn’t there a better way for checking online whether a person is a UK citizen/resident?

That got me thinking about how to verify whether or not a person is a New Zealand citizen or resident. In-person checking is simple enough but what about an online check? Can’t think of a simple way that already exists.

That is where GOAAMS (slides) comes in…

August 3, 2008 at 9:14 pm Leave a comment

Authenticating the Queen’s subjects

I’m just back from attending eGovernment 2008 in Canberra. For me, the big draw was an opportunity to attend a three hour workshop focussed on the UK’s Government Gateway. I sure wasn’t disappointed- the insights into the Government Gateway were quite an eye opener.

Attending the conference also led me to reflect on how online authentication is working for the Queen’s subjects in the UK, Australia, and New Zealand. It’s quite fascinating how each of them reflect diverse approaches and are also very much a product of their times.

First, Australia. Still very PKI focussed, as in standard X.509 certs in the user’s computer. There are some good intentions from the federal policy body AGIMO (Australian Government Information Management Office) to move on to solutions that work for people (not computers) but the mindset of the average government official is definitely digital certs.

A good example of this focus is the success of VANguard. VANguard’s authentication service is probably best described as an authentication broker whose main function is to allow for interoperability of digital certs issued by various CAs. This is a good step so that businesses (it’s mostly business-focussed) can use the same digital cert with multiple RPs. It’s a back-end hub so that various front-ends and portals, such as bizgate in South Australia, can draw on its functionality. Still, it has all the limitations inherent in the old PKI designs.

It’ll be interesting to see how AGIMO’s proposed National e-Authentication Framework will differ from their existing AGAF (Australian Government e-Authentication Framework) which is separate for businesses and individuals.

Back to the UK’s Government Gateway. From the outside, so much of the focus has been on the UK’s plans for a national identity card that people, including me, can’t distinguish the good stuff they have done and are continuing to do in the online authentication space from the bad. Jim Purves, Head of Product Strategy in the Cabinet Office gave terrific insights into the chequered history of the Gateway as well as plans going forward.

The Gateway is very privacy-protective, very focussed on providing authentication and SSO for the UK Government’s online services. They are introducing SAML 2 soon but that also has the downside of continued support for all the current protocols. They’ve had some significant funding challenges in the past but now have “strategic investors” from within government so the future is bright. Trust and confidence in the Gateway is at an all-time high.

Purely speculative on my part but I think they’ve got a big cloud on the horizon- when the national identity card folks come calling. That could potentially lead to a fundamental change in approach. That’s the unfortunate steamrolling impact of the national identity card. Also interesting how they handle pan-European interoperability but, with a strong Liberty Alliance foundation, I imagine they are well placed to handle that.

So, how does NZ stack up? The proper comparison is with the GLS or Government Logon Service (which will be re-branded igovt later this year). There’s no doubt that the GLS is the most privacy-protective of the lot and has all the right moving bits.

Once the IVS or Identity Verification Service and then GOAAMS or Government Online Attribute Assertion Meta System is added to igovt, then it’s a whole new ballgame for NZ.

But, there is clearly one area that the GLS should look at- adding a web services (ID-WSF) capability in addition to the current browser re-direct (ID-FF). That will provide many new opportunities off the same infrastructure, such as acting as an authenticating receiver for XML messages. The UK’s Government Gateway currently does that for all electronic tax filings direct from standard tax and accounting packages.

All in all, interesting times and much thinking…

July 2, 2008 at 11:45 pm 1 comment

Me, My Spouse and the Internet

It’s become a bit of a worn cliché to say that the Internet is changing everything. Many things are obvious- from the read-write web to social networking to online transacting.

But there are also less obvious, more tectonic shifts happening. These are slow societal shifts that will ultimately change the shape of society itself. These deep changes are not readily apparent amongst the constant shrill of everyday headlines. Nevertheless, they are happening- every day, all the time, in imperceptible increments- leading to fundamental shifts stretching over years.

So it was with interest (and with a vested interest) that I read the results of the survey results from the UK’s Oxford Internet Institute as a part of a project called Me, My Spouse and the Internet. As the Institute’s Director said, “This study is a dramatic illustration of the potential for the Internet to reconfigure social relationships.”

The results from the study show the role played by the Internet in the relationships of a representative sample of over 2,000 married Internet users in UK. Some highlights include:

1. 20% of married Internet users admitted to reading their partner’s emails and text messages; 13% to having checked their partner’s browser history.

2. 6% of married Internet users first met their partner online. Just over a third of these were through an online dating site. People meeting future partners online had greater education and age gaps.

3. Face-to-face communication was (still) the most reported way for married Internet users to discuss personal matters and resolve problems but other channels were also used, including text messaging (27% of users), and email (14% of users).

4. Disclosing a partner’s intimate details and other shady online activities got a big thumbs down from partners.

Hmmm… there doesn’t seem to be anything about what married Internet users think about their partner’s blogging activity yet. Or if there any blogging widows out there. That’s a sign for me to move on…

April 9, 2008 at 11:21 pm 6 comments

Blogging, Civil Serf and pseudonymity

Leading Kiwi blogger Russell Brown was quite complimentary about the blog launched by the State Services Commission. He made particular mention of the guidelines for staff blogging that are also available to everyone under a Creative Commons licence.

Blogging guidelines are a good thing for both employer and employee. They help make clearer the boundaries and expectations. Navigating the minefield of blogging as an employee is hard and therefore guidelines are a real must to even get started.

Blogging as a government employee is even harder (see a previous post about this). Yet, the risks have to be taken by both government and employee if more two-way open government is to be achieved.

On the other side of the world, the UK Government has also resolved to issue guidelines for blogging and social networking by civil servants. It’s difficult to take the claim at face value that the move is not connected with the case of Civil Serf.

Civil Serf is the pseudonym for a 33-year old Londoner civil servant, thought to be working for the Department for Work and Pensions. Her nom de plume reflects her intent to slag off the government and civil service. There’s always a ready audience for insider revelations and dirt, especially if it is about big corporates and governments.

I will, however, point out that the word serf comes from the Latin servus, meaning slave. Civil Serf is hardly bound to and required to serve the government- presumably she made a choice to work in the public service. And part of that choice was to adhere to a set of rules and regulations.

What about freedom of speech? Sure, that’s critical and legally protected but in this case I think Civil Serf probably breached the spirit if not letter of UK’s Civil Service Code. No employer, government or private, is going to take kindly being put down in public. A recent example is the worker fired by Warehouse for her comments on Bebo.

Anyhow, Civil Serf’s blog has disappeared after the Sunday papers on 9th March wrote about her. Since November last year, her comments were tellingly often quoted by mainstream journalists working for the Telegraph and Times. There’s a good video of the story at puffbox.

Almost universally, comments to stories about the Civil Serf saga at various online sites are on her side, praising her for an insider’s view of “government ineptitude and hypocrisy.”

While there are merits to both sides of the arguments about Civil Serf, there is no doubt that the Internet provides a powerful tool for people to air their views pseudonymously. And, while not an unbounded right, freedom of speech is a cherished right that is benefiting hugely from the Internet’s inherent support for pseudonymity.

March 15, 2008 at 1:03 pm 3 comments

Privacy Gateway

In the UK, OGC (Office of Government Commerce) has developed a very successful project review methodology for the British Government called Gateway. After being adopted in Australia, it is now being implemented in New Zealand by the State Services Commission for major capital projects.

According to a presentation given at a 2007 government IT conference, Gateway reviews will be a key part of monitoring and quality Assurance of major ICT-enabled business Government projects.

It was therefore interesting to see that the UK’s Information Commissioner’s Office (ICO) wants compulsory Privacy Impact Assessments to be part of the Gateway review process. A senior official is quoted in Computing as saying, “We do not want the government to develop systems that may contravene data protection law and cost millions of pounds to put right. And we do not want systems to be developed that will not enjoy public confidence because people feel that their privacy is being eroded.”

The OGC has rejected an across-the-board approach of requiring Privacy Impact Assessments for all projects reviewed. Instead, it favours a case by case approach.

It is worth keeping an eye on how this plays out in the UK and whether that flows into NZ.

March 6, 2008 at 10:26 pm 1 comment

Older Posts

This blog is no longer updated. See the About page for more info. I'm currently active on Twitter.

Follow me on twitter