PRESS RELEASE: GOV.UK/digital by default – 17 questions for Mr Maude

The following press release has been issued:

PRESS RELEASE

To:

Home Office

OIG (re US-VISIT)

IDABC (re OSCIE)

China (re Golden Shield)

Pakistan (re NADRA)

FBI (re NGI)

UIDAI (re Aadhaar)

Agencies

GOV.UK/digital by default – 17 questions for Mr Maude

17 October 2012

Francis Maude, Cabinet Office Minister, has announced today that public services are in future to be delivered on-line: "... today marks the start of a new way of delivering public services digitally. GOV.UK is a platform for future digital innovation".

Public services are to become “digital by default”, to use the term popularised by Martha Lane Fox, the Prime Minister’s digital champion, who first proposed the development of GOV.UK.

Digital by default is to be delivered via GOV.UK, a website developed by the Government Digital Service (GDS). The chief executive of GDS is ex-Guardian man Mike Bracken, who is also the senior responsible officer owner for identity assurance, please see below.

17 questions for Mr Maude:

1. “Digital by default” means replacing people with computers. How many public servants will be made redundant and how much money will the taxpayer save?

2. Between eight and ten million adults in the UK have still never used the web. Will they be excluded by default from public services?

3. GOV.UK is to be hosted in the cloud by Skyscape Cloud Services Ltd, a start-up which has not yet submitted any accounts to Companies House, which has no company secretary and only one director, a Mr Jeremy Robin Sanders, who also owns 100% of the £1,000 paid-up share capital in the company. What reason is there to believe that Skyscape are reliable, competent and big enough for this enormous task?

4. Starting from Skyscape’s own website it is easy to work out where its data centre is. ARK Continuity Ltd, the property company that built it, even provide a map how to get there. GOV.UK is an important national asset. How will our data be kept secure?

5. HMRC also, like GDS, intend to store our data with Skyscape. Will the Minister please comment on the professionalism of Whitehall procurement which entrusts national assets to a one-man company the location of whose servers is revealed on the web for all to see including terrorists?

6. Even with the big cloud services companies like Amazon, Google, Microsoft and Apple it is commonly understood that cloud computing entails the customer – in this case GDS and HMRC – losing control of their data. Their data may be stored on any machines anywhere in the world and managed by staff the customer has no control over. Why is Whitehall following the fashion and embracing cloud computing?

7. In connection with cloud computing, Microsoft and Google have warned the British public that under the powers of the USA PATRIOT Act and other legislation the FBI can demand to see any data stored by any US company anywhere in the world. These powers extend to non-US companies which also happen to operate a substantial business in the US, e.g. QinetiQ. Does the Minister wish to join Microsoft and Google in warning the British public that their GOV.UK data can be inspected by the US authorities?

8. Individuals and companies already have a tool for transacting with the government on-line – the Government Gateway – and have done for the past ten years and more. How can throwing away that tried and tested tool and replacing it with GOV.UK be called a saving?

9. The Government Gateway has tried and tested identity assurance procedures which minimise on-line fraud and error. Individuals and companies have user IDs issued to them by DWP, who operate the gateway. GDS are said to want to throw away that security and use Facebook, Google and Twitter user IDs instead. What reason is there to believe that these social network user IDs are as reliable as the Government Gateway’s?

10. ... and what qualifications do GDS have to make these foreign companies which pay very little UK tax, not to mention Mr Jeremy Robin Sanders, a part of the British Constitution?

11. GDS are also said to want to take advantage of the logon details the public use for on-line banking to help with identity assurance. UK banks tend to have strong security but nevertheless the problem of on-line fraud persists. Given which, what is the benefit of incorporating the banks’ identity assurance procedures into GOV.UK?

12. Operating through the Department for Business Innovation and Skills (BIS), GDS are trying to issue everyone with PDSs, personal data stores. The provisions for PDSs are part of a BIS initiative called midata and statutory powers to mandate PDSs are tucked away in the Enterprise and Regulatory Reform Bill currently going through Parliament. Would the Minister confirm that a PDS is no more than the software equivalent of an ID card and that PDSs are the real vehicle for identity assurance advocated by GDS?

13. On 5 September 2012, GDS, BIS and the Foreign Office hosted an event at which GCHQ explained how badly British companies deal with cybercrime. Why is GDS simultaneously trying to exacerbate the problem by putting all public services on-line?

14. CESG is the information assurance arm of GCHQ and has published recommendations on the requirements for the secure delivery of on-line public services (RSDOPS). Will the Minister please show the public the documentation proving that GOV.UK satisfies RSDOPS?

15. All public services are on-line in Estonia and in 2007 Russia found it easy as a result to bring the country to its knees with a simple distributed denial of service attack. What is to stop the same fate befalling the UK if digital by default succeeds?

16. This is not the first time digital by default has been tried in the UK. Back in 2005 when Tony Blair called for joined up government, Sir Gus O’Donnell and Ian Watmore devised a programme called “transformational government”. That failed principally because the other departments of state wouldn’t co-operate with the Cabinet Office. What is there to make them co-operate this time?

17. Universal Credit (UC) is an important coalition government policy designed to spring the poverty trap and make work pay, for millions of benefits claimants. The biggest risk faced by UC according to Lord Freud, the DWP Minister responsible, is the lack of identity assurance. Control over its own identity assurance was wrested away from DWP by GDS. DWP couldn’t make any progress on the matter as a result, and GDS haven’t made any progress either. It looks as though the needs of real people are being side-lined while a few senior civil servants indulge their fascination with computers. Would the Minister care to comment?

It is timely to pose these questions today, the day on which GOV.UK goes live. Or next Monday 22 October 2012 when GDS are due to make a major announcement about identity assurance. Or the following Friday 26 October 2012 when Whitehall's G-Cloud team (government cloud) also have a major announcement to make.

ARK Continuity Ltd, by the way, boast the Rt Hon The Baroness Manningham-Buller, formerly the Director General of MI5, as a non-Executive Director.

---

About David Moss
David Moss has worked as an IT consultant since 1981. The past 9 years have been spent campaigning against the Home Office's plans to introduce government ID cards into the UK. It must now be admitted that the Home Office are much better at convincing people that these plans are a bad idea than anyone else, including David Moss.

Press contacts: David Moss, BCSL@blueyonder.co.uk