honestlyreal

Icon

Nov 5, 2011 0

midata: revolution or enigma?

No technology contracts bigger than £100m.

Bye-bye proprietary software monopolies–hello Open alternatives.

An avalanche of government data to generate new business opportunities and pump billions into the economy.

Fast broadband for (almost) all.

Agility, everywhere–no more risk-averse, unchangeable systems–instead, a commitment to diversity and experimentation.

Reskilling in-house tech teams, reducing dependence on external suppliers with vested interests.

And after years of false dawns, services actually joined up around–and designed for–their users.

There’s not a lot not to like, really. Is there?

Just before the election we heard a torrent of such promises. Watching the gathered geeks and entrepreneurs around me at the launch of the Conservative Technology Manifesto last March I could see tongues virtually hanging out. We weren’t just being offered the keys to the sweetshop–Francis Maude and Jeremy Hunt were pretty much proposing ripping its doors off.

How much of these sweeties have actually been delivered post-election is a story for another day (ah, the shackles of that Coalition Agreement, I’m sure…).

But over recent weeks and months we’ve seen glimpses of another what’s-not-to-like initiative. And now it’s been launched.

Midata.

[Ok, try this link. I was making a dodgy CMS point with the first one, that Google (and BIS site search!) gave me...]

So here comes the grumpy blogger to get all picky with what on the face of it is a risk-free, consumer-enriching move willingly volunteered by industry, facilitated by government, to make real people’s lives easier at no cost. (Coz there’s loads of those.)

Well, not so much of the picky, really–just an interest in shining a light into some of the corners of this debate. Because corners and angles there most certainly are.

The first thing to get to grips with is that there seem to be two big agendas wrapped up together here.

Both can be connected to the words “me” and “data”. But they seem to be quite different in their nature and purpose. That’s always a recipe for confusion if not properly unpacked. So let’s see what we have.

Agenda 1: better information for consumers

We have a consumer empowerment angle here, clearly. “Giving people back their data” is billed as putting the customer back in control when forming or reviewing a relationship with a vendor. For some services, especially things like utilities and telecomms, the case is very tangibly made.

We generate a lot of data in consuming the service. Understanding our consumption patterns in detail would help us when making future choices about service provider, as we’d be able to match the terms that were on offer with what we actually needed.

So far so good.

This also extends to things like preference data: as we go about buying things (and even just looking at them) we generate a cloud of information about our preferences, choices, needs and their timing. This has a value–how much, nobody really knows, though there are some florid estimates–to marketeers, and could drive better deals and more targeted, less intrusive advertising.

Agenda 2: proving your identity online

The moment we started to move transactions away from being with someone you knew personally in your village, we increased the complexity of how you prove things: who you are, can you pay, entitlement-by-residence and so on. Online, it’s pretty horrible, and attempts at building something that’s simultaneously secure and usable by normal people have foundered.

(There is more elsewhere on this blog about these issues–otherwise this post would be very long.)

Suffice to say that the current approach (which actually looks pretty promising) is that of “federated identity assurance”. Not trying to create one massive database of people information against which things can be checked, but to use information sourced from a number of existing trusted relationships, in combination, to give sufficient assurance of identity.

Which means that both these agendas are the same, doesn’t it? They both involve consumers getting their hands on personal data that’s previously been locked up in companies.

Well, actually, I don’t think it does.

Why not?

A definition of “personal data” is harder to pin down than might seem initially apparent [more here]. Lots of things that don’t look that personal by themselves (points on a map, equipment serial numbers etc.) take on a whole new power when linked to an individual.

There’s the obvious “personal facts” stuff, of course: name, address, account number etc. which usually (but not always) identify an individual.

Then there’s operational data, made much of by midata: what we’ve used, what we’re interested in, what service choices we made etc.

Releasing structured chunks of this latter type could well meet Agenda 1′s objectives. And there are design choices to be made here which will have a big impact on risk and privacy.

Would it be sufficient to get a log of mobile calls by time band and number type, for example, rather than a detailed list of numbers actually called, and precisely when they were made? The former could well be enough to allow a better contract to be found: the latter would be a potential privacy nightmare, not just for the caller, but also whom they called, if it were mislaid.

My point being that meeting a consumer empowerment agenda requires the “giving back” of information with certain characteristics–i.e. tailored to fit the way that consumer services are packaged.

But the giving back of information to help confirm an identity relationship–Agenda 2–seems to me to be a very different beast.

Because I thought the whole concept of using a number of different identity providers was that you asked them to pass confirmations of trust around–not the actual personal data itself? So one might ask a bank to confirm electronically that some submitted data matched a record that they held, but that’s not the same as handing the requestor (or indeed the individual) chunks of personal data.

So I fear that in an attempt “not to go into too much detail” we’ve got a conflation of two separate, interesting, important issues under the midata flag.

One can always argue that “it’s the principle that counts–we should establish that first, then let the clever people get on with the solutions”. Well, yes. Ok.

We did that with electronic patient records, with Post Office smartcards, with national identity cards and registers… At some point we do need a public airing of the underlying principles in a greater level of detail than the initial press release. And before a major delivery programme has been commissioned, I’d suggest.

Other than this “issue overlap” there are a few other points that strike me about midata. There is this underlying sentiment that consumers have a right to “their data”. But what is it that actually makes a particular piece of data “theirs”?

Information about usage is a hybrid of personal facts (e.g. who is the account holder?) and operational information as a consequence of service use. How far does it extend? Basic consumption patterns? Probably yes. Detailed, time-stamped records of every purchase and all parties involved? Hmm. Maybe. Serial numbers and last maintenance dates of the precise routers and masts that were used to deliver a phone call? Well, now you’re being silly, Paul.

Yes, I am, of course. But I’m trying to illustrate that the translation of this “right to data” into reality involves more than just signing a memorandum of understanding.

And then there’s the cost angle. Even if we assume that the addition of a simple bit of code will suddenly enable service providers to spit out raw chunks of data onto the Internet (aka the “it can’t be that hard to get their systems to…” fallacy argument) the midata announcement is already talking about a greater degree of sophistication: particularly the bit about “access, retrieve and store their data securely”. Who’s going to pay for that?

And do we have robust evidence that there is interest and demand for this type of data release, other than from the vociferous lobbyists with their eyes on constructing a wealth of new “personal data store” opportunities?

It’s great to see entrepreneurial spirit flourishing, but how much is this about solving real consumer problems, and how much about playing yet more variations on the “consumer as product” theme–you tell us about your interests, and we’ll give you better deals (but only as a share of what we’re really making by selling that information to other vendors).

The argument that better information increases customer choice, and therefore power, is of course another “what’s-not-to-like”. But if you take a step back, and look at the implied problem that “people don’t know which is the best deal as they’re all so complicated and people don’t really know what they use anyway…”

…would you put your energy into releasing chunks of data to help make a better match with a complicated tariff, or would you have another look at the issue of tariffs in general, and simplify them? Yes, both represent some form of intervention, and I can see the political attractiveness of the former, as (especially under a voluntary scheme like midata) it plays down the regulatory role in favour of cheerful vendors all quite happy to be a lot more transparent with their/your operational information. But one wonders just how sustainable this level of voluntary cooperation would actually be in the longer term in highly competitive markets…

That’s a bit like imagining a set of doors with fantastically complicated locks, and giving people the right to have equally complicated keys cut–rather than pushing for simpler locks in the first place.

So, a lot of questions remain. Conceptually, midata isn’t something that could or should be objected to. And this post is not written to criticise, but to suggest a few areas that need more detail and analysis.

When we see press releases that let fly with cool talk of data, empowerment and choice we should be getting a lot more eager to ask the next level of questions. What does this really mean? How will it work in practice? And what might some of the broader economic, competitive, social and privacy implications be?

Until we do, we’ll be dazzled by press releases and then a bit disappointed when delivery swings into action. And it’s usually too late by then to do much about it.

Jul 24, 2011 8

Google Plus Ungood

I know many people have managed to get up and running with Google+ fairly easily. The usual snags have been reported, of course, as users get used to the idiosyncrasies of the network, and as new etiquette and conventions emerge.

Today, it’s become clear that there are some deeper issues emerging, as Google enforces a “real names only” policy. Erm, good luck with that, in a hard identity sense, guys. Unless you’re going to try and peg people back to a state-issued identifier… (no, I’m not even going to go down that road of horror).

There’ve also been a few nasties creeping out of the woodwork as users realise some of the drawbacks of putting it all in the cloud. One wrong step with your service provider, and you’ll be writing a rant like this as thousands of hours of curation, not to mention thousands of irreplaceable and irretrievable content files, are briskly wiped out.

But for me, Google’s latest foray into social networking has pretty much been a non-experience. Although I was invited fairly early on, and signed up successfully for a few days, it all went belly-up pretty soon afterwards.

Why? Because of the cack-handed way in which Google identities work, that’s why. Here’s the detail.

Like most people, at some point I signed up for a Gmail account. I didn’t get a very nice address, as I wasn’t in there early enough, but it is a version of my name.

What I do have, and use instead, is a funky email address that I set up 10 years ago, and a couple of years ago moved over to Google Apps. (Bear with me.)

That email address is pretty much the way in which I’m identified for all services I use that are based on email address. In many ways it is my self-asserted identity on the Internet.

So it won’t surprise you to learn that when I came to create a Google profile, based on an email address, I used my “home” email identity.

So far so good, and for a couple of years everything worked smoothly. Google Apps did the things Google Apps did (email, calendar, contacts). And for the other Google services I used (Analytics, and probably not much more than that), I logged in with my Google profile. All was well. I had a slightly uncomfortable feeling that there may be trouble down the line though, with two identically-named identities that were logically separate.

And I was right.

A few days after I joined Google+ I got a friendly-but-firm email from Google. “We’re consolidating your accounts,” they told me. This dual use of the same email address can’t go on. Not optional. Indeed.

As I’d been invited to Google+ using the “profile version” of my email address, I feared the worst. And I was right. That was the account which was going to be stripped of my preferred email address. To be replaced by a “temporary address”–something horrible with a percentage sign in the middle of it. Great. The G+ connections dried up–nobody knows me as “the percentage sign email guy”–they know me as my ordinary, erm, email address. Bugger.

It got worse. To be able to get into G+ at all I didn’t just have to log in to Google using the temporary profile, I also had to log OUT of Apps (explicitly, even if I were already logged out of “normal” Google)–otherwise Google thought I was attempting to access G+ using a “business identity”. The horror!

The solution–according to Google–was to assign my Google profile an entirely new email address. Right. A new identity, for what could emerge as a pretty important service, should Google actually get their act together. An identity, and email address, that I didn’t need or use anywhere else. Not. Ideal.

So we have an impasse. I am hanging on, the temporary account unused and unloved, in the hope that Apps users will at some point be able to use their Apps email as a G+ identity. (It’s a rather faint hope, given the strategic direction that Google seem to be taking with identity.)

Why would I waste time now building up a social network where I, quite literally, don’t know who I am?

But it explains why I’m not part of this party, remain unconvinced of Google’s ability to handle the basics of social interaction, and am pursuing a wholesale review of my domains, addresses and identities for what now seems an inevitable clean break, sooner or later, with Google. Nice work, chaps.

Update, 25 July: a few morning-after-posting thoughts

Is there any real significance in all this? Surely this is just the moaning of yet another free-service user who didn’t read the Ts&Cs? Nothing paid, nothing to complain about.

Well, this is significant, because:

  • Identity, and cross-platform identity, are hugely important in an ever-more-connected world. Mess with those and you mess with the core of user experience: user existence.
  • Like it or not, it’s hard to see how a relationship with Google won’t form some part or other of everyone’s Internet activity at least over the next few years. This makes a Google profile (whatever neglect Google may have shown for it to date) disproportionately important.
  • The attempt to enforce “realness” is weak. Google’s requests for reference to “government-issued ID” (redacted or not)–whether to “prove” age or identity–is a troubling step. It puts a little friction in the path of being anonymous, sure, but if you want to, you can be.

And these characteristics (inflexibility, heavy-handedness, dependence) are all indicators of things that we’ll need to worry much more about in the future.

PS

Google account administration functions really are up the spout. Here’s a good piece by Dan Harrison on Google administration in general, and another on Google Apps deficiencies in particular. I’ve said it before: if a profit-focused, cash-rich organisation like Google finds identity so difficult, do we really hold out much hope for government?

PPS

Google Wave also revealed some of these flaws. I actually thought, briefly at the time, that the whole Wave concept was actually a Trojan Horse to get people to sign up for a Google profile (or to take one more seriously if they already had). And what did they force me to have as my Wave ID, despite me already having a friendly Apps address, and a slightly less friendly Gmail address? Something like paulclarke0001@gmail.com (I actually forget how many zeroes.) Face hits palm.

Jan 10, 2011 5

Who are you again?

This online identity stuff is very difficult—as I’ve written here before: much harder to truly grasp than it should be, in a peculiar way. I think that one of the reasons is that there are really two, logically separate things going on. Unless one puts a bit of mental legwork into understanding them—well, almost philosophically—all that follows in terms of technical solutions and so on can be irrelevant, at best.

So, those two parts: 1. how do you “prove” you are who you say you are? and 2. (the bit that’s perhaps harder to encapsulate) what is the relationship model that’s constructed when such a “proof” transaction takes place?

Let me try it another way: (1) what are you trying to prove and how do you go about that? and (2) what are the consequences of you having done that “proving”?

I hope to make some progress in illustrating why they’re quite different, but both very, very important. The first of those two parts—the “what and how you prove” bit—is the subject of this post. Probably because it’s the easier of the two. Though still complicated.

You never really prove anything, of course. If we are going to get into the business of cutting people open to extract a bit of DNA from their very bones and analysing it against some sort of uber-register of genome sequences…yeah, yeah, yeah. But we’re not. So stop being silly. (And they might have implanted somebody else’s bones, anyway. Ok, that’s silly. Or is it? Let’s move on. You see the point: every obstacle is just another challenge.)

What we do instead is use a number of arbitrary proxies for identity: tokens that either alone or in combination give a certain sense of assurance that their presenter is who they claim to be. The passport is a common (and relatively strong) example. There’s the photoID (with a government issued driving licence being rather more trusted than a cheaply-laminated snooker club membership card). There’s the infamous utility bill—which has the benefit of also fixing the presenter to a physical location of residence. You get the picture. Sometimes the detail is checked against something else, sometimes it’s recorded, and sometimes it’s not checked in any meaningful way, but the request itself is enough to dissuade naughtiness.

Because, for most of the transactions one carries out with government (central, local, police, whatever) checks like this are pretty damn important. (At least they are perceived to be, anyway, certainly in comparison to some private sector transactions. Compare the following headlines: “x% of cardholder-not-present credit card transactions are fraudulent, costing £Ybn per year” with “x% of online benefits claims are fraudulent, costing £Ybn per year”. Which one will have the nation frothing that Something Must Be Done? But that’s for another post…)

The guys at the gate of Caterham tip ask for a utility bill to confirm that you’re allowed to dump there. (Well, only when it’s busy, it seems.) To them, a location is the only important fact that’s been asserted—who I am, or indeed whether that utility bill matches anything else about me or my car, are unimportant. At the supermarket checkout, the young-looking booze buyer will only be troubled for something featuring a date of birth, and so on.

The tokens we use to give that degree of proof don’t have to be physical bits of paper, of course. We can memorise PIN numbers, or be asked for known facts about our previous transactions which only we’d be likely to know the answers to. We can set up “shared secrets” in advance so that only we will know the answer when challenged by our remote interlocutor.

We can have combinations of things used together—to see my bank statements online I now have to put my bank card into a reader the bank have sent me, pass a challenge, and then enter a result online. Sure, if you have my card, my reader, know my PIN and at the same time can open a session of my online banking you are me, at least as far as my bank is concerned. But that’s a lot of hardware and effort, and reasonably proportionate to the stakes involved, I’d say. We talk of “something you have and something you know” as a basic type of multi-factor authentication, or “something you have, something you know and something you are” if we add in a biometric component.

You see the point?—there isn’t really any proving going on. Just an exchange of information that gives a certain level of assurance, upon which trust can then be built. Sometimes it’s done well. And sometimes it’s not. Sometimes the requests for “proof” information are proportionate to the task being undertaken. And sometimes they’re not. But the request/risk relationship is likely to be quite specific to the task being attempted.

You’ll notice that I freely used offline examples above, when normally I bang on about how hard all this is in the online world. Well, the concepts are the same. It’s just that there are some characteristics of online channels that tilt the tables of risk. The lack of a face-to-face element removes some of the visual cues we might use to strengthen trust in a claimed identity. But this applies to the phone as well (how many times have I assumed the guise of “Mrs-C-with-a-cold” to try and sort out a minor squabble with a utility company?).

No, what makes things really very different in the online channel are those two old favourites: accessibility and recordability. The friction of having to find a benefits office, queue up, and try it on with the clerk by wearing a false moustache all disappears. You can be fast, anonymous and massively multi-tasked, using tools to try thousands of entry points and potential tokens simultaneously.

And what you do undertake, successfully or unsuccessfully, creates a record—leading to all sorts of other consequences—something that doesn’t happen when a guy in a fluorescent jacket glances at your water bill. Nobody writes anything down in lots of offline transactions—that’s important. Or captures and indexes it, for example, on video. (The indexing bit matters, by the way…but that’s taking us into the next area: the Nature of the Relationship.)

Oh, and I fear there’s one other powerful reason why this is so challenging for those who “think digitally”—a digital relationship is generally conceived as one of certainty—the bits match the requirement, ergo the door is unlocked; whereas everything above is an assembly of probabilities, seeing people less as people but as a collection of analogue risks, in a context where “good intent” and “assurance” are just shades of grey. No wonder we experience some cognitive dissonance in this area.

If you’re now drowning in a sea of uncertainty and looking lovingly back at that idea of sawing people open and extracting an inarguable(?) DNA sequence—congratulations. This is a highly normal response. Rushing back to a “unique identifier” to solve everything is pretty common. Engadget managed to do that neatly in their headline yesterday on the latest moves in US federal identity assurance—even though the source material talks about something rather different—a distributed identity framework. I’ll cover this, and the fallacy of the “unique ID” as a solution, in the next post: this dark business of the relationship that’s created as a result of digital transactions.

I might need my Greek hero and his friendly chelonian to help with that one. This stuff is not easy.

But what helps me sometimes, when thinking about this topic, is that this is a game you can play at home. Sort of. Every time you exchange anything about you (whether that involves your facial features, your money, or information about you) with anyone, anyone at all, online or offline, think about what’s actually being exchanged, why, and what the consequences could be. Try witholding everything except what turns out to be absolutely essential. Lie, subvert, play (within reason). It’s going to be useful to hone this awareness and these skills, I suspect.

May 7, 2010 7

Sit down and be counted?

Online interactions between people and government fascinate me. Which is just as well, given I’ve spent a long time working on innovation and programmes that attempt to do this sort of thing.

I’ve written before about some of the challenges behind the “government account” concept: online tools that would help citizens to transact with government in smarter ways. They represent a wicked problem – in that you can describe what such an account does in a single, simple line but nobody’s actually managed to produce one in practice, for all the money that’s been spent trying.

This is because as soon as you endow them with any sort of real usefulness you also need to build in so many safeguards to a) protect privacy, b) be proportionate in what information is shared for what purpose, and c) to guard against misuse (fraud, impersonation etc.) that you quickly render them unusable by real people, and unimplementable by government machinery. Yet the “vast savings in the future” business case sits there, taunting us to try and try again to find a way. And it’s human nature to want to believe (sometimes in the face of very strong evidence) that simple conceptual challenges must have simple solutions. Truly, a wicked problem.

Proposed solutions inevitably gravitate towards two poles: the absolute identity model (beloved by the “nothing to hide, nothing to fear” brigade) where everything is pegged back to a single (probably biometrically-founded) master record. Or non-personal, “opt-in” models. (“Non-personal” in the sense that although you can create your account to look like it’s about you, it’s not evidentially reliable for any form of ‘strong’ transaction. The sort you might later conceivably have a court case about, for instance.)

If you try and get clever, and design hybrid solutions that mix-up trusted and non-trusted areas of information, then you can solve more of the implementation challenges on paper, but you magnify the usability (and security) problems exponentially. And so we go on – that’s another story.

But let’s set aside conceptual discussion for a moment and focus on just one very topical instance of interaction with government: voting.

The scenes of chaos last night at polling stations were quickly followed by cries for a better way. Our Victorian processes and infrastructure can’t cope, say the people – and now we have teh shiny internetz – surely A Way Must Be Found.

(What tickled me a little is that some of those cries for A Better Way came from people who would probably have serious reservations about the unintended consequences of this sort of thing.)

Bear in mind that for any electronic voting solution there are a few core concepts that need to be considered – notably the need to have a referencing method, and a proof process.

A referencing method might be a list of NI numbers, for example – the basic index by which people and government agree that they’re talking about the same person. In traditional voting, this is the electoral roll – a list assembled for the specific purpose of enfranchisement. Although it’s shared (and sold) for other purposes, this isn’t generally used to enable other business with government. It’s not (that I know of) connected to your tax or benefit records, for example (other than having ancillary involvement in identity verification, credit-reference-style).

It’s worth bearing this in mind when you consider the referencing method that online voting might use. You want to connect your voting record to other things you do with the state? You’re sure you don’t want to think about that a little more, liberally-inclined Twitter-folk? So, your referencing solution might instead be merely the migration of electoral rolls to an online register, but one that’s not connected to other government interactions. Sensible precaution, or massive missed efficiency opportunity? That’s the sort of real-world difficulty we face with these decisions.

The proof bit is where the voter makes a claim (to an acceptable level of proof) that they are that person. That could be as simple as replying to a letter sent to your house, showing online (or by phone) that you know something about other account records that only the account holder would be likely to know, or as complex as turning up at a government office bearing original birth certificates.

But bear in mind that if the proof bit isn’t done online, there’s an extra level of complexity in sending you whatever you need to then use online to demonstrate you’ve done the proving. Even if you just want it emailed, that means someone has to be responsible for the email addresses, not letting them be used by spammers or left on a disk on a bus (etc. etc.).

Even the simple gets complex. It’s the nature of this territory. It’s all ultimately based on what level of risk, whether of error or malefaction, is acceptable.

You’ll spot at this stage that the relative level of proof required for traditional voting is absurdly small. You need a card in your hand (which you can pick up from anyone’s doorstep or shared mailbox) or, failing that, some identity that can be checked against paper records at the polling station. Can it be fiddled? Of course it can.

An acquaintance of mine received two polling cards in 1992, one at his parents’ address, and one at his student address. Both were in marginal constituencies which changed hands. He happened to be travelling between the two areas that day… And that wasn’t even ‘intentional’ fiddling – just sloppy record-keeping.

There is something – I think of it as channel friction – which comes into play here. It’s relatively burdensome to blag your way into a polling station; to extend a trembling hand full of someone else’s utility bills or to queue for half an hour. It’s a lesser pain to do things on the phone: it might cost you money, it takes time, you need to work harder to cover your tracks. But online, you have a very well-greased channel – register another 50 voters at a time? Sure. *click* Scan the registers for names that can be more easily spoofed? *click* Do all of this on a massive scale without leaving your bedroom? *click* Not to mention all the other service disruption and denial tactics at hand.

And while you’re thinking about the information flows as you design your solution, have a think about the potential impact of e-voting on political volatility. I may be strapping on the tin-foil hat here, but isn’t it conceivable that if we make the tools very easily available then their use might be demanded (by both sides) more and more frequently? For that budget decision, to go into that war, to execute that prisoner? I’m not saying that this level of ‘open’ government is necessarily bad – just that it’s different. And there are serious societal implications, from digital inclusion to softer issues of how online channels can lead to selective participation and extremity of view, to be borne in mind.

Be careful what you wish for; perhaps there are very rational, if unstated, reasons not to modernise some things?

Honestly, I’d love someone to crack this one. I really would. If you believe there’s a potential solution to this one, do please sketch it out below. Let’s have the discussion.

I’d love, as always, to hear a view from the VRM crowd – the self-assertion of the data you want to share is a useful concept when you’re buying things or services, but I’m baffled as to how it would solve either the “who am I saying I am” test, or the “who I am” test.

Personally, I vote postally. Because it makes more sense to me. It strikes an acceptable balance between my time spent, electoral administrators’ time spent, security and emotion. I’d like to have a go at improving the actual design, mind you – those multiple envelopes were bonkers – but it works.

Sure, I don’t get to smell the plyboard booths, and finger the grubby, stubby pencil but it does the job. And I don’t have to avoid eye-contact with rosette-wearers outside (really, why do they do that?) or risk a late-night lock-in with the police and an angry mob.

So, over to you.

If you think there’s a way to improve this electronically, pitch it… And if reading this has been useful, and opened up a few more areas of thought around this, do share it with others.

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

Apr 4, 2010 4

It’s all about me

I don’t know where this story ends. I know where it starts though.

At various times since the dawn of technology-enabled government – since information about some of the big things in your life was held on computers – the cry goes out: “Why can’t we join all this up?” “Why do I have to keep telling government the same information time and time again?” “Why can’t I get at all the things that are important to me – all about ME – in one place?”

And other such variants. But you get the point – simple, obvious questions.

And as the years have ticked by, the progress made towards answering these questions has been…well, shabby, to say the least. Especially in proportion to the money that’s been spent in this area.

We’ve had talk of passports, of portals, of “Tell Us Once”, of Citizen Accounts. Of Gateways, single identifiers, and now, MyGov.

None of them, with the exception of the last one – for whom it’s too early to tell – have done very well. (Online, anyway. Tell Us Once has apparently being doing quite well in face-to-face service pilots.)

Isn’t that interesting? Simple questions. Obvious goals. But never any progress. Ah – the wise will say – that’s just because nobody in government wants to change. There are all these vested interests. We’d have to rewire the way everything worked. And – say the privacy campaigners – do you realise what you’re also doing here? Creating an environment where a future totalitarian government can control everything you do from that one place – and where the loss of that single picture of you would make your life completely unmanageable until it got sorted out again.

I’ll argue that there’s an even more obvious reason why progress falters and eventually stalls. Time after time.

Temptation.

The temptation to believe that such easy questions must have simple answers, and to keep on searching for them in the same way over and over again. Usually by starting with a simple model, getting frustrated by how quickly it gets complicated, then abandoning the work and starting with another simple model. Rather than the harder task.

Which is to ask: what’s the actual goal of this ‘personalisation’? For it’s really not as obvious as it may seem.

Some of you may stop reading at this point. Or find yourselves wanting to dodge the difficult questions. “Why make this more complicated than it needs to be?” you may think. Why, indeed? “Surely the goal is to make things simpler for the citizen, and less expensive for government? Like, durrr…”

The White Knight of Personalisation (and I’ve met a few over the years) generally says one of several stock things at this point. Here are a few of them: “All your data can be cross-referenced in any case by government: why the hang-up? Just accept this and build everything around one identifier, hey how about the National Insurance number?” “Let’s just do an account that doesn’t hold personal data, then we don’t need to make it too complicated.” “Ok, let’s start from scratch – let people just choose their own identifier, maybe their email address, and use that to log in”. Or the delightful line: “but I have accounts with my bank, and to buy things online – why does government have to be so different?” Believe me, I’ve heard them all. The “why is government different?” question needs a whole post to itself.

White Knights either wear suits and get paid a lot to try and crack the problem afresh, or step forward from the lower orders to show how simple it all is, and try to stick it to these greybeards in government who “just don’t get it”. Isn’t it a bit odd though how the Knights never actually demonstrate a workable solution, no matter where they come from? Shouldn’t that tell us something?

(I owe an honourable mention here to The Tall Knight of Vendor Relationship Management – Google it when you have a moment – who may surface at some point and tell you the whole model is upside down, and people should be choosing what information they share with government, because that makes everything much cheaper and safer to manage. But I’m definitely not taking on that one in this piece.)

I can’t address every twist in this topic in one post by the way. It would become a very long, dreary read indeed, and perhaps detract from my main point. But here are just two of the many simple models of “a personal relationship with government” that you can use to illustrate the point about how it all complicates rather faster than you’d expect.

Case 1: the simple ‘account’. I just want somewhere I can bring together basic information relevant to me. My bin collection dates perhaps. And school terms. Local services for my area, not just generic national information. And reminders about stuff like my next MOT date. No personal data though. I don’t want it to be so secure that it’s hard to access, and I don’t want it holding information about me that will matter if it gets mislaid on a memory stick.

Case 2: the single place to do business online. This is more advanced: it’s an online service that I can log into and then do really useful things. See my tax and benefit account information in one place. Make payments. Change where my benefits are paid into. Find out about eligibility for things I didn’t know I was entitled to, based on what I am already. Correct my address details if they’re wrong. Upload my photo and allow it to be used for several purposes. Notify my change of circumstances. And so on…

Can you see why these two examples are very different? And why it would be next to impossible to morph a Case 1 solution into one for Case 2? Get a blank sheet of paper and a pencil and try that for yourself as an exercise. (Focus on who knows what about whom at all stages.)

Here’s how Case 1 can get complicated: quite quickly we realise that any meaningful personalisation of services actually requires more than just bookmarking things nominally “about us”. We can use personalised portals (netvibes.com, for example) or even just browser ‘favourites’ to bookmark things like that. We don’t actually need government to provide this. So, either our Case 1 solution is a publicly developed version of something we can get elsewhere, or it’s something more. “It’s something more”, we cry – it does the pulling together of the relevant bits based on who we are or where we live. “Who we are?” I respond – but remember we said this wouldn’t deal with personal data? Ok, ok then – how about “where I live” (comes an arbitrary counter). My postcode sits in the account and then my view of services gets ‘localised’ in some way. So it’s not really a personalised service any more, it’s a service about my house. And I haven’t even started on what sort of ‘identity’ you then assert in this account. Do I pick my own (in which case it can never be used for anything secure or confidential) or is it given to me (in which case we have to deal with distribution, record-keeping, level of asserted trust and so on)? We realise soon enough that what we really wanted was stuff to be suggested to us based on who we were, not as a result of us finding it and then bookmarking it. See, it’s really complicating already, isn’t it? We didn’t really understand what we were asking for by a non-personal, personalising service.

Case 2: the other extreme to which solutions usually gravitate – the one strong identifier that lets you prove yourself, be suggested to, self-serve and all the other good stuff. How are you going to get that identifier? In the post? At a face-to-face interview? Sent online in response to a passport number? You get my drift. And if all my data is then linked up around it, will I be able to control who in government sees what? Yeah, sure – you can have this 22 page e-form to fill in allowing for various combinations of permission and restriction. But I only wanted to know when my bins were being collected, isn’t that a bit of overkill? Etc. etc. The problem here being that the usability of the service rapidly complicates at a faster rate than its usefulness.

There are lots more nuances to all this – and many more types of solution. But this post is already longer than I’d have liked for easy readability. I wish I could wrap all this up in 500 words. I really do. It could save millions. But I can’t, and I accept that. This is difficult territory.

I even think one particular type of solution may actually be achievable. But you’ll have to get in touch with me to talk about that one. Clue: it’s neither of the cases sketched out above, nor indeed VRM.

If you bump into a White Knight of Personalisation, here are a few posers to try, just on the topic of the identifier (the equivalent of your account number for online banking, or your Driver Number on your driving license, perhaps).
- Will you have to have one?
- Can you have more than one if you choose?
- Can you end up with more than one by mistake, and if so, what happens?
- What’s the worst case if it’s lost or falls into someone else’s hands?
- Will it be possible to connect it to any service that I might use, or will there be limitations, and if so, what?
- Will I be able to stop it being used to connect up any services to each other if I choose?
- Will it be held in a big database (and who would look after that database)?
- Will it be connected to a register that’s also used for ID cards?
(I did actually ask the Prime Minister that last one at the MyGov launch. Just sayin’. The answer, via Jim Knight, wasn’t terribly clear.)

You’ll probably find your White Knight will go a little whiter when you do ask. And then either charge you another couple of million for another ‘scoping’ study, or turn smugly away saying: it’s so easy, surely we can work this out, stop being so negative…

This is very complicated stuff. But it always looks so simple to begin with.

UPDATE 18 December: MyGov died with the change of government, I think. It was a short-lived initiative (perhaps not even that) to reposition the mythical “single place online where you can do everything”. But it will be back. It always comes back. Google “unsinkable rubber ducks” (Randi) when you have a moment…

Pages

Switch to our mobile site