About eighteen months ago I wrote up an overview of government to government (G2G) systems in the UK, followed by a high level comparison of the three most utilised, and a look at the potential evolution of the G2G systems across the UK.

The last of the three articles discussed the UK G2G systems and how they might end up being integrated together, I postulated that there were two major approaches a point-to-point “Mesh” approach or a master G2G “Hub” approach. I also mentioned the “Decentralised” Hub model brought to my attention by Simon Freeman, ex Chief Architect of the Government Gateway, a major UK G2G system. The “Decentralised” Hub is a model whereby one of the existent G2G systems effectively evolves into the master G2G Hub.

Mesh		Hub		Decentralised Hub

I agreed with Simon that the most likely candidate was the Government Gateway because of it’s dominance in terms of volume and variety of data in comparison to the other UK G2G systems. Every day this becomes more and more likely as the number of messages originating from non Gateway sources increases.

Following the post Simon was kind enough to respond to the article and a couple of the comments that had been posted there. He makes a number of points specifically about identity and how it it is managed in the UK, as well as the Data Protection Act and it’s effect on UK Government IT planning, which I think are interesting enough to repeat here.

Here’s his post in full:

Hi Wayne,

Thanks for pointing out my new found fame on your blog. I would point out these views below are mine and not government’s, not least of all because I don’t work for gov any more. I must admit that it amuses me a great deal when identity is discussed by IT suppliers. In fact I had a good laugh when Mr XYZ representing IT suppliers of Gov came on Radio 4 on Sunday and moaned about the lack of requirements on the identity programme. I would be interested to hear your views. And to Miles Peters’ comment above, I think it important to note that SUN provided a ‘hub’ to the Home Office some time back and despite the fact that Gateway is all built on Wintel, Wayne consistently has supported its use.

One of the issue facing government on identity is that it is not a technical problem. If gov takes forward a huge programme of IT without solving the business issues it would surely be guilty of not learning past lessons. As far as I can see, they have taken a look at what is needed in gov from a identity perspective and realised that there is plenty there to be getting on with.

Identity cards are continually focused on anti-terrorism devices. This position has no credibility because the focus is on ‘card’ and not the wider identity needs. A card carrying population will still have terrorists.

So IMHO the way to look at ID is to look at the outcomes gov needs to achieve and then look at the best way to achieve them.

So let’s have a go.

1) Reduction in fraud in benefits

2) Immigration controls

3) Reduction in tax fraud and avoidance

4) Entitlement to other Gov servics (NHS etc)

In the UK there is a basic set of issues to do with benefit and tax. There are 4 key categories

1) The people who knowingly defraud tax and benefit system

2) The people who defraud tax and benefits by accident because the system is hard.

3) The people who pay the right tax and benefits by accident because the system is hard

4) The people who pay the right tax and benefits because the know what they are doing.

To help 1-4 above, identity management needs to ensure that each person who is liable for tax and benefits has one identity tied to one human being. I suspect that what government has realised is that a huge % of our population has an NI number but until now HMRC would not allow the number to be used for wider purposes. This seems to be changing. Once we are in a position where each taxpaying person or benefit receiving person is identified consistently by a single number such as NI it means that better detection of fraud can occur and save the UK a huge amount of money. The second issue once you have all these NIs is to tie a single human being to its ownership and ensure that there are ways to detect if any given human is attempting to get two identities. Thats where the biometrics come in. So I suspect that the reason the big IT approach for identity cards is being revisited is that by simply widening NI usage across Gov and reusing the database already in existence in DWP the Gov can go a long way to achieving some of its goals. Introduction of biometrics is a harder problem to solve technically but we can start to reap big benefits from just the first step.

I won’t go into the other points in the initial 4 as this is already way too long. I would however counter the position on DPA. It is by far the biggest excuse I have heard in gov for not solving these problems and yet has very few grounds. I firmly believe that if you want services from gov then you need to accept a certain loss of privacy. It is a difficult pill to swallow but ultimately there are lots and lots of bad people out there who are robbing hard working tax payers of lots and lots and lots of money. Why is it unreasonable to ask people to prove their identity. We should also note that the privacy being fought for is only perceived anyway. If gov wants to cross check your details because of fraud suspicion then data can be shared. It is just unreliable ad costs money (us money).

Let me put this another way. If we assume benefit and tax fraud costs the UK (guess only) 4 billion pounds per year. Now lets say that the average tax payer pays about 20K per year in total taxes (its probably far less). That means that 200,000 people’s hard earned tax cash will simply walk out the door this year. Let’s put it another way. That means that for a working life of 30 years over 6000 people will work all their lives paying tax to cover 1 year’s losses to people who think it is ok to defraud the UK tax and benefit system. Now put yourself in one of those 6000 people’s shoes. You will pay taxes all of your life for nothing and so will every one you know, and probably most of the people you will ever know. Next year, another 4 billion will go missing.

Data protection should not be an excuse for such haemorrhaging of cash.

The one final point which I think demonstrates the real issue to be sorted out by ID. The guy on Radio 4 said that even if ID agency gets the solution on there is no obligation for any Gov department to sign up and use. I am not sure what is more outrageous, the possibility that they may not sign up or that they are given an option at all.

So let’s not get to wrapped up in tech on ID. There’s load’s to be done with what we have if the right policy and delivery was put in place today. Further IT spend is just a red herring. A very expensive red herring.

IMHO

PS. You can tell this is a techie blog as you have to type in BR in the text to get a new line!

I really should reply to Simon’s request to hear my views on the identity programme and the relationship to and opinions of the vendor community of the programme (as I see it); I’ll try and do this soon for the readers of this blog. I’ve spoken to Simon a number of times since he posted the above and we’ve talked about the subject of this post, so really I’ll be using the upcoming response as an opportunity to state my opinions.