Examination of Witnesses (Questions 20-39)|
24 NOVEMBER 2005
Q20 Julia Goldsworthy: But we do not
know what the left-hand side is or the right-hand side is at this
point. Initially every government department is saying, "I
can see how it would work in education, and in health we can use
it this way, and in work and pensions we can use it this way,"
but the Regulatory Impact Assessment only costs the cost to the
Home Office. Is it going to rationalise all this government information
or is the basis behind it an identity security card essentially?
We do not know that. We do not know how it is going to be used.
Mr Collins: I have heard exactly
that question asked inside an individual local authority and that
debate goes forward. Whilst the individual service departments
within a local authority insist on their independence and their
separateness from their colleagues, the project never goes forward.
It is only when the leadership of the whole organisation says,
"Stop squabbling, stop being independent, we are doing this
for the good of the citizen, because we put the citizen at the
focus of this not your departmental concerns," it is only
with that strong leadership that you have a chance of going forward.
Q21 Julia Goldsworthy: But the latest
indication we have had from the minister has said, "Decisions
on whether, when and how particular public services will make
use of the ID card scheme will be made by those services individually
or collectively as appropriate depending on how services are managed."
Professor Dunleavy: There is a
ministerial committee on ID cards and I have yet to see any publication
or statement originating from itwhich I think would be
Q22 Chairman: What you say is interesting,
but the centre in Britain is different from localities, is it
not? There is no real corporate centre in British Government.
If you read Patrick's observations on the demand and supply side
factors here, it is clear the departments will just watch and
see whether this becomes a kind of scheme that it is good for
them to buy into. The idea that here is going to be some concerted
central push for all the kind of rational reasons that you say
is not how our system works.
Mr Collins: I have no evidence
from my experience about the behaviours of central government
departments. I can tell you that this problem is being tackled
from the ground up, through the ODPM-sponsored Government Connect
project, which is taking a very much more federal approach and
a shared investment and shared infrastructure approach, to try
to find a way where you can get to where you want to go without
needing to change those behaviours that you and your colleague
have just described, the very separate behaviours.
Q23 Julia Goldsworthy: The final matter
is on the Gateway review specifically. This is something that
I have pursued, and I have had an answer back this week. You are
talking about commercial confidentiality and having to withhold
this information but is there the assumption that it is being
withheld because it is negative? The response I had from the minister
said that he was not able to publish any of the information because
it was all commercially confidential but then finished the answer
with, "However, the most recent review covering business
justification did confirm that the programme was ready to proceed
to the next phase". If they are able to provide us with that
information, does that give an indication that earlier assessments
might have been less positive? Why can they provide as partial
that kind of information?
Mr Collins: The little information
we have on Gateway reviews generally, for example, published by
the National Audit Office, did mention that the tax credit scheme
got the green light in a Gateway review. In fact, it called it
an "exemplar of project management". I think selective
information given out on Gateway reviews is a pretty dangerous
thing because sometimes these Gateway reviews where they have
been published have contained some quite complex, and quite a
number of, recommendations. On whether they should be published,
the Government seems to take pretty much a blanket view (although
it says it does not) on Gateway reviews, that they will not be
publishedcertainly not the red, amber, green light. But
where a government department has published Gateway reviews, perhaps
inadvertently, I have not seen any confidential information in
them and it is very easy to extract or take it out of published
documents and still release the bulk of the document. I think
that they are not being published because there is a blanket ban
on publishing them within government.
Q24 Chairman: On Patrick's point about
the need for confidence I wondered whether there was difference
here or consensus around the idea that these things could be published,
certainly if any legitimately confidential areas were taken out.
Patrick, do you agree with what Tony just said?
Professor Dunleavy: I certainly
think it would be desirable in the public interest if more information
was available about this scheme. On the question of how you get
that information, I think you could do it from extracting from
the business case and the OGC review. I do not think that would
be a mind-bogglingly difficult thing to do with Treasury looking
on. That would be my hope.
Q25 Paul Flynn: The sketch on Little
Britain about "The computer says no" is something
that is part of the daily life of our constituents and ourselvesalthough
perhaps unfairly they are now having a go at the travel industry,
where one can book online, get a boarding pass on line, choose
your seat and choose your meal and everything online seems to
work very well, as many other systems do. But we have this constant
chaos amongst the national schemes. Yesterday I had a CSA case,
which is hardly a teething problem, seeing the time it has been
going on, where somebody had changed their status from being a
non-resident parent paying maintenance to being a parent in charge
of a child. There is no facility in the computer system, even
now, to cope with thiswhich is something that is predictable
and is likely to happen. The case has to be done manually, which
will take months. I believe there are daily problems in this way.
Why should it be so difficult? The national schemes, as I think
you have all said, have very good people running themsome
of the best people in the IT business. Why should there be this
difference between schemes that are run for commercial organisations
and schemes that are run for Government, apart from the obvious
Professor Dunleavy: I would say
the first thing is scale. It is terrifically important to recognise
that running things for 60 million people is a very large scale
thing to do. Everything gets very much more complex when you are
doing operations of that scale. Most ID card issuing authorities
in Europe are local authorities, not national governments. If
I were wanting a get-close-to-the-citizen ID scheme that would
cut the cost of getting an ID, I would not necessarily have gone
for a national scheme. And I would not have gone for a national
identity register that starts with 60 million people, records
about 50 different pieces of information and then magnifies that
up with alterations, revisions and later checks and so on. That
is going to become a technically difficult scheme to manage I
think after a while.
Q26 Paul Flynn: Mr Collins, you referred
to Tony McNulty, the minister, saying he was going to release
independent assessments about how the ID scheme was going, and
then you claim he was overruled by civil servants and the next
day it was turned down. "If the new schemes fail, the suppliers
will still be paid; and heads of departments will have nothing
to fear because the chances are that Parliament will not be told
of any failures. So there is little incentive for departments
to succeed. This is how it has been for decades and there is no
reason to believe things will change now." This is an appalling
situation because the ID scheme has had opposition from all quarters
and if we cannot tell the truth on it, is it not likely that this
will enflame parliamentary opinion and parliamentary arithmetic
and the scheme will not get through?
Mr Collins: This is a difficulty
that was recognised in the States. The Clinton administration
introduced legislation specific to the public sector in 1996 called
the Clinger-Cohen Act which provides, among lots of other things,
for reports to Congress on deviations from contracts, significant
deviations, so Congress is in fact kept informed on large projects.
There is no mechanism in the UK for transparency or accountability
to Parliament on major IT schemes. I think the problem is that
lessons are not always learned because lessons are not always
published. For example, HMRC over the tax credit scheme had a
report done by Deloittes, and the former chairman of HMRC, Sir
Nick Montagu, has said there are plenty of lessons from that report.
I asked HMRC yesterday for that report and they said it is confidential.
That means that the lessons tend not to be learned, there is not
the processes for accountability, each project is supposed to
have a `senior responsible owner', which is a very good idea,
someone who sees a project through from conception to delivery
of benefits, but we see, for example, with the NHS project that
they have had several `senior responsible owners'. So the mechanisms
are there in government to get these projects right; it is adherence
to good practice and best practice that is sometimes the problem.
Q27 Paul Flynn: Parliament will take
the decision whether the scheme goes ahead or not, but your view
is that Parliament has been kept in the dark and there is information
available that might be critical of the progress of the scheme
that is being denied to parliamentarians.
Mr Collins: For example, on the
outline business case, the NHS published a 600-page document which
was its outline business case for a £6 billion programme.
That was confidential. Each copy was password protected. We campaigned
against the confidentiality of that and published parts of it
which we were given in confidence from sources that we obviously
did not identify. Afterwards they published the whole document,
all 600 pages of it, each marked "In Confidence" and
when you look through it you cannot see any good reason why it
should have been kept confidential in the first place. Some of
the costings are not there but they do give the implications for
the department of the project and they list the benefits and what
they are looking for from suppliers. It is an outline business
case. Why they cannot publish the outline business case for this
case, with any information that is strictly confidential held,
I do not know.
Q28 Paul Flynn: If it is part of the
Government being neurotically secretive, which is endemic in the
British system, that is not a great problem. But do you think
there are indications that confidential reports have been kept
secret in the past that, if published, would have allowed Parliament
to take a different view, and possibly improve systems?
Mr Collins: I have no doubt that
is the case with projects that I have looked at.
Q29 Paul Flynn: You say that "...
projects are still launched which are overly ambitious, unnecessarily
risky, have constricted timetables, pay little heed to warnings,
in which there is too little consultation with prospective end-users,
and the commitment is too great to allow for any U-turn despite
the history of failure on national IT projects". Does that
precisely describe the identity card scheme?
Mr Collins: I am not an expert
on the identity card scheme. I have a colleague on Computer
Weekly who covers it as much as I do. But I do have concerns
about the amount of information that is not being released and
the way that the information is being released is being quoted
selectively from reports; for example, this question about: "the
costs case is robust" whereas actually the KPMG report talks
about "the methodology being robust". I have a concern
that this exuberance, the unquestionable benefits that ID cards
could bring to the departments, seems to override some of the
practical problems of implementation.
Q30 Paul Flynn: There seems to be two
main views on the identity card scheme: those who claim they are
overly ambitious and those who say they are not ambitious enough
and that we should be using them for a wider range of uses. Is
it your view that the time for biometric ID cards has not yet
Professor Dunleavy: I think that
is an interesting parallel. Is the scheme overambitious? Is it
not under-ambitious? One of the things which Richard's evidence
has already mentioned is that people tend to take up low authentication
schemes. There is a very strong public demand for services and
cards and facilities that bring things together in absolutely
critical ways, where, if you lose something, dire consequences
do not follow. If you lose your Oyster card, you ring up Oyster
card, cancel it and get another one. It is very simple and straightforward.
There are no transition costs. If you lose a national ID card,
especially if you lose it and somebody else is using itwhich
they would be able to do in all contexts short of being asked
for biometrics, and that will be most contextsthen you
are going to have some considerable costs and difficulties in
re-establishing your identity. In the long-run, by 2020, if the
national ID card is in place, many of the existing methods for
establishing your identity will atrophy and go out of use and
become very hard and expensive to reactivate. Just at a simple
level, it will make a big difference to what people do. How they
behave will make a great deal of difference to how useful the
card is. If people do not update their address, for example, or
if they do not notify people if they lose the card. All kinds
of very strong and important behavioural factors really need to
be modelled in to show that the scheme is going to work. I have
not seen any evidence of behaviour modelling by the Home Office
that strikes me as credible or competent yet.
Mr Tyndall: Your question was
specifically about the need for a biometric card. The work that
has been done in local government has followed the need for authentication
of current transactions according to something we call the T scheme
(where T stands for Trust). It goes from T-nought, which is an
anonymous transaction (for instance, an anonymous version of the
Oyster card: London Transport do not need to know who you are
as long as you have paid for your fare); through T-1, where you
want to know who the person is; through T-2, where you need to
know with some certainty that this person is who they say they
are and they are entitled to access this service; and up to T-3,
which is the only point in the scheme the local government has
been using where the need for a biometric identifier kicks in.
Those transactions are reserved for matters of life and death,
matters of state security, matters of the highest confidentiality
(which in our context would be child protection mattersthat
sort of issue, highly and personally confidential) or matters
where very large sums of money are involved, millions rather than
a couple of hundred quid here or there. In the world of local
government, there simply are not very many T-3 transactions with
which the public gets involvedwhich echoes the point that
has just been made to you. Most local government services are
very low level, with no great need for security. Indeed, with
a scheme I have promoted in a secondary school canteen, I was
asked what level of biometric identifier was being used and I
said, "We don't use any form of electronic security whatsoever".
I was challenged; "If you have got the smart card scheme,
why don't you?" and I said, "Well, the service we are
offering is the sale of a school dinner, price £1.40, and
to access this fraudulently, you have to dress up in school uniform
and you have to get past the dinner lady, so biometric was not
indicated there". The answer to your question is that the
people promoting the scheme have to go back to: Where is this
high level of security? What is the nature of the transaction
that is needed? I am sure the Home Office has a large number of
transactions where they need to know with very high levels of
confidence who people are but I am not sure that involves every
citizen in the country.
Q31 Paul Flynn: If you were parliamentarians,
would you vote for the Bill in its present form? If not, how would
you amend it?
Professor Dunleavy: I would not
vote for it in its present form because I do not think that Parliament
should approve major IT schemes without some independent certification
by a responsible officer that the scheme exists. That is the situation
that applies in the Netherlands: you cannot introduce a student
loan scheme before you can get a certificate from a parliamentary
officer saying, "We have looked at the IT scheme, it is already
in existence: all the key bits are already well tested or have
been independently validated. The scheme is going to work."
If you had that before you implemented major pieces of legislation,
I think Parliament would be in a much better position.
Mr Tyndall: My personal view is:
Not in its current form. I think the scope is too narrow. Professionally
we are committed to supporting a much more federated approach,
where government behaves like the government for the whole country
and all of its agencies. We would say it needs to look much wider
as to who might be able to benefit from a well controlled central
register, containing unique citizen identifiers, whether or not
you ever issued a smart card against it.
Mr Collins: I do not think there
is enough information for parliamentarians to judge. I think they
would need to see at least the outline business case. I would
not like to make a judgment without the facts.
Q32 Julie Morgan: Patrick, you said that
you felt a certificate would be needed to say that the scheme
worked independently. Would you have confidence in such a certificate,
bearing in mind what Mr Collins has already said about the
early indications of the tax credit scheme? I wondered if you
could elaborate a bit more on how you really have confidence in
an independent certificate.
Professor Dunleavy: Yes. I think
the Office of Government Commerce at the moment does what is called
"a process of challenge". That is not the same as a
process of validation. It is really a challenge on the business
case. They will go into the technical details, but it is quite
difficult with these big projects to go a long way into the details.
It is quite difficult if it is a very strong government policy
commitment, if it has been in the election manifesto and so on.
If you had a stronger parliamentary process of scrutiny and certification,
and I think Tony's comments were implying regular updatesfor
example, the National Audit Office publishes a regular update
on the process of major defence projects. But major government
IT projects are every bit as expensive and every bit as complicated
as major defence projects. So I am not quite sure why there is
not a major IT project report which could be considered by the
Public Accounts CommitteeI think that would create a much
more regular, much more effective discipline on ministers and
Q33 Julie Morgan: You think something
could be built in which could avoid some of the disasters that
we have seen.
Professor Dunleavy: I think if
you had either the NAO doing it or another parliamentary agency,
a special purpose agency doing it, and there was a regular pre-legislative
scrutiny of the IT planso it was not the Home Office convincing
itself, hiring KPMG to tell us that we can have assurance across
it, which is not quite the same thingand if there was an
update report on how things were going.
Q34 Chairman: Why could the NAO not do
Professor Dunleavy: I do not see
any reason myself why they could not do it. If they were asked
by Parliament to do it, it would be the kind of thing they could
do very effectively. It is quite silly really for the NAO to wait
for a very long period of time, until something has happened,
and then come along and say that the tax credit system was not
well done. It would be much better if there were a well developed,
respected audit methodologywhich I think could be done
for major IT schemes and should be done, given that the scale
is several billion pounds for many different schemes. You have
the health scheme, the ID card scheme, defence infrastructure.
There is some data that suggests Britain is investing much more
heavily in government IT than any other European country. There
is a huge process of capital deepening going on in every single
policy sphere. This is not just a minor, "Let's pass the
legislation and we will tell you about the IT later on"these
are fundamental interactions between what the policy is and what
the capability of delivering the policy is.
Q35 Chairman: We do retrospective auditing,
do we not? You are saying we should do prospective auditing.
Professor Dunleavy: Yes. The Defence
Major Projects Report is an update report which comes every year
and it is a real control on the Ministry of Defence. It still
does not stop some budgets overrunning, but in the 10 years it
has been in operation it has dramatically improved, certainly,
information to Parliament about major defence projects. You could
see the case for exactly an analogous reporting process plus a
pre-legislative scrutiny for the IT aspects of major schemes.
Q36 Julie Morgan: When you talk about
the scale of the project, do you mean the numbers involved or
the complexity of what is involved?
Professor Dunleavy: I mean usually
the costs of what is involved. We are now spending 1.5% of our
GDP on government IT schemes every year, which is more than the
whole contribution of British agriculture to the GDP. This is
a very salient issue.
Q37 Chairman: I have been told that there
are problems with your suggestion, but we are having a private
discussion about that. Could I ask Tony if the proposal that Patrick
has just put forward is one that seems to him to be a sensible
one in terms of the audit function being built into the process
being done seriously by an external body but with a link to Parliament?
Mr Collins: I think it is a very
good idea. There has been some debate. The Treasury has been trying
to restrict the amount of work that the National Audit Office
has been doing. The Public Accounts Committee was considering
that. But I have seen some NAO work that has been sub-contracted
that has been very good. As Patrick says, the Major Defence Projects
Report is an excellent report and the NAO could certainly do that.
I think there would be a lot of resistance from departments, because
they have not even published the mission critical IT projects
let alone made any decision about auditing them. There has been
some very strong resistance, particularly from the OGC, to allowing
Parliament to have access to information, particularly ongoing
information, about IT projects. I think Ian Watmore, the Government
CIO, is on record as saying that we are undertaking more ambitious
IT-related schemes than any other countryand smaller countries
obviously would not be involved in such large schemes, but larger
countries. The USA would delegate, so that it would be done on
a state by state basis, or the projects are just not as big, generally
speaking, although they do have some fairly large federal projects
as well. But some of the projects the UK Government is doing are
ground-breaking, and you have to ask yourself the question: Why
is it necessary for the UK to be leading edge, given the risks?
Q38 Mr Liddell-Grainger: You mentioned
about Moore's Law. Moore's Law, if I remember, is that technology
will double every year in its capacity and its capability to go
on. Is part of the problem then that government will get so far
down the line with an IT project and suddenly think, "Actually,
this could be done better"? Because people like Watmore and
Pinder and others are fairly sophisticated characters and we are
pretty unsophisticated, as you can see here today, on mighty projects.
If that is the case, is part of the problem that the complexity
when we started was that an ID card was a thing which you would
get from your pocket, it would have your name on and it would
have your address. Now, because of the Oyster card example, that
technology is now so superior, they now get to a stage and suddenly
think, "Actually, we can do it better. Let's try something
Mr Tyndall: I am sure that is
a factor. If you look at the Oyster card project, it looks good,
feels good, Londoners like it, but the first project meetings
were 10 years ago, when the first idea was being batted around.
If you look into the banking industry, just practically completing
the change over to chip-and-pin, they were slightly longer in
the gestation period from start to finish. If the banking industry
were starting now, they would not look at the type of technology
they currently use, which requires a contact to be made in the
machine between the chip on the card and the machine reading it,
they would plan to use the same wireless technology that the Oyster
card uses, where you just get the card somewhere near the reader,
because that is now feasible and doable. But in the banking world
they had to freeze the specification many years ago and it has
still taken them years to develop it out. But this march of technology
is good rather than bad overall, even though it has these growing
painsin my opinion.
Q39 Mr Liddell-Grainger: You say that.
The e-Gov man tells us there are 4,000 websites. He thinks that
is ridiculous and that there should be considerably fewerand
I do not know what considerably fewer is. If you then take that
on, we started off with Government Gateway, we now have Gov-Connect,
and if you trawl through what you can connect to, they all have
the same parameters. You have a few local authorities, you have
a few government bodies, you have maybe a department and one or
two other links to various spurious people. Why is it that all
these sort of Gov-Link/Gov-Connect things have gone down this
route? Is it because none of the departments will talk? Is it
because none of the departments actually quite know what they
are up to? Or is it that the Government has lost control of e-Gov?
Mr Tyndall: Lost control may imply
that it ever had control.