PROFESSOR PATRICK DUNLEAVY, MR TONY COLLINS AND MR RICHARD TYNDALL

24 NOVEMBER 2005

  Q20 Julia Goldsworthy: But we do not know what the left-hand side is or the right-hand side is at this point. Initially every government department is saying, "I can see how it would work in education, and in health we can use it this way, and in work and pensions we can use it this way," but the Regulatory Impact Assessment only costs the cost to the Home Office. Is it going to rationalise all this government information or is the basis behind it an identity security card essentially? We do not know that. We do not know how it is going to be used.

  Mr Collins: I have heard exactly that question asked inside an individual local authority and that debate goes forward. Whilst the individual service departments within a local authority insist on their independence and their separateness from their colleagues, the project never goes forward. It is only when the leadership of the whole organisation says, "Stop squabbling, stop being independent, we are doing this for the good of the citizen, because we put the citizen at the focus of this not your departmental concerns," it is only with that strong leadership that you have a chance of going forward.

  Q21 Julia Goldsworthy: But the latest indication we have had from the minister has said, "Decisions on whether, when and how particular public services will make use of the ID card scheme will be made by those services individually or collectively as appropriate depending on how services are managed."

  Professor Dunleavy: There is a ministerial committee on ID cards and I have yet to see any publication or statement originating from it—which I think would be helpful.

  Q22 Chairman: What you say is interesting, but the centre in Britain is different from localities, is it not? There is no real corporate centre in British Government. If you read Patrick's observations on the demand and supply side factors here, it is clear the departments will just watch and see whether this becomes a kind of scheme that it is good for them to buy into. The idea that here is going to be some concerted central push for all the kind of rational reasons that you say is not how our system works.

  Mr Collins: I have no evidence from my experience about the behaviours of central government departments. I can tell you that this problem is being tackled from the ground up, through the ODPM-sponsored Government Connect project, which is taking a very much more federal approach and a shared investment and shared infrastructure approach, to try to find a way where you can get to where you want to go without needing to change those behaviours that you and your colleague have just described, the very separate behaviours.

  Q23 Julia Goldsworthy: The final matter is on the Gateway review specifically. This is something that I have pursued, and I have had an answer back this week. You are talking about commercial confidentiality and having to withhold this information but is there the assumption that it is being withheld because it is negative? The response I had from the minister said that he was not able to publish any of the information because it was all commercially confidential but then finished the answer with, "However, the most recent review covering business justification did confirm that the programme was ready to proceed to the next phase". If they are able to provide us with that information, does that give an indication that earlier assessments might have been less positive? Why can they provide as partial that kind of information?

  Mr Collins: The little information we have on Gateway reviews generally, for example, published by the National Audit Office, did mention that the tax credit scheme got the green light in a Gateway review. In fact, it called it an "exemplar of project management". I think selective information given out on Gateway reviews is a pretty dangerous thing because sometimes these Gateway reviews where they have been published have contained some quite complex, and quite a number of, recommendations. On whether they should be published, the Government seems to take pretty much a blanket view (although it says it does not) on Gateway reviews, that they will not be published—certainly not the red, amber, green light. But where a government department has published Gateway reviews, perhaps inadvertently, I have not seen any confidential information in them and it is very easy to extract or take it out of published documents and still release the bulk of the document. I think that they are not being published because there is a blanket ban on publishing them within government.

  Q24 Chairman: On Patrick's point about the need for confidence I wondered whether there was difference here or consensus around the idea that these things could be published, certainly if any legitimately confidential areas were taken out. Patrick, do you agree with what Tony just said?

  Professor Dunleavy: I certainly think it would be desirable in the public interest if more information was available about this scheme. On the question of how you get that information, I think you could do it from extracting from the business case and the OGC review. I do not think that would be a mind-bogglingly difficult thing to do with Treasury looking on. That would be my hope.

  Q25 Paul Flynn: The sketch on Little Britain about "The computer says no" is something that is part of the daily life of our constituents and ourselves—although perhaps unfairly they are now having a go at the travel industry, where one can book online, get a boarding pass on line, choose your seat and choose your meal and everything online seems to work very well, as many other systems do. But we have this constant chaos amongst the national schemes. Yesterday I had a CSA case, which is hardly a teething problem, seeing the time it has been going on, where somebody had changed their status from being a non-resident parent paying maintenance to being a parent in charge of a child. There is no facility in the computer system, even now, to cope with this—which is something that is predictable and is likely to happen. The case has to be done manually, which will take months. I believe there are daily problems in this way. Why should it be so difficult? The national schemes, as I think you have all said, have very good people running them—some of the best people in the IT business. Why should there be this difference between schemes that are run for commercial organisations and schemes that are run for Government, apart from the obvious size?

  Professor Dunleavy: I would say the first thing is scale. It is terrifically important to recognise that running things for 60 million people is a very large scale thing to do. Everything gets very much more complex when you are doing operations of that scale. Most ID card issuing authorities in Europe are local authorities, not national governments. If I were wanting a get-close-to-the-citizen ID scheme that would cut the cost of getting an ID, I would not necessarily have gone for a national scheme. And I would not have gone for a national identity register that starts with 60 million people, records about 50 different pieces of information and then magnifies that up with alterations, revisions and later checks and so on. That is going to become a technically difficult scheme to manage I think after a while.

  Q26 Paul Flynn: Mr Collins, you referred to Tony McNulty, the minister, saying he was going to release independent assessments about how the ID scheme was going, and then you claim he was overruled by civil servants and the next day it was turned down. "If the new schemes fail, the suppliers will still be paid; and heads of departments will have nothing to fear because the chances are that Parliament will not be told of any failures. So there is little incentive for departments to succeed. This is how it has been for decades and there is no reason to believe things will change now." This is an appalling situation because the ID scheme has had opposition from all quarters and if we cannot tell the truth on it, is it not likely that this will enflame parliamentary opinion and parliamentary arithmetic and the scheme will not get through?

  Mr Collins: This is a difficulty that was recognised in the States. The Clinton administration introduced legislation specific to the public sector in 1996 called the Clinger-Cohen Act which provides, among lots of other things, for reports to Congress on deviations from contracts, significant deviations, so Congress is in fact kept informed on large projects. There is no mechanism in the UK for transparency or accountability to Parliament on major IT schemes. I think the problem is that lessons are not always learned because lessons are not always published. For example, HMRC over the tax credit scheme had a report done by Deloittes, and the former chairman of HMRC, Sir Nick Montagu, has said there are plenty of lessons from that report. I asked HMRC yesterday for that report and they said it is confidential. That means that the lessons tend not to be learned, there is not the processes for accountability, each project is supposed to have a `senior responsible owner', which is a very good idea, someone who sees a project through from conception to delivery of benefits, but we see, for example, with the NHS project that they have had several `senior responsible owners'. So the mechanisms are there in government to get these projects right; it is adherence to good practice and best practice that is sometimes the problem.

  Q27 Paul Flynn: Parliament will take the decision whether the scheme goes ahead or not, but your view is that Parliament has been kept in the dark and there is information available that might be critical of the progress of the scheme that is being denied to parliamentarians.

  Mr Collins: For example, on the outline business case, the NHS published a 600-page document which was its outline business case for a £6 billion programme. That was confidential. Each copy was password protected. We campaigned against the confidentiality of that and published parts of it which we were given in confidence from sources that we obviously did not identify. Afterwards they published the whole document, all 600 pages of it, each marked "In Confidence" and when you look through it you cannot see any good reason why it should have been kept confidential in the first place. Some of the costings are not there but they do give the implications for the department of the project and they list the benefits and what they are looking for from suppliers. It is an outline business case. Why they cannot publish the outline business case for this case, with any information that is strictly confidential held, I do not know.

  Q28 Paul Flynn: If it is part of the Government being neurotically secretive, which is endemic in the British system, that is not a great problem. But do you think there are indications that confidential reports have been kept secret in the past that, if published, would have allowed Parliament to take a different view, and possibly improve systems?

  Mr Collins: I have no doubt that is the case with projects that I have looked at.

  Q29 Paul Flynn: You say that "... projects are still launched which are overly ambitious, unnecessarily risky, have constricted timetables, pay little heed to warnings, in which there is too little consultation with prospective end-users, and the commitment is too great to allow for any U-turn despite the history of failure on national IT projects". Does that precisely describe the identity card scheme?

  Mr Collins: I am not an expert on the identity card scheme. I have a colleague on Computer Weekly who covers it as much as I do. But I do have concerns about the amount of information that is not being released and the way that the information is being released is being quoted selectively from reports; for example, this question about: "the costs case is robust" whereas actually the KPMG report talks about "the methodology being robust". I have a concern that this exuberance, the unquestionable benefits that ID cards could bring to the departments, seems to override some of the practical problems of implementation.

  Q30 Paul Flynn: There seems to be two main views on the identity card scheme: those who claim they are overly ambitious and those who say they are not ambitious enough and that we should be using them for a wider range of uses. Is it your view that the time for biometric ID cards has not yet come?

  Professor Dunleavy: I think that is an interesting parallel. Is the scheme overambitious? Is it not under-ambitious? One of the things which Richard's evidence has already mentioned is that people tend to take up low authentication schemes. There is a very strong public demand for services and cards and facilities that bring things together in absolutely critical ways, where, if you lose something, dire consequences do not follow. If you lose your Oyster card, you ring up Oyster card, cancel it and get another one. It is very simple and straightforward. There are no transition costs. If you lose a national ID card, especially if you lose it and somebody else is using it—which they would be able to do in all contexts short of being asked for biometrics, and that will be most contexts—then you are going to have some considerable costs and difficulties in re-establishing your identity. In the long-run, by 2020, if the national ID card is in place, many of the existing methods for establishing your identity will atrophy and go out of use and become very hard and expensive to reactivate. Just at a simple level, it will make a big difference to what people do. How they behave will make a great deal of difference to how useful the card is. If people do not update their address, for example, or if they do not notify people if they lose the card. All kinds of very strong and important behavioural factors really need to be modelled in to show that the scheme is going to work. I have not seen any evidence of behaviour modelling by the Home Office that strikes me as credible or competent yet.

  Mr Tyndall: Your question was specifically about the need for a biometric card. The work that has been done in local government has followed the need for authentication of current transactions according to something we call the T scheme (where T stands for Trust). It goes from T-nought, which is an anonymous transaction (for instance, an anonymous version of the Oyster card: London Transport do not need to know who you are as long as you have paid for your fare); through T-1, where you want to know who the person is; through T-2, where you need to know with some certainty that this person is who they say they are and they are entitled to access this service; and up to T-3, which is the only point in the scheme the local government has been using where the need for a biometric identifier kicks in. Those transactions are reserved for matters of life and death, matters of state security, matters of the highest confidentiality (which in our context would be child protection matters—that sort of issue, highly and personally confidential) or matters where very large sums of money are involved, millions rather than a couple of hundred quid here or there. In the world of local government, there simply are not very many T-3 transactions with which the public gets involved—which echoes the point that has just been made to you. Most local government services are very low level, with no great need for security. Indeed, with a scheme I have promoted in a secondary school canteen, I was asked what level of biometric identifier was being used and I said, "We don't use any form of electronic security whatsoever". I was challenged; "If you have got the smart card scheme, why don't you?" and I said, "Well, the service we are offering is the sale of a school dinner, price £1.40, and to access this fraudulently, you have to dress up in school uniform and you have to get past the dinner lady, so biometric was not indicated there". The answer to your question is that the people promoting the scheme have to go back to: Where is this high level of security? What is the nature of the transaction that is needed? I am sure the Home Office has a large number of transactions where they need to know with very high levels of confidence who people are but I am not sure that involves every citizen in the country.

  Q31 Paul Flynn: If you were parliamentarians, would you vote for the Bill in its present form? If not, how would you amend it?

  Professor Dunleavy: I would not vote for it in its present form because I do not think that Parliament should approve major IT schemes without some independent certification by a responsible officer that the scheme exists. That is the situation that applies in the Netherlands: you cannot introduce a student loan scheme before you can get a certificate from a parliamentary officer saying, "We have looked at the IT scheme, it is already in existence: all the key bits are already well tested or have been independently validated. The scheme is going to work." If you had that before you implemented major pieces of legislation, I think Parliament would be in a much better position.

  Mr Tyndall: My personal view is: Not in its current form. I think the scope is too narrow. Professionally we are committed to supporting a much more federated approach, where government behaves like the government for the whole country and all of its agencies. We would say it needs to look much wider as to who might be able to benefit from a well controlled central register, containing unique citizen identifiers, whether or not you ever issued a smart card against it.

  Mr Collins: I do not think there is enough information for parliamentarians to judge. I think they would need to see at least the outline business case. I would not like to make a judgment without the facts.

  Q32 Julie Morgan: Patrick, you said that you felt a certificate would be needed to say that the scheme worked independently. Would you have confidence in such a certificate, bearing in mind what Mr  Collins has already said about the early indications of the tax credit scheme? I wondered if you could elaborate a bit more on how you really have confidence in an independent certificate.

  Professor Dunleavy: Yes. I think the Office of Government Commerce at the moment does what is called "a process of challenge". That is not the same as a process of validation. It is really a challenge on the business case. They will go into the technical details, but it is quite difficult with these big projects to go a long way into the details. It is quite difficult if it is a very strong government policy commitment, if it has been in the election manifesto and so on. If you had a stronger parliamentary process of scrutiny and certification, and I think Tony's comments were implying regular updates—for example, the National Audit Office publishes a regular update on the process of major defence projects. But major government IT projects are every bit as expensive and every bit as complicated as major defence projects. So I am not quite sure why there is not a major IT project report which could be considered by the Public Accounts Committee—I think that would create a much more regular, much more effective discipline on ministers and departments.

  Q33 Julie Morgan: You think something could be built in which could avoid some of the disasters that we have seen.

  Professor Dunleavy: I think if you had either the NAO doing it or another parliamentary agency, a special purpose agency doing it, and there was a regular pre-legislative scrutiny of the IT plan—so it was not the Home Office convincing itself, hiring KPMG to tell us that we can have assurance across it, which is not quite the same thing—and if there was an update report on how things were going.

  Q34 Chairman: Why could the NAO not do it now?

  Professor Dunleavy: I do not see any reason myself why they could not do it. If they were asked by Parliament to do it, it would be the kind of thing they could do very effectively. It is quite silly really for the NAO to wait for a very long period of time, until something has happened, and then come along and say that the tax credit system was not well done. It would be much better if there were a well developed, respected audit methodology—which I think could be done for major IT schemes and should be done, given that the scale is several billion pounds for many different schemes. You have the health scheme, the ID card scheme, defence infrastructure. There is some data that suggests Britain is investing much more heavily in government IT than any other European country. There is a huge process of capital deepening going on in every single policy sphere. This is not just a minor, "Let's pass the legislation and we will tell you about the IT later on"—these are fundamental interactions between what the policy is and what the capability of delivering the policy is.

  Q35 Chairman: We do retrospective auditing, do we not? You are saying we should do prospective auditing.

  Professor Dunleavy: Yes. The Defence Major Projects Report is an update report which comes every year and it is a real control on the Ministry of Defence. It still does not stop some budgets overrunning, but in the 10 years it has been in operation it has dramatically improved, certainly, information to Parliament about major defence projects. You could see the case for exactly an analogous reporting process plus a pre-legislative scrutiny for the IT aspects of major schemes.

  Q36 Julie Morgan: When you talk about the scale of the project, do you mean the numbers involved or the complexity of what is involved?

  Professor Dunleavy: I mean usually the costs of what is involved. We are now spending 1.5% of our GDP on government IT schemes every year, which is more than the whole contribution of British agriculture to the GDP. This is a very salient issue.

  Q37 Chairman: I have been told that there are problems with your suggestion, but we are having a private discussion about that. Could I ask Tony if the proposal that Patrick has just put forward is one that seems to him to be a sensible one in terms of the audit function being built into the process being done seriously by an external body but with a link to Parliament?

  Mr Collins: I think it is a very good idea. There has been some debate. The Treasury has been trying to restrict the amount of work that the National Audit Office has been doing. The Public Accounts Committee was considering that. But I have seen some NAO work that has been sub-contracted that has been very good. As Patrick says, the Major Defence Projects Report is an excellent report and the NAO could certainly do that. I think there would be a lot of resistance from departments, because they have not even published the mission critical IT projects let alone made any decision about auditing them. There has been some very strong resistance, particularly from the OGC, to allowing Parliament to have access to information, particularly ongoing information, about IT projects. I think Ian Watmore, the Government CIO, is on record as saying that we are undertaking more ambitious IT-related schemes than any other country—and smaller countries obviously would not be involved in such large schemes, but larger countries. The USA would delegate, so that it would be done on a state by state basis, or the projects are just not as big, generally speaking, although they do have some fairly large federal projects as well. But some of the projects the UK Government is doing are ground-breaking, and you have to ask yourself the question: Why is it necessary for the UK to be leading edge, given the risks?

  Q38 Mr Liddell-Grainger: You mentioned about Moore's Law. Moore's Law, if I remember, is that technology will double every year in its capacity and its capability to go on. Is part of the problem then that government will get so far down the line with an IT project and suddenly think, "Actually, this could be done better"? Because people like Watmore and Pinder and others are fairly sophisticated characters and we are pretty unsophisticated, as you can see here today, on mighty projects. If that is the case, is part of the problem that the complexity when we started was that an ID card was a thing which you would get from your pocket, it would have your name on and it would have your address. Now, because of the Oyster card example, that technology is now so superior, they now get to a stage and suddenly think, "Actually, we can do it better. Let's try something else"?

  Mr Tyndall: I am sure that is a factor. If you look at the Oyster card project, it looks good, feels good, Londoners like it, but the first project meetings were 10 years ago, when the first idea was being batted around. If you look into the banking industry, just practically completing the change over to chip-and-pin, they were slightly longer in the gestation period from start to finish. If the banking industry were starting now, they would not look at the type of technology they currently use, which requires a contact to be made in the machine between the chip on the card and the machine reading it, they would plan to use the same wireless technology that the Oyster card uses, where you just get the card somewhere near the reader, because that is now feasible and doable. But in the banking world they had to freeze the specification many years ago and it has still taken them years to develop it out. But this march of technology is good rather than bad overall, even though it has these growing pains—in my opinion.

  Q39 Mr Liddell-Grainger: You say that. The e-Gov man tells us there are 4,000 websites. He thinks that is ridiculous and that there should be considerably fewer—and I do not know what considerably fewer is. If you then take that on, we started off with Government Gateway, we now have Gov-Connect, and if you trawl through what you can connect to, they all have the same parameters. You have a few local authorities, you have a few government bodies, you have maybe a department and one or two other links to various spurious people. Why is it that all these sort of Gov-Link/Gov-Connect things have gone down this route? Is it because none of the departments will talk? Is it because none of the departments actually quite know what they are up to? Or is it that the Government has lost control of e-Gov?

  Mr Tyndall: Lost control may imply that it ever had control.