PROFESSOR PATRICK DUNLEAVY, MR TONY COLLINS AND MR RICHARD TYNDALL

24 NOVEMBER 2005

  Q40 Mr Liddell-Grainger: Did it ever have control of e-Gov?

  Mr Tyndall: My evidence is that this is an emerging field and that we are all, if not infants, then somewhere like adolescents in this world. You asked me a question about websites. If you go back 10 or 15 years, nobody had a website, not because they were dullards or risk-averse or backwards, it was just because nobody had websites. The website industry is only so old and it is maturing and evolving. You can look back at any industry where the technology moves on apace. If you look at some of the early motorcars, you say, "They did what? They had steam-driven motorcars!" but somebody thought it was a good idea at the time. There has to be some sort of Darwinian effect in this area. I am absolutely certain that there are a number of things that we do today that will not stand up to the test of history. We will look back in a few years time and we will be saying, "We did what?".

  Q41 Mr Liddell-Grainger: Could we take a specific. The Government set up a project called True North. Have you ever heard of it?

  Mr Tyndall: I have heard of it.

  Q42 Mr Liddell-Grainger: Do you know what it did?

  Mr Tyndall: No, I have no idea.

  Q43 Mr Liddell-Grainger: Does anybody know what it did? The Cabinet Office gave the okay to £83 million to set up a project called True North, which was to paper sleeve a deal with Government. It has gone somewhat wrong. The only reason we came across it was because the company sued the Government for £24 million, saying that they were plonkers and they did not know what they were doing—which comes as no surprise to any of you three. Do you think it is farcical that we have got to the stage where you cannot get papers, we cannot get papers? The Government are covering up projects that have gone wrong to the tune of £83 million—and that has been a snip compared to some of the things they have messed up. Are we just getting to the stage where this whole thing is becoming a farce?

  Mr Tyndall: I would not characterise it as a farce, no.

  Q44 Mr Liddell-Grainger: It does not seem to work. You have portals everywhere; you have websites; you can go in one way, another way. How on earth we are going to have an ID card system that is going to work, if the Government itself at the highest level cannot even get a project right?

  Professor Dunleavy: I think one of the problems is that when you have new policy areas the way that you used to do things before does not apply. Then you take quite a lot of time and you have a lagged response to the new thing. In e-Gov we have had a process of catch-up really, so there was a lot of spend on encouraging websites and so on and it took quite a long time for basic metrics for measuring success and things like that to be built in as well. I think the new Office of e-Government is trying very hard to make things more transparent. We did a study in 2002 for the National Audit Office called "Government on the Web II". If you look in the report you will see that there are not any web statistics for the Treasury. The Treasury had a website and did not have any statistics of how many people were using it and so on. All of those sorts of problems should be behind us and I am hopeful that there will be an evaluation next year that will show that there has been considerable progress. Local governments are publishing e-government implementation plans which have a lot of information. I do not think it is all bad and I do not think there is any particular reason why it could not be improved and refined.

  Q45 Mr Liddell-Grainger: Who should be in charge of this? Do you know what the total assets of the   Cabinet Office's computer resources are? £122 million. That is more than the asset value of all the buildings they have in Whitehall, believe it or not. We cannot find out what they are. Do you have any bright ideas? Why has the Cabinet Office got £122 million worth of computer assets? They wrote off £52 million last year in depreciation. Either there is an awful lot going on that you do not know about and I do not know about and we do not know about, or one heck of a mess has happened and we are not sure whether it has or has not. Can you shed any light? It worries me that we are going to get these ID cards at £30, £50, £100, whatever, and so far the evidence is not very good that it is actually going to work.

  Mr Collins: I keep coming back to this information thing. I would rather not name the department, but my editor and I were called in to a particularly large department and asked not to write some of the things that we were writing because of a public confidence issue. Some of these departments are really struggling to cope, but the information that is given out to the public and Parliament is that things are generally okay. There was a very good NAO report published last week on complexity in government and why these systems have grown up piecemeal because they are particular responses to policy and legislation and that is why they are so horrendously complex. In a private company, you would say, "Okay, let's pull that aside, we are going to build a new system. We are going to accept that we have problems with that or we are going to run two systems in parallel and we are going to replace this technology with something new". No one really owns up to the state of government IT and says, "These are the problems we have and this is how we are going to tackle them". A CIO at HMRC gave a speech at a public conference earlier this year in which he talked about the problems that that department has—very serious IT-related problems. After we published the details from his speech, the Revenue issues a denial statement. I think there is a real issue with accountability and transparency.

  Q46 Mr Liddell-Grainger: Does it then come back to the situation where government departments do not talk to each other? We know they do not. Some are better than others, but they are not good at talking to each other. Is it, do you think, that the Government has got so sick of this, that the e-envoy has taken the whole thing on his shoulders within the Cabinet—which is where he is based, although he could be based anywhere—and this is why we have these massive figures that have been spent within one area? Is it that they just happen to do the whole thing themselves because nobody else either will, wants to or can?

  Mr Collins: I think there is quite a pressure from suppliers. I have been to conferences at which suppliers are talking with civil servants with a view to possible projects. They talk about the benefits and they do sound quite compelling. I think it is very easy for departments, ministers, civil servants and suppliers to get caught up in the benefits of a project and not necessarily see how difficult it will be to implement them. We saw it with something called "Choose and Book" in the NHS, a scheme for booking appointments electronically, rather than having a letter from the hospital. You can choose the location, time and date of your appointments—a very good idea. It was described initially like an airline reservation system—the private sector has it, why can the public sector not have it? But in fact it has not delivered really any manifestly useful results yet. They had hoped to book 10 million appointments by the end of this year and the latest figures I had were 26,000. In other words, it is very easy for suppliers to sell their solutions, identifying problems in government and then selling those solutions, and everyone seems to get caught up in the benefits—which no one can deny—without necessarily looking at the practical problems.

  Q47 Mr Liddell-Grainger: One last question. Computer Centre, have you heard of that?

  Mr Collins: Yes.

  Q48 Mr Liddell-Grainger: It has been paid just under £40 million in three years from the Cabinet Office. I went through their accounts and got in touch with them and they would not admit they had even worked for the Cabinet Office. I presume Government has not just given them £40 million because they feel good about it. That is the worry, is it not, that we do not know what is going on, where this money is going in the first place and what it is being used for? When private companies are not prepared to admit to work for the Cabinet Office—

  Mr Collins: I do think it is odd and people I have spoken to think it is odd, coming back to this NHS project—and I will mention it because the cost is between £6 billion and £30 billion, so it is comparable in size. The decision to go ahead with that was taken in February 2002 at a seminar attended by ministers and civil servants—we know who was there—and representatives of the industry. We put in an FOI Act request for details of that meeting at which this decision was taken in principle to go ahead with this very large project, and we were given absolutely nothing from it. It is an oddity, given that Congress will discuss very large commitments and investments in projects before they go ahead. It is odd that with IT projects that does not happen.

  Chairman: As you will see, Ian is poring over the Cabinet Office accounts—and if I were in the Cabinet Office I would be worried about this. I do not know if it is something you would like to pick up on, Kelvin, but the bit which has not been much discussed is the extent to which there is supplier pressure. Were you going to ask about that?

  Kelvin Hopkins: Indeed, I was.

  Chairman: You ask about it then.

  Q49 Kelvin Hopkins: We have the example of the railway industry which I sometimes touch on, where we have moved from a publicly owned system, with directly employed engineers doing a job, to a system of outside contracting services, and the costs of laying railway track have risen by four times in 10 years. Given that all these services are now provided by external contracting, by private sector companies, do they not have a vested interest in not getting it quite right first time and then coming back for a second bite and more government money?

  Mr Collins: They do tend to get paid come what may in the IT industry. This week we saw a settlement between HMRC and EDS over the tax credit scheme, but it is very rare for a supplier to be penalised when there are problems, particularly with these mega projects. There is a very small number of IT suppliers in the market and it is very difficult for government to fall out with a very small number of suppliers because they have these very large projects, until or unless you decide to do smaller scale projects in which you can bring in small and medium-size companies. If you are going to focus on very large projects, you need very large suppliers. It is very difficult with these contracts, when they go wrong, for government to be able to say it is all the fault of the supplier, because the supplier will usually turn round and say the change in the requirements of government, and legislation and statutory amendments do mean that IT projects do change quite a lot during their lifetime. It is very easy for each to blame each other. The likelihood of taking legal action against suppliers when things go wrong is pretty low.

  Q50 Kelvin Hopkins: Do you have any ball-park figures for examples where an initial cost has been announced in Parliament for a public service to have an IT system, and then later the eventual cost, if and when it finally works? I do not mean just a cost overrun, but if the estimate is £1 billion and it finally costs £7 billion? I am only guessing, but has that sort of thing occurred and do you have any figures at your fingertips of that kind of financial disaster?

  Mr Collins: Again, it is hard to get information. There is usually quite prolific documentation in the early stages of the project about its benefits but they do not publish result implementations. There are some examples. The DWP is probably one of the biggest. They announced to Parliament that their modernisation/computerisation of benefits would cost, I think, £713 million and would save 20,000 jobs, but at the last count it was £2.6 billion and the number of staff involved had increased. There is a magistrates' court system called Libra, which was announced as being a £140 million project. At the last count that was £390 million. But it is hard to get information on costs, because they revise contracts. The NHS is doing this at the moment and saying, "Our timetable and our costs are now out of date. We set them two years ago and we now need to `re-profile' them"—I think that is the word.

  Q51 Kelvin Hopkins: I think you have made my point for me. The next question I would like to put is to Patrick. It is about his estimates, because the LSE has made some estimates of the cost of the scheme. Even if it were to work first time, we are talking of £20 billion, £30 billion, whatever, but, given the history of disasters for these sort of schemes, and this is even bigger, is it not likely that the end result will be something that may or may not work but would cost a significant proportion of GDP to get it going at all?

  Professor Dunleavy: The LSE team is currently looking at the cost estimates and there will be some changes in the estimates. Mr Burnham from the Home Office has been very energetically saying that we are going to revise these costs down. We have not yet clarified whether that is the case or not. We will be looking at the cost estimates.

  Q52 Kelvin Hopkins: The Government talks about the need to reduce illegal migration, illegal working. If the same amount of money were spent, for example, in making sure the passport system works properly; that the Immigration Office is properly staffed and works properly; that our borders are properly patrolled; and that we have proper inspectors checking that we are not exploiting workers like the Chinese cocklepickers at Morecambe Bay, for example, would the money not be better spent and would there not be a much more successful outcome if the money were spent in that way rather than having this gargantuan ID card system?

  Professor Dunleavy: If I were investing money and asking Parliament to invest money, I would think it best to give people a range of options. One of those options might be a very low-cost, core ID scheme. But that would be very different from the proposal that is actually before Parliament. It is not clear that there is any kind of opportunity and it is not clear also that the thing will work. It is very, very important how citizens view the ID card. If they view the ID card like they view the Oyster card, it is going to be a great success, and thousands of businesses will want to participate in that. People would voluntarily want to load onto the ID card information that would be useful in other public services and it could be very successful. But if people are very suspicious of the card, or very worried by the card or worried by the risks of having a card, then you could invest an awful lot of money and get almost nothing back for it that you would not have got much more cheaply with other mechanisms.

  Q53 Kelvin Hopkins: My final question is to reinforce the point you are making. The Oyster card is useful to the individual, to the citizen.

  Professor Dunleavy: Absolutely.

  Q54 Kelvin Hopkins: The ID card is useful to the state, not to the citizen.

  Professor Dunleavy: Yes.

  Kelvin Hopkins: I think there is a big difference. I have made my point.

  Q55 Jenny Willott: Could I go back to something that Professor Dunleavy mentioned earlier about people who have moved and the difficulty over time when the more old-fashioned ways of ensuring somebody's identity stop being used. I was wondering if any of you could tell me about the implications for accessing public services for people who are particularly vulnerable, people with mental health problems, alcohol or drug problems, people who are homeless and do not have a valid address to use for an ID card, asylum seekers and so on who might find it more difficult to prove their genuine identity. They are all perfectly entitled to access public service, and on the whole are probably more likely to need to access public services than most people in the general public. Has any work been done on as to how their right to access can be safeguarded, given that they are less likely to be able to use cards, in the same way other people are more likely to find it difficult to access.

  Professor Dunleavy: I think the whole social implication of ID cards is a generally under-explored area. It is not clear how it is going to work. In many services and circumstances, if, for example, people show up and they do not have an ID card, there are interesting questions about whether they are then going to be turned away. If very large numbers of people turn up without their ID cards, then, of course, after a while the staff might even stop bothering to ask for them, because people will not have them. Particular client groups (mentally ill people, for example) may not have ID cards, and I cannot see what would be the point of asking for them in that particular context. I am not sure that any of the service entitlement now know what the ID card will be used for or why. I should think it could only have negative implications for the groups you have mentioned.

  Q56 Jenny Willott: Looking at the issue of identity theft, one of the arguments that has been used for identity cards is that they are going to make it harder for people to carry out identity theft. However, if you have everything that you can access through one little card, common sense, gut feeling—which may not be based on anything accurate—would say that actually it might be much easier to steal somebody's identity. If you can access the information through that card, then you have a whole range of information that you can access about that individual. What are your views on that element of it? For example, banks are looking as if they are quite interested in using identity cards for setting up bank accounts, accessing them and so on. If you have an identity card that in theory could provide access to financial information about that individual as well, you have an entire range of information that in theory you could access from just one source. Have you looked at any of the safeguards that would need to be put in place so that that could not happen?

  Professor Dunleavy: Professor Angel, who is one of our IT professors, once described the ID database as a "one-stop shop for fraudsters". That would be the danger. The Home Office position is that they will check the biometrics of people who are being issued with an ID card at the beginning and then thereafter you will have an ID card which matches against it, so that we know that that person and that card belong together. If in lots of other contexts you also check the biometrics, then you have quite a high security system. If, on the other hand, you do not and people just submit numbers or submit the ID card and a chip-and-pin, then there are opportunities for fraudsters to use the cards very extensively and to have false identities. Unless we did the biometrics, we would not know that the person using the card was not the person who was supposed to be using the card. The ID card will have a little photo on it, but it will be very small, very blurry and probably it will be possible to fake up the card with that. The Home Office says there will be encryption methodology as well, but it is likely that there will be an arms race between the fraudsters and the card industry. There always has been in every other field. It is unlikely that human history will suddenly stop.

  Q57 Jenny Willott: Are there any IT implications of how to counteract that type of fraud? What can be done to ensure that information truly is in silo, so it is not possible to cross-access?

  Professor Dunleavy: If you very frequently and omnipresently check the biometrics, that would cut down on the amount of fraud.

  Q58 Jenny Willott: That is extremely expensive.

  Professor Dunleavy: That would be very expensive to do. If you have a quality of biometrics that you use to establish the card, to get the check working it has to be a similarly high quality check later on. So that would be very expensive. When we looked at the previous Home Office information, we assumed that there would be quite extensive use of biometrics, but it seems, from the way the Home Office has been revealing little bits of information, as if biometrics would be used really just to validate the card at the beginning. And then it is not clear how many other public services will use it and how often they will ever refer to the biometrics—in which case, it is just like a chip-and-pin card but with an initial validity check.

  Mr Tyndall: Certainly the experience in local government of issuing these cards is that the advantage, if a smart card is lost and you know you have lost it and you have bothered to report it to us, is that a stop can be put on that token being used anywhere else in the electronic system and the memory of the system is clever enough to recreate your card and reissue you with one. Most people are familiar with this in the credit card world. When it works, that is fine, but there are several caveats in that explanation. You have to know that you have lost your card, you have to be bothered to report it, and it then only prevents the fraudulent use in electronic mode. If I lose my driving licence today, by this evening somebody could be hiring a car in my name—as long as they look reasonably like me and somebody bothered to check the photo—and they could be off and using it. So there are significant advantages, but it is not foolproof, and, as has been said, there will be some sort of arms race if the fraudsters believe that there is significant benefit in spoofing the system. The technology is moving on apace and some of the encryption routines are very sophisticated and it will be a very expensive arms race eventually, assuming that the Government has the energy to go investment for investment with the fraudsters and keep raising the bar.

  Q59 Jenny Willott: This has financial implications in the long-run.

  Mr Tyndall: It depends on what is at stake. There is a very strong business case in some local authority administered benefits for saying that there is enough fraud in the system currently to make that investment eminently worthwhile because there are so many false identities created in some of the systems we use at the moment. So it is not all bad news but inevitably the investment curve is upwards.