UNCORRECTED TRANSCRIPT OF ORAL EVIDENCE To be published as HC 712-i

House of COMMONS

MINUTES OF EVIDENCE

TAKEN BEFORE

PUBLIC ADMINISTRATION select COMMITTEE

IMPLICATION OF ID CARDS FOR PUBLIC SERVICES

Thursday 24 November 2005

PROFESSOR PATRICK DUNLEAVY, MR TONY COLLINS
and MR RICHARD TYNDALL,

Evidence heard in Public Questions 1 - 70

USE OF THE TRANSCRIPT

Oral Evidence

Taken before the Public Administration Select Committee

on Thursday 24 November 2005

Members present

Dr Tony Wright, in the Chair

Paul Flynn

Julia Goldsworthy

David Heyes

Kelvin Hopkins

Mr Liddell Grainger

Julie Morgan

Jenny Willott

________________

Memoranda submitted by Professor Patrick Dunleavy, Mr Richard Tyndall and Mr Tony Collins

Examination of Witnesses:

Witnesses: Professor Patrick Dunleavy, London School of Economics, Mr Tony Collins, Executive Editor of Computer Weekly, and Mr Richard Tyndall, Mouchel Parkman, examined.

Q1 Chairman: Could I welcome our witnesses this morning. We are delighted to have Richard Tyndall, a consultant with large public sector experience who particularly knows about smart cards; Professor Patrick Dunleavy from the LSE, the former Public Policy Group there, who knows everything about how government works and who has done work on ID cards but also other things relating to government information and so on, and Tony Collins who is executive editor of Computer Weekly and a leading commentator on government IT in particular. Thank you very much for coming. We thought it would be useful to have a session trying to tease out some of the implications for public services of going down the ID card route. You all have particular experience to that. Do any or all of you want to say anything by way of introduction? Patrick, do you want to say anything? Thank you for your memo, by the way.

Professor Dunleavy: I thought it would be helpful to talk about the circumstances in which the ID cards would be picked up by other departments. It has become a little bit clearer in the last few days, including in a letter that Mr Burnham sent to Professor Angel from LSE yesterday, that the current ID Card Bill is strictly just a Home Office costed project and there is no obligation on any other department as yet to pick up the use of the card.

Q2 Chairman: I want to ask you about your paper in a moment, but this is one of the factors that you say is going to influence the uptake of ID cards across the Government, the extent to which there is buy-in from departments and agencies. You are making the point now that it is a Home Office enterprise and we do not know about the extent of buy-in. You have given us some indications of the kinds of factors that would influence that. Do you want to say something about that?

Professor Dunleavy: There is one footnote also. The current government statements give indications of benefit. So far as we can determine, those benefits are cross-governmental benefits and yet the costs are only provided on a single departmental basis, so there is a certain sort of disjuncture between those two. If you look at the history of identity and authentication measures within central government, things are often a lot more complex on the inside than they appear on the outside, so that people think it would be very straightforward for authentication measures to be picked up and in fact they have not been, and with some existing authentication measures, like the government Gateway reviews, departments and agencies have been very reluctant to buy-in. In the UK, we do not have any national body that can do, if you like, national infrastructure projects; we just have schemes like the current one, which could be a national infrastructure project but is being designed and promoted by one department, then we will wait for implementation to begin in 2008. At a certain point, we currently think 2014, there will be a majority of people within the ID card net. At that point, the government of the day, whoever it may be, is likely to come and ask that the card be made compulsory. If Parliament approves that at that time, then somewhere between 2014 and 2018 other departments are likely to pick up on the scheme.

Q3 Chairman: On the work you did for the NAO back in 2002, where you went through all the forms which government departments use, you said there is a "complex set of identifiers in use by different departments and agencies for tracking their relations with citizens." When I read that summary of your work, there is a tendency to think "This is a mess". You say this is a reflection of an Anglo-American tradition that does not like the state to unify: we like to disaggregate it all over the place in the interests of freedom. There is an argument which says that, from the point of view of the citizen, never mind the state, it would be quite useful to bring all this together.

Professor Dunleavy: Absolutely. There are many advantages in having unique identifiers for citizens and businesses, especially if that was accomplished as part of our coordinated national information infrastructure, designed and conducted with appropriate buy-in from other agencies.

Q4 Chairman: So your observations are not to do with the desirability of this. You are conceding that in that sense it would be administratively desirable. The issues are to do with whether it is operationally doable.

Professor Dunleavy: Yes, and associated things like how many people will use it and how much it will all cost.

Q5 Chairman: If I may bring the others in on that. Given your various perspectives, is it operationally doable?

Mr Tyndall: I experience this in the field of local government, where the problems that have just been described to you are duplicated many times over the various different county and district metropolitan borough councils. Individual service providers are already managing citizens' identities in an electronic way without any major revolt or reaction from citizens, who are quite happy to have library cards and various other tokens issued to them. The sheer economic logic of maintaining these as discreet systems within one organisation dictates that eventually the problem will be solved by doing it all up together because it will be cheaper, easier, better, more efficient. We are not there yet because there are considerable difficulties and rocks in that road, but our experience in the field of local government is that, without waiting to be told and without waiting for legislation compelling them, the more progressive and forward looking councils are doing it anyway because it makes good business sense.

Q6 Chairman: I would like to know from you whether you think ID cards represent the sort of consummation of that process (that is, the logical end point of that process) or whether it cuts across all this sensible stuff that is going on already.

Mr Tyndall: My evidence to you is that it is not about the card; it is about the business process that underpins the delivery of services to citizens. At various points, people decide that a card is a very convenient method of delivering services, but actually the information management problems are not about the card, they are about compiling a unique index of citizens where you can know with certainty that the Richard Tyndall in this list is a genuine person and he is entitled to be there and he has these attributes, and he is not duplicated anywhere else and he is not a figment of some fraudster's devious scheme.

Q7 Chairman: This is simply a technical consideration as to whether we can do it in that form.

Mr Tyndall: Technically there are challenges. Within the Freedom of Information and Data Protection Acts there are legal frameworks and legal challenges. It is not that it cannot be done; it is just that, as you do it, you have to conform to the law of the land, which sometimes makes life a little more ----

Q8 Chairman: What interests us greatly is whether we can see real benefits in this direction of travel for citizens, as opposed to what you might call the security of the state or the administration of state services. You give some very nice examples in your paper. I particularly like the Oyster card example - and I do not know if it is true, but I suppose it is if you tell us it is - where someone with an Oyster card is sent ----- a text message, was it?

Mr Tyndall: Well, an e-mail in this case.

Q9 Chairman: -- at work?

Mr Tyndall: Yes.

Q10 Chairman: Alerting them to the fact that there were delays on the line they use to go home.

Mr Tyndall: Yes. That is an answer to the question: Now that we have this technology, what can we do to delight or amaze our citizens who use our services that we could not do before we had this technology? One of the big challenges for the providers of public services is displaying this imagination, of occupying that space that nobody has been in before because the technology has simply not been available.

Q11 Chairman: Should citizens get excited about the prospect of having a unique identifier that is going to bring all these benefits to them?

Mr Tyndall: They should not be excited by that, because that is a very dull subject.

Q12 Chairman: I was trying to make it sound exciting.

Mr Tyndall: No, they should be excited by the way in which the services can meet their needs better.

Q13 Chairman: Tony, would you like to add your bit to this, particularly on the operational side? Is it doable?

Mr Collins: I think that varies from agency to agency, local authority to local authority. Each will have to come up with a business case to show the benefits. At the moment, there are quite a few departments that are grappling with capacity issues of their own in terms of their systems. I think there is no doubt that they would buy into the idea of ID cards, because there are lots of different identifiers at the moment and it is very difficult for departments to get a single view of the customer, so the idea of a unique identifier is an attractive one. But some of the departments, like HMRC and DWP, have very complex systems which date back at least 20 years, some of their core systems. Altering those to take account of the single identifier that is not the national insurance number - which in itself has issues - will be difficult. For example, HMRC has already put off some of its major projects because it has capacity problems internally and has to deal with things like tax credits. DWP is going through an IT-related modernisation process and that obviously does not take into account the ID card number. I think there are operational issues, but I think desirability would not be questioned by what is known as the CIO Council (a council of Chief Information Officers in Government). That could be a body that would be able to look at this across government and local authorities, the police and the NHS.

Q14 Chairman: Given all that we know about the track record of government in relation to IT projects and everything else, and given the fact that this is the most cutting edge kind of project, is it doable?

Mr Collins: I am not an expert on ID cards and I am not a "techy" either, but I have covered government projects, for central government particularly, for 15 years, and I have seen a lot of projects go wrong. Computer Weekly sees common factors emerging in some of these projects. One of the things we see is an early exuberance, created by the potential benefits of schemes which rarely materialise in practice. We have seen that with the NHS, for example: there is a very large IT-related scheme where the benefits everybody buys into, but with the practicalities, the implementation, there are problems with end-user support - because people can see that contracts were awarded fairly quickly and then the details worked out afterwards. Having gone through a lot of the Government's information on ID cards, we can see that there is a tendency to issue selective information, which is a bit of a hallmark of some of the other projects that we have seen go wrong. I asked the Home Office yesterday for some of the documents listed in the KPMG report which summarised the Government's position to date on ID cards. I asked them for the outline business case; a business case for something called "authentication by interviewing"; and then there was a related business case for biometric residence permits for non-UK citizens. I asked for an ID cards programme from Blueprint; Gateway reviews; and the risk register, and I was told that none of these documents can be published. That concerns me somewhat because they have quoted from the KPMG report as saying that the "costs basis is robust" whereas I have noticed that the KPMG report says that the "methodology for appraising the costs is robust" but based on information that was already superseded by the time they did their report. With IT projects generally, it is very difficult to establish, even after they have gone wrong, what the cause is. The Work and Pensions Committee looked at the Child Support Agency and still could not establish at the end of its investigation what had caused the problems there. I think there needs to be openness and transparency at an early stage, in order for potentially serious problems not to be treated as teething. From looking at the documents, there seems to be an attitude of awarding contracts first and sorting detail out afterwards - as in the NHS project, which has not gone very well so far. I think that is a danger.

Q15 Chairman: Does this make you sceptical, pessimistic about the ultimate outcome?

Mr Collins: I think if they exercise extreme caution, I could be optimistic about the outcome.

Q16 Chairman: That is a highly political formulation!

Mr Collins: You have to take extreme caution. For example, you have things like sensitivity analysis and optimism bias in praising ID cards and other projects, and if there is a realistic attitude towards those that would allow you to stop a project if, for example, the anticipated savings do not justify the costs, or the benefits do not justify the risks and the costs. I do not get the impression that that can be carried out realistically, because there is no means for stopping the project should they decide that the benefits cease to outweigh the risks. "The scheme has to go ahead" is the impression - as it was with some of these other projects that went rather badly wrong - and if they come across potential show-stoppers, that is not going to stop the programme.

Q17 Chairman: That is a good point.

Professor Dunleavy: Over the summer, there has been a considerable change in the scheme. The KPMG report which came out on 7 November gives you assurances about the new form of the scheme. So far as I can tell the new form of the scheme is that there is a biometric validation of somebody at the point where they are issued with a card, and after that it is basically just a chip-and-pin card and there are very, very rare further occurrences where there are biometric checks. That is very, very different from the sort of thing that was being discussed before, and the current scheme is very different from the sort of thing that was being discussed under the heading of "entitlement card". So I think there has been a lot of movement. The KPMG report does not provide any assurances on the benefits. They only looked at sections of the business case - they said that the contingency amount, for example, does not follow the Treasury green book on operating costs, so there are a lot of quite detailed things - and they did not get to look at the final costs of the scheme in a coherent way. They got to look at some earlier costs and then they looked at revisions and thought about whether they would be helpful. It is a very good report, the KPMG report, and very vital, and it of course post-dates the costs consideration.

Chairman: Yes. My colleagues will want to explore this further with you.

Q18 Julia Goldsworthy: Do you think we need the publication of these documents, whether they are Gateway reviews or any of these background documents, to keep up with how the situation is changing and to be able to assess accurately whether this is early exuberance, and to get down to the realism of what they are proposing and whether they can deliver it?

Professor Dunleavy: I am not sure which of the documents Tony asked for is publishable under Treasury rules. When you are doing a procurement you have to be rather careful about putting a cost figure into the public domain. If it is too low, contractors may bid in at some too low figure and you get a scheme that does not work. On the other hand, if your cost figure is overly high, then you may be paying more. I think there is a constraint on how much the Home Office can publish. The problem has been that the Home Office has published several different versions of what the ID card was supposed to do. We still have this problem that the benefits are whole of government benefits, and we have no data at all on any other government departments' costs. The final difference between this scheme and other kinds of smart card schemes is really the huge scale of the scheme. There will probably be at least 60 million people in the scheme. I was just looking at the legislation - the note, I think, in the Lords - and it now seems that dead people will be on it, as well as people who have left the country. So I am not sure how many people will actually be on the scheme and the Government has not told us.

Q19 Chairman: Kelvin points out that there are a lot of dead people! - which is true.

Professor Dunleavy: KPMG looked at: How long will the card last? The Government says it is going to last for a certain amount of time, ten years - which is a very long time. Your normal bank card does not last for that long. If you had to renew the card earlier than that and it cost some very small amount of money, let's say £4 to replace the card, and then if you had to post that card to people in a secure way - which I think you probably would have to do - and that cost £4, £8 times 60 million is £480 million. It is very, very important that these key cost assumptions and information about them should be in the public domain and should be considered by Parliament and should be realistic. So far as I can see, until very recently the Home Office was, for example, assuming that the identity card would be lost and become faulty and become damaged about as often as passports would - which is a very different creature from an ID card. They have now moved into putting in figures for them becoming lost/damaged or whatever about as frequently as driving licences, which is a much better way of doing it. But they only made that move, I think, in August.

Mr Collins: I have no quarrel at all with the evidence you have just heard of what the costs on the left-hand side of the page are. Our experience, looking at this problem in local government, is that there are also savings on the right-hand side of the page to balance off. The audit of cards and electronic identities that was done in one country and district area demonstrates that there are already lots of costs in the system. There are costs for mailing out new cards to people who lose their library card and there is somebody in the next door office mailing out a new bus-pass and there is somebody in the next office doing school or building identity and so on and so on. At the smaller scale of an individual local authority, the way into justifying the expense on the left-hand side of the page is about saying, "Can we realise real savings on the right-hand side of the page by switching off some of these other systems if we can unify?" That, for all sorts of organisational behavioural reasons, can be difficult to achieve, but you have to understand that if it is just seen as a new scheme and everything else carries on without change then the numbers are never going to add up to the sort of figure that will convince people that it is worth doing.

Q20 Julia Goldsworthy: But we do not know what the left-hand side is or the right-hand side is at this point. Initially every government department is saying, "I can see how it would work in education, and in health we can use it this way, and in work and pensions we can use it this way," but the Regulatory Impact Assessment only costs the cost to the Home Office. Is it going to rationalise all this government information or is the basis behind it an identity security card essentially? We do not know that. We do not know how it is going to be used.

Mr Collins: I have heard exactly that question asked inside an individual local authority and that debate goes forward. Whilst the individual service departments within a local authority insist on their independence and their separateness from their colleagues, the project never goes forward. It is only when the leadership of the whole organisation says, "Stop squabbling, stop being independent, we are doing this for the good of the citizen, because we put the citizen at the focus of this not your departmental concerns," it is only with that strong leadership that you have a chance of going forward.

Q21 Julia Goldsworthy: But the latest indication we have had from the minister has said, "Decisions on whether, when and how particular public services will make use of the ID card scheme will be made by those services individually or collectively as appropriate depending on how services are managed."

Professor Dunleavy: There is a ministerial committee on ID cards and I have yet to see any publication or statement originating from it - which I think would be helpful.

Q22 Chairman: What you say is interesting, but the centre in Britain is different from localities, is it not? There is no real corporate centre in British Government. If you read Patrick's observations on the demand and supply side factors here, it is clear the departments will just watch and see whether this becomes a kind of scheme that it is good for them to buy into. The idea that here is going to be some concerted central push for all the kind of rational reasons that you say is not how our system works.

Mr Collins: I have no evidence from my experience about the behaviours of central government departments. I can tell you that this problem is being tackled from the ground up, through the ODPM-sponsored Government Connect project, which is taking a very much more federal approach and a shared investment and shared infrastructure approach, to try to find a way where you can get to where you want to go without needing to change those behaviours that you and your colleague have just described, the very separate behaviours.

Q23 Julia Goldsworthy: The final matter is on the Gateway review specifically. This is something that I have pursued, and I have had an answer back this week. You are talking about commercial confidentiality and having to withhold this information but is there the assumption that it is being withheld because it is negative? The response I had from the minister said that he was not able to publish any of the information because it was all commercially confidential but then finished the answer with, "However, the most recent review covering business justification did confirm that the programme was ready to proceed to the next phase." If they are able to provide us with that information, does that give an indication that earlier assessments might have been less positive? Why can they provide as partial that kind of information?

Mr Collins: The little information we have on Gateway reviews generally, for example, published by the National Audit Office, did mention that the tax credit scheme got the green light in a Gateway review. In fact, it called it an "exemplar of project management". I think selective information given out on Gateway reviews is a pretty dangerous thing because sometimes these Gateway reviews where they have been published have contained some quite complex, and quite a number of, recommendations. On whether they should be published, the Government seems to take pretty much a blanket view (although it says it does not) on Gateway reviews, that they will not be published - certainly not the red, amber, green light. But where a government department has published Gateway reviews, perhaps inadvertently, I have not seen any confidential information in them and it is very easy to extract or take it out of published documents and still release the bulk of the document. I think that they are not being published because there is a blanket ban on publishing them within government.

Q24 Chairman: On Patrick's point about the need for confidence I wondered whether there was difference here or consensus around the idea that these things could be published, certainly if any legitimately confidential areas were taken out. Patrick, do you agree with what Tony just said?

Professor Dunleavy: I certainly think it would be desirable in the public interest if more information was available about this scheme. On the question of how you get that information, I think you could do it from extracting from the business case and the OGC review. I do not think that would be a mind-bogglingly difficult thing to do with Treasury looking on. That would be my hope.

Q25 Paul Flynn: The sketch on Little Britain about "The computer says no" is something that is part of the daily life of our constituents and ourselves - although perhaps unfairly they are now having a go at the travel industry, where one can book online, get a boarding pass on line, choose your seat and choose your meal and everything online seems to work very well, as many other systems do. But we have this constant chaos amongst the national schemes. Yesterday I had a CSA case, which is hardly a teething problem, seeing the time it has been going on, where somebody had changed their status from being a non-resident parent paying maintenance to being a parent in charge of a child. There is no facility in the computer system, even now, to cope with this - which is something that is predictable and is likely to happen. The case has to be done manually, which will take months. I believe there are daily problems in this way. Why should it be so difficult? The national schemes, as I think you have all said, have very good people running them - some of the best people in the IT business. Why should there be this difference between schemes that are run for commercial organisations and schemes that are run for Government, apart from the obvious size?

Professor Dunleavy: I would say the first thing is scale. it is terrifically important to recognise that running things for 60 million people is a very large scale thing to do. Everything gets very much more complex when you are doing operations of that scale. Most ID card issuing authorities in Europe are local authorities not national governments. If I were wanting a get-close-to-the-citizen ID scheme that would cut the cost of getting an ID, I would not necessarily have gone for a national scheme and I would not have gone for a national identity register that starts with 60 million people, records about 50 different pieces of information and then magnifies that up with alterations, revisions and later checks and so on. That is going to become a technically difficult scheme to manage I think after a while.

Q26 Paul Flynn: Mr Collins, you referred to Tony McNulty, the minister, saying he was going to release independent assessments about how the ID scheme was going, and then you claim he was overruled by civil servants and the next day it was turned down. "If the new schemes fail, the suppliers will still be paid; and heads of departments will have nothing to fear because the chances are that Parliament will not be told of any failures. So there is little incentive for departments to succeed. This is how it has been for decades and there is no reason to believe things will change now." This is an appalling situation because the ID scheme has had opposition from all quarters and if we cannot tell the truth on it, is it not likely that this will enflame parliamentary opinion and parliamentary arithmetic and the scheme will not get through?

Mr Collins: This is a difficulty that was recognised in the States. The Clinton administration introduced legislation specific to the public sector in 1996 called the Clinger-Cohen Act which provides, among lots of other things, for reports to Congress on deviations from contracts, significant deviations, so Congress is in fact kept informed on large projects. There is no mechanism in the UK for transparency or accountability to Parliament on major IT schemes. I think the problem is that lessons are not always learned because lessons are not always published. For example, HMRC over the tax credit scheme had a report done by Deloittes, and the former chairman of HMRC, Sir Nick Montagu, has said there are plenty of lessons from that report. I asked HMRC yesterday for that report and they said it is confidential. That means that the lessons tend not to be learned, there is not the processes for accountability, each project is supposed to have a 'senior responsible owner', which is a very good idea, someone who sees a project through from conception to delivery of benefits, but we see, for example, with the NHS project that they have had several 'senior responsible owners'. So the mechanisms are there in government to get these projects right; it is adherence to good practice and best practice that is sometimes the problem.

Q27 Paul Flynn: Parliament will take the decision whether the scheme goes ahead or not, but your view is that Parliament has been kept in the dark and there is information available that might be critical of the progress of the scheme that is being denied to parliamentarians.

Mr Collins: For example, on the outline business case, the NHS published a 600-page document which was its outline business case for a £6 billion programme. That was confidential. Each copy was password protected. We campaigned against the confidentiality of that and published parts of it which we were given in confidence from sources that we obviously did not identify. Afterwards they published the whole document, all 600 pages of it, each marked "In Confidence" and when you look through it you cannot see any good reason why it should have been kept confidential in the first place. Some of the costings are not there but they do give the implications for the department of the project and they list the benefits and what they are looking for from suppliers. It is an outline business case. Why they cannot publish the outline business case for this case, with any information that is strictly confidential held, I do not know.

Q28 Paul Flynn: If it is part of the Government being neurotically secretive, which is endemic in the British system, that is not a great problem. But do you think there are indications that confidential reports have been kept secret in the past that, if published, would have allowed Parliament to take a different view, and possibly improve systems?

Mr Collins: I have no doubt that is the case with projects that I have looked at.

Q29 Paul Flynn: You say that "... projects are still launched which are overly ambitious, unnecessarily risky, have constricted timetables, pay little heed to warnings, in which there is too little consultation with prospective end-users, and the commitment is too great to allow for any U-turn despite the history of failure on national IT projects." Does that precisely describe the identity card scheme?

Mr Collins: I am not an expert on the identity card scheme. I have a colleague on Computer Weekly who covers it as much as I do. But I do have concerns about the amount of information that is not being released and the way that the information is being released is being quoted selectively from reports; for example, this question about: "the costs case is robust" whereas actually the KPMG report talks about "the methodology being robust". I have a concern that this exuberance, the unquestionable benefits that ID cards could bring to the departments seems to override some of the practical problems of implementation

Q30 Paul Flynn: There seems to be two main views on the identity card scheme: those who claim they are overly ambitious and those who say they are not ambitious enough and that we should be using them for a wider range of uses. Is it your view that the time for biometric ID cards has not yet come?

Professor Dunleavy: I think that is an interesting parallel: is the scheme overambitious, is it not under-ambitious. One of the things which Richard's evidence has already mentioned is that people tend to take up low authentication schemes. There is a very strong public demand for services and cards and facilities that bring things together in absolutely critical ways, where, if you lose something, dire consequences follow. If you lose your Oyster card, you ring up Oyster card, cancel it and get another one. It is very simple and straightforward. There are no transition costs. If you lose a national ID card, especially if you lose it and somebody else is using it - which they would be able to do in all contexts short of being asked for biometrics, which will be most contexts - then you are going to have some considerable costs and difficulties in re-establishing your identity. In the long-run, by 2020, if the national ID card is in place, many of the existing methods for establishing your identity will atrophy and go out of use and become very hard and expensive to reactivate. Just at a simple level, it will make a big difference to what people do. How they behave will make a great deal of difference to how useful the card is: if people do not update their address, for example, or if they do not notify people if they lose the card. All kinds of very strong and important behavioural factors really need to be modelled in to show that the scheme is going to work. I have not seen any evidence of behaviour modelling by the Home Office that strikes me as credible or competent yet.

Mr Tyndall: Your question was specifically about the need for a biometric card. The work that has been done in local government has followed the need for authentication of current transactions according to something we call the T scheme (where T stands for Trust). It goes from T-nought, which is an anonymous transaction (for instance, an anonymous version of the Oyster card: London Transport do not need to know who you are as long as you have paid for your fare); through T-1, where you want to know who the person is; through T-2, where you need to know with some certainty that this person is who they say they are and they are entitled to access this service; and up to T-3, which is the only point in the scheme the local government has been using where the need for a biometric identifier kicks in. Those transactions are reserved for matters of life and death, matters of state security, matters of the highest confidentiality (which in our context would be child protection matters - that sort of issue, highly and personally confidential) or matters where very large sums of money are involved, millions rather than a couple of hundred quid here or there. In the world of local government, there simply are not very many T-3 transactions with which the public gets involved - which echoes the point that has just been made to you. Most local government services are very low level, with no great need for security. Indeed, with a scheme I have promoted in a secondary school in the canteen, I was asked what level of biometric identifier was being used and I said, "We don't use any form of electronic security whatsoever." I was challenged; "If you have got the smart card scheme, why don't you?" and I said, "Well, the service we are offering is the sale of a school dinner, price £1.40, and to access this fraudulently, you have to dress up in school uniform and you have to get past the dinner lady, so biometric was not indicated there." The answer to your question is that the people promoting the scheme have to go back to: Where is this high level of security? What is the nature of the transaction that is needed? I am sure the Home Office has a large number of transactions where they need to know with very high levels of confidence who people are but I am not sure that involves every citizen in the country.

Q31 Paul Flynn: If you were parliamentarians, would you vote for the Bill in its present form? If not, how would you amend it?

Professor Dunleavy: I would not vote for it in its present form because I do not think that Parliament should approve major IT schemes without some independent certification by a responsible officer that the scheme exists. That is the situation that applies in the Netherlands: you cannot introduce a student loan scheme before you can get a certificate from a parliamentary officer saying, "We have looked at the IT scheme, it is already in existence, all the key bits are already well tested or have been independently validated, the scheme is going to work." If you had that before you implemented major pieces of legislation, I think Parliament would be in a much better position.

Mr Tyndall: My personal view is: Not in its current form. I think the scope is too narrow. Professionally we are committed to supporting a much more federated approach, where government behaves like the government for the whole country and all of its agencies. We would say it needs to look much wider as to who might be able to benefit from a well controlled central register, containing unique citizen identifiers, whether or not you ever issued a smart card against it.

Mr Collins: I do not think there is enough information for parliamentarians to judge. I think they would need to see at least the outline business case. I would not like to make a judgment without the facts.

Q32 Julie Morgan: Patrick, you said that you felt a certificate would be needed to say that the scheme worked independently. Would you have confidence in such a certificate, bearing in mind what Mr Collins has already said about the early indications of the tax credit scheme? I wondered if you could elaborate a bit more on how you really have confidence in an independent certificate.

Professor Dunleavy: Yes. I think the Office of Government Commerce at the moment does what is called "a process of challenge". That is not the same as a process of validation. It is really a challenge on the business case. They will go into the technical details, but it is quite difficult with these big projects to go a long way into the details. It is quite difficult if it is a very strong government policy commitment, if it has been in the manifesto and so on. If you had a stronger parliamentary process of scrutiny and certification, and I think Tony's comments were implying regular updates - for example, the National Audit Office publishes a regular update on the process of major defence projects, but major government IT projects are every bit as expensive and every bit as complicated as major defence projects, so I am not quite sure why there is not a major IT project report which could be considered by the Public Accounts Committee - I think that would create a much more regular, much more effective discipline on ministers and departments.

Q33 Julie Morgan: You think something could be built in which could avoid some of the disasters that we have seen.

Professor Dunleavy: I think if you had either NAO doing it or another parliamentary agency, a special purpose agency doing it, and there was a regular pre-legislative scrutiny of the IT plan - so it was not the Home Office convincing itself, hiring KPMG to tell us that we can have assurance across it, which is not quite the same thing - and if there was an update report on how things were going.

Q34 Chairman: Why could the NAO not do it now?

Professor Dunleavy: I do not see any reason myself why they could not do it. If they were asked by Parliament to do it, it would be the kind of thing they could do very effectively. It is quite silly really for the NAO to wait for a very long period of time, until something has happened, and then come along and say that the tax credit system was not well done. It would be much better if there were a well developed, respected audit methodology - which I think could be done for major IT schemes and should be done, given that the scale is several billion pounds for many different schemes. You have the health scheme, the ID card scheme, defence infrastructure. There is some data that suggests Britain is investing much more heavily in government IT than any other European country. There is a huge process of capital deepening going on in every single policy sphere. This is not just a minor, "Let's pass the legislation and we will tell you about the IT later on;" these are fundamental interactions between what the policy is and what the capability of delivering the policy is.

Q35 Chairman: We do retrospective auditing, do we not? You are saying we should do prospective auditing.

Professor Dunleavy: Yes. The Defence Major Projects Report is an update report which comes every year and it is a real control on the Ministry of Defence. It still does not stop some budgets overrunning, but in the ten years it has been in operation it has dramatically improved, certainly, information to Parliament about major defence projects. You could see the case for exactly an analogous reporting process plus a pre-legislative scrutiny for the IT aspects of major schemes.

Q36 Julie Morgan: When you talk about the scale of the project, do you mean the numbers involved or the complexity of what is involved?

Professor Dunleavy: I mean usually the costs of what is involved. We are now spending 1.5 per cent of our GDP on government IT schemes every year, which is more than the whole contribution of British agriculture to the GDP. This is a very salient issue.

Q37 Chairman: I have been told that there are problems with your suggestion, but we are having a private discussion about that. Could I ask Tony if the proposal that Patrick has just put forward is one that seems to him to be a sensible one in terms of the audit function being built into the process being done seriously by an external body but with a link to Parliament?

Mr Collins: I think it is a very good idea. There has been some debate. The Treasury has been trying to restrict the amount of work that the National Audit Office has been doing. The Public Accounts Committee was considering that. But I have seen some NAO work that has been sub-contracted that has been very good. As Patrick says, the Major Defence Projects Report is an excellent report and the NAO could certainly do that. I think there would be a lot of resistance from departments, because they have not even published the mission critical IT projects let alone made any decision about auditing them. There has been some very strong resistance, particularly from the OGC, to allowing Parliament to have access to information, particularly ongoing information, about IT projects. I think Ian Watmore, the Government CIO, is on record as saying that we are undertaking more ambitious IT-related schemes than any other country - and smaller countries obviously would not be involved in such large schemes, but larger countries. The USA would delegate, so that it would be done on a state by state basis, or the projects are just not as big, generally speaking, although they do have some fairly large federal projects as well. But some of the projects the UK Government is doing are ground-breaking, and you have to ask yourself the question: Why is it necessary for the UK to be leading edge, given the risks?

Q38 Mr Liddell-Grainger: You mentioned about Moore's Law. Moore's Law, if I remember, is that technology will double every year in its capacity and its capability to go on. Is part of the problem then that government will get so far down the line with an IT project and suddenly think, "Actually, this could be done better"? Because people like Watmore and Pinder and others are fairly sophisticated characters and we are pretty unsophisticated, as you can see here today, on mighty projects. If that is the case, is part of the problem that the complexity when we started was that an ID card was a thing which you would get from your pocket, it would have your name on and it would have your address. Now, because of the Oyster card example, that technology is now so superior, they now get to a stage and suddenly think, "Actually, we can do it better. Let's try something else"?

Mr Tyndall: I am sure that is a factor. If you look at the Oyster card project, it looks good, feels good, Londoners like it, but the first project meetings were ten years ago, when the first idea was being batted around. If you look into the banking industry, just practically completing the change over to chip-and-pin, they were slightly longer in the gestation period front to back. If the banking industry were starting now, they would not look at the type of technology they use which requires a contact to be made in the machine between the chip on the card and the machine reading it, they would use the same wireless technology that the Oyster card uses, where you just get the card somewhere near the reader, because that is now feasible and doable. But in the banking world they had to freeze the specification many years ago and it has still taken them years to develop it out. But this march of technology is good rather than bad overall, even though it has these growing pains - in my opinion.

Q39 Mr Liddell-Grainger: You say that. The e-Gov blokey tells us there are 4,000 websites. He thinks that is ridiculous and that there should be considerably less - and I do not know what considerably less is. If you then take that on, we started off with Government Gateway, we now have Gov-Connect, and if you trawl through what you can connect to, they all have the same parameters. You have a few local authorities, you have a few government bodies, you have maybe a department and one or two other links to various spurious people. Why is it that all these sort of Gov-Link/Gov-Connect things have gone down this route? Is it because none of the departments will talk? Is it because none of the departments actually quite know what they are up to? Or is it that the Government has lost control of e-Gov?

Mr Tyndall: Lost control may imply that it ever had control.

Q40 Mr Liddell-Grainger: Did it ever have control of e-Gov?

Mr Tyndall: My evidence is that this is an emerging field and that we are all, if not infants, then somewhere like adolescents in this world. You asked me a question about websites. If you go back ten or 15 years, nobody had a website, not because they were dullards or risk-averse or backwards, it was just because nobody had websites. The website industry is only so old and it is maturing and evolving. You can look back at any industry where the technology moves on apace. If you look at some of the early motorcars, you say, "They did what? They had steam-driven motorcars!" but somebody thought it was a good idea at the time. There has to be some sort of Darwinian effect in this area. I am absolutely certain that there are a number of things that we do today that will not stand up to the test of history. We will look back in a few years time and we will be saying, "We did what?"

Q41 Mr Liddell-Grainger: Could we take a specific. The Government set up a project called True North. Have you ever heard of it?

Mr Tyndall: I have heard of it.

Q42 Mr Liddell-Grainger: Do you know what it did?

Mr Tyndall: No, I have no idea.

Q43 Mr Liddell-Grainger: Does anybody know what it did? The Cabinet Office gave the okay to £83 million to set up a project called True North, which was to paper sleeve a deal with Government. It has gone somewhat wrong. The only reason we came across it was because the company sued the Government for £24 million, saying that they were plonkers and they did not know what they were doing - which comes as no surprise to any of you three. Do you think it is farcical that we have got to the stage where you cannot get papers, we cannot get papers? The Government are covering up projects that have gone wrong to the tune of £83 million - and that has been a snip compared to some of the things they have messed up. Are we just getting to the stage where this whole thing is becoming a farce?

Mr Tyndall: I would not characterise it as a farce, no.

Q44 Mr Liddell-Grainger: It does not seem to work. You have portals everywhere; you have websites; you can go in one way, another way. How on earth we are going to have an ID card system that is going to work, if the Government itself at the highest level cannot even get a project right?

Professor Dunleavy: I think one of the problems is that when you have new policy areas the way that you used to do things before does not apply. Then you take quite a lot of time and you have a lagged response to the new thing. In e-Gov we have had a process of catch-up really, so there was a lot of spend on encouraging websites and so on and it took quite a long time for basic metrics for measuring success and things like that to be built in as well. I think the new office of e-Government is trying very hard to make things more transparent. We did a study in 2002 for the National Audit Office called "Government on the Web". If you look in the report you will see that there are not any web statistics for the Treasury. The Treasury had a website and did not have any statistics of how many people were using it and so on. All of those sorts of problems should be behind us and I am hopeful that there will be an evaluation next year that will show that there has been considerable progress. Local governments are publishing e-government implementation plans which have a lot of information. I do not think it is all bad and I do not think there is any particular reason why it could not be improved and refined.

Q45 Mr Liddell-Grainger: Who should be in charge of this? Do you know what the total assets of the Cabinet Office's computer resources are? £122 million. That is more than the asset value of all the buildings they have in Whitehall, believe it or not. We cannot find out what they are. Do you have any bright ideas? Why has the Cabinet Office got £122 million worth of computer assets? They wrote off £52 million last year in depreciation. Either there is an awful lot going on that you do not know about and I do not know about and we do not know about, or one heck of a mess has happened and we are not sure whether it has or has not. Can you shed any light? It worries me that we are going to get these ID cards at £30, £50, £100, whatever, and so far the evidence is not very good that it is actually going to work.

Mr Collins: I keep coming back to this information thing. I would rather not name the department, but my editor and I were called in to a particularly large department and asked not to write some of the things that we were writing because of a public confidence issue. Some of these departments are really struggling to cope, but the information that is given out to the public and Parliament is that things are generally okay. There was a very good NAO report published last week on complexity in government and why these systems have grown up piecemeal because they are particular responses to policy and legislation and that is why they are so horrendously complex. In a private company, you would say, "Okay, let's pull that aside, we are going to build a new system. We are going to accept that we have problems with that or we are going to run two systems in parallel and we are going to replace this technology with something new." No one really owns up to the state of government IT and says, "These are the problems we have and this is how we are going to tackle them." A CIO at HMRC gave a speech at a public conference earlier this year in which he talked about the problems that that department has - very serious IT-related problems. After we published the details from his speech, the revenue issues a denial statement. I think there is a real issue with accountability and transparency.

Q46 Mr Liddell-Grainger: Does it then come back to the situation where government departments do not talk to each other? We know they do not. Some are better than others, but they are not good at talking to each other. Is it, do you think, that the Government has got so sick of this, that the e-envoy has taken the whole thing on his shoulders within the Cabinet - which is where he is based, although he could be based anywhere - and this is why we have these massive figures that have been spent within one area? Is it that they just happen to do the whole thing themselves because nobody else either will, wants to or can?

Mr Collins: I think there is quite a pressure from suppliers. I have been to conferences at which suppliers are talking with civil servants with a view to possible projects. They talk about the benefits and they do sound quite compelling. I think it is very easy for departments, ministers, civil servants and suppliers to get caught up in the benefits of a project and not necessarily see how difficult it will be to implement them. We saw it with something called "Choose and Book" in the NHS, a scheme for booking appointments electronically, rather than having a letter from the hospital. You can choose the location, time and date of your appointments - a very good idea. It was described initially like an airline reservation system - the private sector has it, why can the public sector not have it? But in fact it has not delivered really any manifestly useful results yet. They had hoped to book 10 million appointments by the end of this year and the latest figures I had were 26,000. In other words, it is very easy for suppliers to sell their solutions, identifying problems in government and then selling those solutions, and everyone seems to get caught up in the benefits - which no one can deny -without necessarily looking at the practical problems.

Q47 Mr Liddell-Grainger: One last question. Computer Centre, have you heard of that?

Mr Collins: Yes.

Q48 Mr Liddell-Grainger: It has been paid just under £40 million in three years from the Cabinet Office. I went through their accounts and got in touch with them and they would not admit they had even worked for the Cabinet Office. I presume Government has not just given them £40 million because they feel good about it. That is the worry, is it not, that we do not know what is going on, where this money is going in the first place and what it is being used for? When private companies are not prepared to admit to work for the Cabinet Office ----

Mr Collins: I do think it is odd and people I have spoken to think it is odd, coming back to this NHS project - and I will mention it because the cost is between £6 billion and £30 billion, so it is comparable in size. The decision to go ahead with that was taken in February 2002 at a seminar attended by ministers and civil servants - we know who was there - and representatives of the industry. We put in an FOI Act request for details of that meeting at which this decision was taken in principle to go ahead with this very large project, and we were given absolutely nothing from it. It is an oddity, given that Congress will discuss very large commitments and investments in projects before they go ahead. It is odd that with IT projects that does not happen.

Chairman: As you will see, Ian is poring over the Cabinet Office accounts - and if I were in the Cabinet Office I would be worried about this. I do not know if it is something you would like to pick up on, Kelvin, but the bit which has not been much discussed is the extent to which there is supplier pressure. Were you going to ask about that?

Kelvin Hopkins: Indeed, I was.

Chairman: You ask about it then.

Q49 Kelvin Hopkins: We have the example of the railway industry which I sometimes touch on, where we have moved from a publicly owned system, with internal engineers doing a job, to a system of outside contracting services, and the costs to lay railway track have risen by four times in ten years. Given that all these systems are provided by external contracting, private sector companies, do they not have a vested interest in not getting it quite right first time and then coming back for a second bite at more government money?

Mr Collins: They do tend to get paid come what may in the IT industry. This week we saw a settlement between HMRC and EDS over the tax credit scheme, but it is very rare for a supplier to be penalised when there are problems, particularly with these mega projects. There is a very small number of IT suppliers in the market and it is very difficult for government to fall out with a very small number of suppliers because they have these very large projects, until or unless you decide to do smaller scale projects in which you can bring in small and medium-size companies. If you are going to focus on very large projects, you need very large suppliers. It is very difficult with these contracts, when they go wrong, for government to be able to say it is all the fault of the supplier, because the supplier will usually turn round and say it is the change in the requirements of government, and legislation and statutory amendments do mean that IT projects do change quite a lot during their lifetime. It is very easy for each to blame each other. The likelihood of taking legal action against suppliers when things go wrong is pretty low.

Q50 Kelvin Hopkins: Do you have any ball-park figures of examples where an initial cost has been announced in Parliament for a public service to have an IT system, and then the ultimate cost if and when it finally works? I do not mean just a cost overrun, but if the estimate is £1 billion and it finally costs £7 billion? I am only guessing, but has that sort of thing occurred and do you have any figures at your fingertips of that kind of disaster?

Mr Collins: Again, it is hard to get information. There is usually quite prolific documentation in the early stages of the project about its benefits but they do not publish result implementations. There are some examples. The DWP is probably one of the biggest. They announced to Parliament that their modernisation/computerisation of benefits would cost, I think, £713 million and would save 20,000 jobs, but at the last count it was £2.6 billion and the number of staff involved had increased. There is a magistrates' court system called Libra, which was announced as being a £140 million project. At the last count that was £390 million. But it is hard to get information on costs, because they revise contracts. The NHS is doing this at the moment and saying, "Our timetable and our costs are now out of date. We set them two years ago and we now need to 're-profile' them" - I think that is the word.

Q51 Kelvin Hopkins: I think you have made my point for me. The next question I would like to put is to Patrick. It is about his estimates, because the LSE has made some estimates of the cost of the scheme. Even if it were to work first time, we are talking of £20 billion, £30 billion, whatever, but, given the history of disasters for these sort of schemes, and this is even bigger, is it not likely that the end result will be something that may or may not work but it is going to cost a significant proportion of GDP to get it going at all?

Professor Dunleavy: The LSE team is currently looking at the cost estimates and there will be some changes in the estimates. Mr Burnham from the Home Office has been very energetically saying that we are going to revise these costs down. We have not yet clarified whether that is the case or not. We will be looking at the cost estimates.

Q52 Kelvin Hopkins: The Government talks about the need to reduce illegal migration, illegal working. If the same amount of money were spent, for example, in making sure the passport system works properly; that the Immigration Office is properly staffed and works properly; that our borders are properly patrolled; and that we have proper inspectors checking that we are not exploiting workers like the Chinese workers at Morecombe Bay, for example, would the money not be better spent and would there not be a much more successful outcome if the money were spent in that way rather than having this gargantuan ID system?

Professor Dunleavy: If I were investing money and asking Parliament to invest money, I would think it best to give people a range of options. One of those options might be a very low-cost, core ID scheme. But that would be very different from the proposal that is actually before Parliament. It is not clear that there is any kind of opportunity and it is not clear also that the thing will work. It is very, very important how citizens view the ID card. If they view the ID card like they view the Oyster card, it is going to be a great success, and thousands of businesses will want to participate in that. People would voluntarily want to load onto the ID card information that would be useful in other public services and it could be very successful. But if people are very suspicious of the card, or very worried by the card or worried by the risks of having a card, then you could invest an awful lot of money and get almost nothing back for it that you would not have got much more cheaply with other mechanisms.

Q53 Kelvin Hopkins: My final question is to reinforce the point you are making. The Oyster card is useful to the individual, to the citizen.

Professor Dunleavy: Absolutely.

Q54 Kelvin Hopkins: The ID card is useful to the state, not to the citizen.

Professor Dunleavy: Yes.

Kelvin Hopkins: I think there is a big difference. I have made my point.

Q55 Jenny Willott: Could I go back to something that Professor Dunleavy mentioned earlier about people who have moved and the difficulty over time when the more old-fashioned ways of ensuring somebody's identity stop being used. I was wondering if any of you could tell me about the implications for accessing public services for people who are particularly vulnerable, people with mental health problems, alcohol or drug problems, people who are homeless and do not have a valid address to use for an ID card, asylum seekers and so on who might find it more difficult to prove their genuine identity. They are all perfectly entitled to access public service, and on the whole are probably more likely to need to access public services than most people in the general public. Has any work been done on as to how their right to access can be safeguarded, given that they are less likely to be able to use cards in the same way other people are more likely to find it difficult to access.

Professor Dunleavy: I think the whole social implication of ID cards is a generally under-explored area. It is not clear how it is going to work. In many services and circumstances, if, for example, people show up and they do not have an ID card, there are interesting questions about whether they are then going to be turned away. If very large numbers of people turn up without their ID cards, then, of course, after a while the staff might even stop bothering to ask for them, because people will not have them. Particular client groups (mentally ill people, for example) may not have ID cards, and I cannot see what would be the point of asking for them in that particular context. I am not sure that any of the service entitlement now know what the ID card will be used for or why. I should think it could only have negative implications for the groups you have mentioned.

Q56 Jenny Willott: Looking at the issue of identity theft, one of the arguments that has been used for identity cards is that they are going to make it harder for people to carry out identity theft. However, if you have everything that you can access through one little card, common sense, gut feeling - which may not be based on anything accurate - would say that actually it might be much easier to steal somebody's identity. If you can access the information through that card, then you have a whole range of information that you can access about that individual. What are your views on that element of it? For example, banks are looking as if they are quite interested in using identity cards for setting up bank accounts, accessing them and so on. If you have an identity card that in theory could provide access to financial information about that individual as well, you have an entire range of information that in theory you could access from just one source. Have you looked at any of the safeguards that would need to be put in place so that that could not happen?

Professor Dunleavy: Professor Angel, who is one of our IT professors, once described the ID database as a "one-stop shop for fraudsters". That would be the danger. The Home Office position is that they will check the biometrics of people who are being issued with an ID card at the beginning and then thereafter you will have an ID card which matches against it, so that we know that that person and that card belong together. If in lots of other contexts you also check the biometrics, then you have quite a high security system. If, on the other hand, you do not and people just submit numbers or submit the ID card and a chip-and-pin, then there are opportunities for fraudsters to use the cards very extensively and to have false identities. Unless we did the biometrics, we would not know that the person using the card was not the person who was supposed to be using the card. The ID card will have a little photo on it, but it will be very small, very blurry and probably it will be possible to fake up the card with that. The Home Office says there will be encryption methodology as well, but it is likely that there will be an arms race between the fraudsters and the card industry. There always has been in every other field. It is unlikely that human history will suddenly stop.

Q57 Jenny Willott: Are there any IT implications of how to counteract that type of fraud? What can be done to ensure that information truly is in silo, so it is not possible to cross-access?

Professor Dunleavy: If you very frequently and omnipresently check the biometrics, that would cut down on the amount of fraud.

Q58 Jenny Willott: That is extremely expensive.

Professor Dunleavy: That would be very expensive to do. If you have a quality of biometrics that you use to establish the card, to get the check working it has to be a similarly high quality check later on. So that would be very expensive. When we looked at the previous Home Office information, we assumed that there would be quite extensive use of biometrics, but it seems, from the way the Home Office has been revealing little bits of information, as if biometrics would be used really just to validate the card at the beginning and then it is not clear how many and other public services will use it and how often they will ever refer to the biometrics - in which case, it is just like a chip-and-pin card but with an initial validity check.

Mr Tyndall: Certainly the experience in local government of issuing these cards is that the advantage, if a smart card is lost and you know you have lost it and you have bothered to report it to us, is that a stop can be put on that token being used anywhere else in the electronic system and the memory of the system is clever enough to recreate your card and reissue you with one. Most people are familiar with this in the credit card world. When it works, that is fine, but there are several caveats in that explanation. You have to know that you have lost your card, you have to be bothered to report it, and it then only prevents the fraudulent use in electronic mode. If I lose my driving licence today, by this evening somebody could be hiring a car in my name - as long as they look reasonably like me and somebody bothered to check the photo - and they could be off and using it. So there are significant advantages, but it is not foolproof, and, as has been said, there will be some sort of arms race if the fraudsters believe that there is significant benefit in scooping the system. The technology is moving on apace and some of the encryption routines are very sophisticated and it will be a very expensive arms race eventually, assuming that the Government has the energy to go investment for investment with the fraudsters and keep raising the bar.

Q59 Jenny Willott: This has financial implications in the long-run.

Mr Tyndall: It depends on what is at stake. There is a very strong business case in some local authority administered benefits for saying that there is enough fraud in the system currently from some of the poor systems to make that investment eminently worthwhile because there are so many false identities created in some of the systems we use at the moment. So it is not all bad news but inevitably the investment curve is upwards.

Q60 Jenny Willott: One of the other reasons the Government has given for saying it would be a good idea to have an ID card is that you could use it to tackle benefit fraud, and obviously that is one of DWP's priorities. From my understanding of it, most people who are committing benefit fraud are not lying about who they are: they are lying about their circumstances and saying they are not working when they are, and things like that. Is there any evidence from local government of situations where it has been used successfully?

Mr Tyndall: No.

Q61 Jenny Willott: Okay!

Mr Collins: You are absolutely right that when you talk about benefit fraud you have to distinguish, as you have done, between individuals who are simply trying to sort themselves out and organised rings of people who are in the business of manufacturing false identities to claim wholesale benefits. Obviously there are far more individuals, but the value attached to successful fraud and potential savings to the system all lie with preventing systematic fraud where false identities are systematically manufactured. The prospect of a stronger authentication of identity, both in the base register and at the point of benefit claim, is that that systematic fraud can be squeezed out. Whether that is realised or not we will wait to see, but the prospect is there.

Q62 Jenny Willott: The assumption that we have been talking about with the IT system is that it would be used by government departments. We already know that banks are potentially interested and in theory lots of areas of business would want to start using the system as well. Does that have IT implications for the sort of system that it would need? Does it have cost implications if there are going to be others accessing the information that is held by government that are not currently able to access it that way? Does that have IT and cost implications? One of the things Professor Dunleavy mentioned in the submission is about leakage of information to unauthorised users. Is that being taken into account with the planning of the IT of this system? Obviously you are always going to have people getting information through dodgy means, but if you have more and more different types of organisations accessing central databases, what is being done to ensure that they cannot access information that they are not entitled to access?

Mr Tyndall: In general terms, yes, the more doors there are into a room, the more the chances are that they will be inappropriately used. I do not know the answer specifically to the design of the ID card scheme. I am not able to give you evidence on that. It is outside my area of knowledge. But the general proposition must be the case. There are also difficulties of complying with the law. The Data Protection Act is absolutely clear, that you can only collect information and hold it in electronic format for the purposes for which informed consent has been received from the person concerned. Quite apart from leakage and everything else, there ought to be safeguards in place so that the system is appropriately designed from the outset. My experience is that system designers take their Data Protection Act responsibilities very seriously.

Mr Collins: I think there can be a gap sometimes between what you want to achieve and the system and the implementation. Just to quote the smart card example in the NHS, they planned to issue something like 800,000 smart cards and they had very elaborate security procedures to ensure that only those who were legitimate users could access information - they are building a national database of electronic medical records. All that went out of the window, they discovered, when a contractor wrote the pin number on the smart card, because it gives access - doctors and nurses do not want to have to log on to the system each time and do not want to be logged off if they have not used the system for a couple of minutes. There is not an easy answer to that, even with the elaborate security procedures they have. That comes back to the point I was making earlier that those are the sorts of risks that need to be identified early on, so that you can decide how they can be mitigated.

Q63 Jenny Willott: Is there any evidence that they have been identified?

Mr Collins: We ask a lot of questions - What happens if, for example, in the NHS people do not bring their smart cards with them? How do they identify locum doctors? - and we are told the procedures are there and they expect people to adhere to them.

Q64 David Heyes: It is this unwillingness or inability to learn from mistakes of the past that I would like to take you back to. We keep going into these projects built around IT, not equipped with a reverse gear. Once you are in, you cannot pull out. Everybody is so heavily committed to it, and we do not learn post hoc. You have mentioned already the Revenue and Customs settlement with EDS just announced this week. It sounds very good on the face of it, £70-odd million to be paid back for their failures, but it is an agreement that has what they describe as a "significant confidentiality requirement". This is an area in which this Committee is particularly interested, the foul-ups on tax credits, and this looks like we are closed down from learning through investigating what has gone on. Should it not be the case that the Gateway review is the answer to this problem? We can learn as we go, that can feed back and we can avoid making the same mistakes again.

Mr Collins: Gateway reviews are part of the answer, but also the strategic business case and outline business case as well if you can edit them for confidential information. The Gateway reviews are not carried out that regularly. There is a six-stage process that starts with the feasibility of projects right through to the benefits realisation, but at least it would give an idea. Some of these reviews that we have seen just refer to the department's ability to meet its commitments: Does it have the buy-in of stakeholders? That is not commercially sensitive information. I have not seen details of costs. Sometimes these Gateway reviews do refer to the suppliers, but the supplies themselves do not see them. They are not even passed around departments: there is only one copy made and it is up to the department head to release them. From the Gateway reviews that I have seen that have been published I cannot see why they cannot publish them with sensitive information removed. I think it would be a very good idea because it enables assumptions to be challenged. That is the key thing. If you have the information, you can question whether a problem has been identified as a potential show-stopper. That is the real issue. We have seen time and again with projects that go seriously awry that the potentially serious problems are dismissed as teething. If there were scrutiny, then as parliamentarians you do not need a lot of technical knowledge to see that sometimes a project is going wrong. Usually it is for managerial reasons or policy reasons or a divide between policy and the technical people.

Q65 David Heyes: So Gateway reviews should be made public. That would be your recommendation.

Mr Collins: Indeed, suppliers, when asked that question by the Work and Pensions Committee said, "Yes, we would like to see them. We would like them to be published."

Professor Dunleavy: There are other mechanisms that might be helpful for learning. Sir Gus O'Donnell has recently announced - and no doubt you will be looking at it - the idea of bringing in the equivalent of comparative performance assessments in to departments. At the moment, the problem is that the departments' basic administrative systems and so on are not reviewed in a public way by other people. They are reviewed by themselves, there is a dialogue between civil servants and ministers, with scrutiny by the select committees. This is not really the same as looking at the ability to draw lessons and to learn lessons and to move things forward. If you were looking at the Home Office, it has a whole set of quite complex IT projects on the go all at once. It would be very helpful to learn lessons from different projects and to see that that was being fed into the way that other projects were being run, and, increasingly, running these projects is what central government departments mainly do. These are very critical. They are not just back-office systems, they are vital to whether or not you deliver on your core objectives and your core targets.

Q66 David Heyes: Indeed, it could apply across the whole field, with increasing marketing of service delivery.

Professor Dunleavy: Yes.

Q67 Chairman: If we had a system that was working well, we would have the plug being pulled on projects at various stages, would we not?

Professor Dunleavy: That has happened. The Office of Government Commerce has pulled the plug or has done Gateway reviews which have then caused ministers and departments to decide to pull the plug.

Q68 Chairman: We have departments on the whole and ministers who are committed to projects because they have announced their commitment to the project. As we have heard, they have oversold the benefits of projects, because that is what you do, and you have suppliers who are also in the business of overselling the benefits, because that is what they do. On the kind of figures that we are talking here it makes old kind of lobbying look pathetic. We are talking on a scale here that goes beyond anything that we have seen before. You have a lot of people who in a sense are wanting all this to motor along, even if there are difficult bits of evidence coming along, so unless we build in the critical elements, the external elements, which is what you are suggesting, there are things about the system, are there not, which almost induce us to finish up with these outcomes that cause us unhappiness.

Professor Dunleavy: Yes. But one thing that happens an awful lot in IT projects, which has been a key source of contractors earning more money than was originally outlined, is that ministers do change their minds. Policy decisions are made and then remade and remade again. A few years back, the norm in the IT industry was a six for one ratio, that you would go in for a competition and you would compete for a certain amount of money and you would then expect to get possibly up to five or six times as much extra as a result of policy-induced changes that were made subsequent to the contract having been agreed. That is not a very effective way of running your relations with a very large industry. If you compete for a £100 million contract and you know that ministers are going to change their minds and you are going to end up with a £600 million contract at the end of five years because of policy changes, then you are in a different situation from if ministers have to commit and there is good pre-legislative scrutiny or pre-policy scrutiny and there is a good updating project that keeps Parliament informed on how things are going.

Q69 Chairman: We did have pre-legislative scrutiny on the Identity Card Bill but your argument is that we did not have it on the kind of information that you would need to have to do it properly.

Professor Dunleavy: Not only that, but as far as I can see there has been a considerable change in the scheme and a move towards what is basically just a chip-and-pin scheme and biometric validation at the beginning or every ten years. That is a different scheme from the one which the Home Office conceived.

Q70 Chairman: But, as we are hearing, it is the nature of these things that the schemes do change long the way.

Professor Dunleavy: Absolutely.

Chairman: This has been fascinating. It has been extremely helpful in making us think not just about the particular issue of identity cards but about how Parliament gets a handle on this whole area. The reality is we shall probably reconvene in about 2020 to do a retrospective audit on what went wrong, but you have given us a glimpse of how we might do it differently. Thank you very much indeed for the session.