Session 2010-11
Publications on the internet

To be published as HC 715-i

House of COMMONS



Public Administration SELECT Committee

Good GovernanCE: the effective use of IT

Tuesday 8 March 2011

Dr Edgar Whitley, Professor Helen Margetts and Dr Ian Brown

Professor Nigel Shadbolt and Sir Ian Magee

Evidence heard in Public Questions 1 - 140



This is an uncorrected transcript of evidence taken in public and reported to the House. The transcript has been placed on the internet on the authority of the Committee, and copies have been made available by the Vote Office for the use of Members and others.


Any public use of, or reference to, the contents should make clear that neither witnesses nor Members have had the opportunity to correct the record. The transcript is not yet an approved formal record of these proceedings.


Members who receive this for the purpose of correcting questions addressed by them to witnesses are asked to send corrections to the Committee Assistant.


Prospective witnesses may receive this in preparation for any written or oral evidence they may in due course give to the Committee.

Oral Evidence

Taken before the Public Administration Committee

on Tuesday 8 March 2011

Members present:

Mr Bernard Jenkin (Chair)

Charlie Elphicke

Paul Flynn

Robert Halfon

David Heyes

Kelvin Hopkins

Greg Mulholland

Lindsay Roy


Examination of Witnesses

Witnesses: Dr Edgar Whitley, London School of Economics, Professor Helen Margetts, Oxford Internet Institute, and Dr Ian Brown, Oxford Internet Institute, gave evidence.

Q1 Chair: Good morning to our witnesses. First of all, may I welcome you to this session about IT and ICT in government? Please identify yourselves for the record.

Dr Whitley: My name is Edgar Whitley; I am a Reader in Information Systems at the London School of Economics.

Professor Margetts : I am Helen Margetts; I am Professor of Society and the Internet at the Oxford Internet Institute, University of Oxford.

Dr Brown: My name is Ian Brown; I am Senior Research Fellow at the Oxford Internet Institute at the University of Oxford.

Q2 Chair: Thank you very much indeed. You are here as much as witnesses as to help the Committee through this problem, so we do want you to say what you need to say. So if the questions are not on target, please take an opportunity to add, but obviously we have got a lot of questions to get through, so be as brisk as you can be – that would be extremely helpful. If I may I will kick off by asking a question of Professor Margetts. You wrote a book Digital Era Governance, in which you described the UK as "a world leader in ineffective IT schemes for government". Why did you come to that conclusion?

Professor Margetts : It was a seven country study looking at electronic government, big IT projects, contracts, the computer services market, a whole range of factors that affect government IT, and we did find the UK to be an outlier both in egovernment performance and in the number and scale of IT disasters.

Q3 Chair: Which were the comparator countries?

Professor Margetts : Japan, Canada, the US, the Netherlands, Australia, New Zealand.

Q4 Chair: So some smaller countries, but some similar sized countries and the United States?

Professor Margetts : Yes, that is right.

Q5 Chair: And what are the distinguishing features of the UK experience?

Professor Margetts : If we were to point to one thing-obviously it is difficult to identify causality in studies like that-but if we were to point to the key distinguishing features that seemed to be having an effect, it was the scale and timing and contract value of IT contracts. It was the concentration of the market in the UK; it is a far more concentrated market, with a small number of suppliers getting the bulk of the contracts, than any of the other countries we looked at. Another distinguishing feature would be the lack of IT expertise within the Government. In all the other Governments we noticed a greater effort over a sustained period of time to retain some expertise within Government. I can say more about any of this.

Q6 Chair: Yes, I am sure you will. Why do you think successive Governments found it so difficult to resolve this?

Professor Margetts : There is a certain amount of past dependency in terms of some of those factors in the UK. For example, lots of things are being done at the moment to try and reduce the size of IT projects and to reduce the size of IT contracts, but there are some very large long-term legacy contracts that are still there-although they have been renegotiated. HMRC’s contract with Capgemini, for example, goes on to 2017. Some things become very difficult to tackle once those characteristics have been put in place.

Q7 Chair: But surely we can learn from these other countries’ experiences?

Professor Margetts : I think we can, although I would not say from that study that any one country gave the total answer. These are big problems for big Governments, and no one country has the solution, but in each of the countries we looked at I would say that there were features that we can draw out and learn from. The US, for example, are contracting legislation that mandates the involvement of smaller companies in contracts, rather than relying on a small number of very large suppliers. That is something that we are beginning to see move to here.

Q8 Chair: So more competition seems to be-

Professor Margetts : More competition in contracting, absolutely.

Q9 Chair: Our contracting is not already too bureaucratically regulated to create competition that actually mitigates against competition? One sometimes feels that the public procurement directive actually mitigates in favour of large providers.

Professor Margetts : Yes, if you introduce registration that mandates the involvement of SMEs, for example, then that sounds like more bureaucracy, but I would say that it is completely essential if you want to move towards a more innovative environment.

Q10 Chair: Is this a British disease? Does it affect the private sector as well? Does the private sector make a mess of ICT acquisition as well?

Professor Margetts : They do, and they are a lot better at keeping it secret, but I think it is fair to say that if Tesco’s information architecture was in the same state as the British Government’s then you would have needed a much bigger room and much longer ago. A lot of the problems that the UK Government is facing now, very large private sector companies facing the e-commerce challenge were dealing with 10 years ago.

Chair: Any others wish to comment at this stage?

Q11 Paul Flynn: Can I comment on the Tesco example? Tesco’s error rate, I believe, is something like 1 in 10,000 transactions for things, using the barcode, principally, using that, and they have a very sophisticated system going from the tills to the warehouses and so on, and a hugely successful system. The National Health Service has an error rate above one in 10 cases. Why is this?

Professor Margetts : Well, because of some of the problems I have been talking about. I rather imagine that the electronic systems that Tesco operates have been evolving over time, and there may have been a time when they had a much higher error rate, but it really has been prioritised; they have been recognised as the lifeblood of the organisation. I think it would be fair to say that here they have not: they are relatively unimportant.

Dr Whitley: There is also an element of the nature of the task: the purpose for a Tesco system is going to be a lot more constrained than dealing with patients across a whole variety of service providers, different parts of a hospital interfacing with local government, etc. That does not explain the huge order of magnitude difference, but there is certainly an element of the different kinds of problems that the systems are trying to address.

Q12 Paul Flynn: This technique of barcodes and so on has been around for about 20 years. Is it a matter that if Tesco decide to use it, it is a single person that decides to use it or a body, but if we are trying to introduce it into the Health Service we have to introduce it to a thousand different groups of people? Is that one of the obstacles? Is there an inbuilt conservatism, a reluctance to change, in the Health Service? We take it that the decisions of the Health Service are marginally more important than decisions taken in Tesco.

Dr Whitley: I think there are two different things that come together. One is the organisational decisionmaking structure, which in Tesco-I have not studied Tesco, so I cannot speak for them-I would expect would be a fairly straightforward, single organisation with a very clear "these are the different branches, these are the regions," however it is done, whereas the NHS as a organisational structure is much more fragmented, much more distributed, so you are going to get issues arising from nontechnology policy issues about how you structure the NHS and where the technology element of that fits in.

Q13 Paul Flynn: We are about to fragment the Health Service into thousands of small groups. Do you think this is likely to discourage the kind of decisions that we need, which should be really centralised decisions rather than decisions distributed throughout the land again?

Dr Whitley: I think there is a difference between centralising decisions and having decisions about, for example, standard procedures, processes and levels of service that you require. So yes, there is a risk that if you let a thousand flowers bloom you end up with a thousand different systems and a thousand different procurement contracts.

Paul Flynn: A lot of weeds.

Q14 Chair: I am very encouraged that we have a Labour MP that wants the NHS to be more like Tesco. Dr Brown?

Dr Brown: At the same time, as Doctor Whitley was leading into, the NHS’s Connecting for Health programme has not been a success, by and large, so far, and if you read reviews by people like Professor Trisha Greenhalgh of that, one of the reasons seems to be that there was too much centralisation-that too much was being decided in the centre rather than by the clinicians that needed to have a strong say about the functionality, and how those systems worked in practice.

Chair: A Tesco store manager has far more autonomy than a hospital manager.

Q15 Charlie Elphicke: If I may, three questions, which I will ask all at once to save time. First, how do other EU states manage the EU public procurement provisions that Europe hands down, without having their markets sewn up by IT fat cats who abuse the taxpayer? Two, would opening up procurement to SMEs make a dynamic difference? How much of a difference would it make in practice? Three, would Open Source help get better value for the taxpayer as well?

Chair: One sentence each.

Professor Margetts : There is no doubt about it that other European markets are not so concentrated, nowhere near so concentrated, and nor is the US, and one of the ways they have done that is by fostering local domestic suppliers by drastically reducing the size of contracts that are let-the kind of contracts that are billions of pounds, 10-year contracts that just do not happen in other European countries.

Dr Whitley: Certainly the size of the contract is an important issue for the SME market, because if you are a large Government department you do not particularly want to be relying on a small company with five employees, three of whom may leave if they do not like the way the boss is acting, or whatever, so there is always a risk associated with giving large amounts of work to SMEs. There is a sense that the current process does not encourage SMEs; it does not provide the opportunities for SMEs to make the kinds of contributions that they can given the scale, given the expertise that they have. In many cases they will have very specialist skill sets, technology and capabilities, but clearly you cannot imagine an SME providing technology rollout for every NHS Trust.

Dr Brown: All I would add is, on the third question, yes, I think that greater use of open source, open APIs, open standards does contribute to an ecosystem where you are likely to get a greater number of players and perhaps stimulate innovation that way.

Q16 Greg Mulholland: I am going to ask a few questions about the doomed Identity Cards programme, mainly aimed at Dr Whitley because of your evidence. If the other two would like to chip in please do indicate, but I am going to direct the questions mainly at Dr Whitley. The first thing to say is there are many of us from a political perspective in the House of Commons on all sides from a civil liberties perspective that are absolutely overjoyed that this farcical project has now been scrapped. But what I would like to ask you from an IT procurement perspective and delivery is: do you think-aside from the political arguments that may or may not been there-we were heading for another IT disaster that would have cost the taxpayer vast amounts of money?

Dr Whitley: Was it going to be a disaster? The way it was heading it was never going to get enough takeup for it to be a large-scale disaster, so a disaster in the sense of lots of money was being spent with very little contribution, very little benefit to UK society, but not a disaster in the sense of it suddenly affects the lives of the whole population, because I think only 13,000 citizens had signed up for cards to begin with.

I think one of the problems that the scheme was facing was the fact that because there was no functionality in the public documentation about how the identity card or the token could be used for online transactions, lots of people were pressing the IPS to say, "When are you going to be releasing the functionality? How can we start to integrate that with our business services?" Because they wanted to get a system that had some cards delivered-it said we will start issuing cards by 2009-it seemed that the focus was on getting some cards out into the greater population, even though they actually had very little useful functionality. There was a focus on getting something done rather than actually delivering something that would be of use to UK citizens.

Q17 Greg Mulholland: I think that leads very nicely on to the next point, which is do you think this whole scheme was the wrong way round? It was, if you like, putting the cart before the horse. It is an unusual policy idea in the sense that it has a technical IT solution in its very title. Do you think that rather than suppliers proposing the best solutions to a stated policy objective, this was actually driven, in the end, by the desires of IT companies to get a scheme in there when the Government had frankly lost sight of what it was for, with the whole thing being done on the basis of exploiting the heightened fear of terrorism?

Dr Whitley: I would present it slightly differently. Certainly the analysis-and I think we submitted this to the Home Affairs Select Committee; it was one of the two inquiries into the surveillance society-showed that the legislation-not just the title of the bill, but the actual legislation-strongly suggested, or determined or guided, a particular technology solution. The idea of writing the National Identity Register into the legislation, with all of the mechanisms around updating and penalties, etc, did have a very strong "this is not only what we would like to do-we want to have a mechanism for allowing people to authenticate their identities in various circumstances-but here is a very technology-driven design for doing that." So, it was there in the legislation, arguably.

Was it there just for the desire of the IT companies? I would not put such a strong causal link on there. You have to recall that two of the large IT suppliers actually withdrew from the process of bidding to be part of the strategic supply group, because they did not want to be part of the proposal for whatever reasons. It has not been made public what reasons they used for withdrawing, but two high profile companies actually withdrew from the bidding process. I suspect that once the decision had been taken, "Right, we are going to do this; we are going to get some cards out by 2009; we need to have something that works," then the contracts would have been written to say, "Right, can you deliver this kind of capability and we will worry about the other things like online transactions at a later stage."

Greg Mulholland: Do you think that that is the hub of the problem, that the Government were set on doing this and had lost sight of why it was doing this, and therefore there were no firm policy objectives for IT solutions to fit? Because it is a little bit like the war in Iraq: one minute it was about weapons of mass destruction; the next minute it was about regime change. Similarly ID Cards were supposed to be about preventing terrorism, and that was blown out of the water when suddenly the 7/7 bombers all had perfectly valid British identities. Then it became about other things-benefit frauds-and in the end the Government just became committed to it and was too embarrassed not to drop the programme. Is that not making it impossible for IT to deliver something when the stated policy objectives are not clear? That leads to the costly failure that you mentioned in your first answer.

Dr Whitley: Yes, so clearly the scope, or the espoused scope, of the scheme varied. I used to joke, "What day is it? It’s Tuesday. Oh, well, it is going to be about identity fraud or young people providing proof of age." So having an unclear scope-and in the written evidence I submitted I showed how time and time again there was independent advice saying you need to be very clear about what the scope is and you need to focus on your top priorities-in a political context where the opposition parties were trying to oppose the scheme, is an element of understandability of why Ministers would try, if they were being attacked on that front, to present it in that way.

There is a common response: "Well, let’s make sure that the legislation specifies exactly what the scope is," but the Identity Cards Act had a clause that says "for the provision of better public services", which is so generic that just about anything would fit within that scope. So you need to get a balance between saying what you want the policy to achieve and then writing it in legislation that provides an appropriate level of detail without being so general that anything fits within the scope, and without being too specific that you get, "Build it around a central register; build it around this kind of provision."

Q18 Greg Mulholland: What do you think can be learnt from Ministers’ handling of this, because throughout the passage of the Identity Card Bill, as you are well aware, Government Ministers continually reassured Parliament that the lessons of previous failures had been learnt. The Strategic Action Plan published in December 2006 made similar claims, saying the Government was taking an "incremental and pragmatic approach"; "We will keep risks and costs down by using existing Government investment and delivering incrementally, based on extensive piloting and trialling." That seems to bear very little reality to what happened, so were Ministers being less than honest, or did they frankly not have a clue what was going on?

Dr Whitley: I do not think I can comment on whether Ministers were being less than honest, but certainly I think one of the things that needs to change is a kind of more grown-up attitude to technology. So if a Minister says, "Well, we are doing this; we think this is the best solution, but we know that there are these problems, and if these problems become far worse, then we need to revise our plans." I think it needs a more grown-up attitude amongst politicians in general, to be able to say, "Fine, you have tried your hardest. We still disagree on it as a matter of principle about this particular policy, but we are not just going to point fingers and say, ‘You have changed your mind, therefore you are completely incompetent.’"

Q19 Chair: The key is to separate the policy of ID Cards from the IT delivery, and they are not the same thing, they never should have been the same thing, but because we have a dysfunctional system in this country they become the same thing.

Dr Whitley: They certainly became much more closely related, yes.

Q20 Chair: The Prime Minister made a thing about choose and book, and wanting a hospital appointment system. He had in his mind an IT system before the policy had started. Isn’t that a problem? There need to be officials to tell Ministers, "Actually, let’s get this right. If you want a choose and book policy, let’s think about that separately from the system to deliver it."

Dr Whitley: I would expect and I would hope that they are receiving that kind of advice. Whether they are just receiving the "yes, it will work, you can go for it" advice, or whether they also have the dissenting view that says, "Well actually, if you want to have this kind of functionality there are these other concerns, these other ways of implementing it. Be very clear about what you want to do and why you want to do it that way. Do not think about your computer system in terms of whirring tapes and flashing lights, but think in terms of the capabilities."

Q21 Chair: Do we still have whirring tapes? Professor Margetts, do you want to say something?

Professor Margetts : I was just going to say that those would be useful things to think about in the context of the Universal Credit, because there you have a major policy that will be very reliant on computer systems, and some of the systems that we talk about in the Digital Era Governance book, for example. Obviously those systems should not drive the policy, but the policy is unimplementable without a viable system. It is extremely important, and it is something that would have to be prioritised in a policy.

Chair: But it is about the governance arrangements, which brings me to Mr Heyes.

Q22 David Heyes: I am going to ask you about Government inviting procurement, and get the views of all of the panel on it. Are the existing arrangements fit for purpose, really, is what I am saying. I have in mind things like the Gateway Reviews, the senior responsible owners system. Is that an adequate approach to governing IT procurement, and if it is not, is there a better way of doing it?

Professor Margetts : I will start and then hand it over.

Chair: All of you.

Professor Margetts : I think some good things have been done: for example, bringing OGC into the Cabinet Office, I think that makes sense, and the size of Gateway Reviews, before something needs a Gateway Review, has been reduced, which is good because sometimes things were not huge in contract value, but of great strategic importance, and they were too small to have a Gateway Review. So those things are good, but I think the-sorry to keep coming back to this-big maintenance contracts do not really get touched by Gateway Reviews. It needs something else to deal with some of those kinds of problems.

Q23 David Heyes: What would that be?

Professor Margetts : I think it is tax, welfare: those areas have got to be really tackled separately. Some of the plans for Universal Credit sound plausible: the idea of locking down the legacy systems, accepting that they are there, building an interface that will take data from those systems and will deliver what is needed. They sound okay, but it really means confronting these systems, of which there are several that were built in the 1970s-I wrote my PhD thesis about one of them and I am very distressed to see they are still being used. It means tackling those problems. It is not glamorous, and there are no flashing lights, and this is one of the reasons why it has not been tackled, but it will have to be when it comes to Universal Credit.

Dr Whitley: On the Gateway Reviews, yes, they are being done. They need to be listened to. So doing a review and not changing behaviour sounds like-

Q24 David Heyes: They are not publishing them.

Dr Whitley: Not publishing is a whole separate issue, and we have talked at length in our ID Cards work about the fact that the Gateway Reviews were not made public for many years. The senior responsible officer is an element of the broader procurement activity, and clearly there is a need for expertise in terms of procurement to be inhouse, rather than just having some vendors come up and say, "This is a fantastic solution. It will only cost you this much. Sign on the dotted line." So getting that balance of expertise inhouse to be an intelligent customer I think is very important.

Dr Brown: I think definitely more openness, as the Information Commission also has called for, is very important. I am very interested to see how the Cabinet Office’s gradual integration of privacy impact assessments into the Gateway Review system goes. I think openness would help there to allow others to assess whether that is making a difference, not least because in other countries that have gone down that path, particularly Canada, what has been found in reviews of how their systems work in practice is, well, yes they get done, but sometimes just as boxticking exercises, and if they are not listened to they have no impact.

That is also coming back to Mr Mulholland’s question: of course, if the aim of the policy in the first place is not clear, and the evidence that it might actually achieve those goals, that also makes it very difficult then for Parliament and others to assess the human rights compatibility of the legislation. You can only judge proportionality in a specific context, understanding what is trying to be achieved, what might be other ways you could achieve those goals, and if that is not clear up front then it is much harder when you are debating legislation to decide what should be the limits that you put on the Government’s powers to gather data, to process, to share it and so on.

Q25 David Heyes: So is there a better way?

Dr Brown: Unfortunately we are, to a large extent, stuck with the way we have right now. I do not see how we could have a process of revolutionary change that would move significantly away from that, but I think that some of the steps that Dr Whitley and Professor Margetts have mentioned to make that system work better should be more aggressively pursued.

Q26 David Heyes: I think you mentioned the role of the Cabinet Office in this. Is that performing adequately? It is a very loose arrangement; they are not imposing their will, it would seem to me. Is that your view?

Professor Margetts : It is difficult for the Cabinet Office at the centre to really understand what is going on on the ground in the big departments, so the Cabinet Office has a very clear role to play in delivering the solutions, like the GCloud, for lots of smaller departments and agencies. But when it comes to the big processing departments, then perhaps a different approach is needed.

Q27 Charlie Elphicke: Are any of you aware of the IT and systems integration and planning related to HM Revenue and Customs?

Professor Margetts : Sorry, I do not-

Charlie Elphicke: No, do not worry-another one of the Government’s IT disasters. What I am hearing from what you are saying is the Government, particularly the previous Government, was captured by eyecatching initiatives and "ping machines" of the sort of Monty Python variety, without actually asking the question: "What do we need and what do they do?" First of all, is that fair? Secondly, what we do not need in the Cabinet Office is an outsourcing to a reviewer who does not know what they are meant to be reviewing. Do we need a director of IT strategy for the whole Government based in the Cabinet Office to clarify the strategic nature of what the Government should be seeking?

Chair: Or is that what the CIO is?

Professor Margetts : I think that is right, but now the CIO has two jobs, for DWP and to be the CIO, and I think that is a bit indicative of the priority that is given to the kind of role you suggest.

Q28 Chair: So the CIO’s job needs to be split, and there needs to be a separate IT supremo in Government? There should be a permanent secretary in charge of IT? It is a big programme, isn’t it?

Professor Margetts : I think so; I think that would make sense, yes. Not a CIO who has actually got two jobs.

Q29 Chair: Do the other academic witnesses agree?

Dr Brown: Yes, that was something that we recommended in our Database State Report two years ago, that the CIO should become a permanent secretary and should have that role.

Professor Margetts : One thing I would like to say about HMRC-

Q30 Chair: Sorry, can I just ask Dr Whitley?

Dr Whitley: I think it needs that, but again you need to be very clear about what they are doing: they are providing the high-level strategy and potentially awareness gathering for all Government departments. You cannot expect that one person to also be doing the very detailed decisionmaking down for individual departments, so you need to be very clear about how that permanent secretary level person filters in with the individual.

Q31 Chair: Do you agree with this distinction made in the IfG Report about distinguishing between platform and agile, and that this director person should be doing the platform part of it and not the agile part of it?

Dr Whitley: I do not think they are quite making a distinction between platform and agile. Certainly the platform level, the idea of specifying the services that need to be provided, and in many cases that kind of service level is something that would apply crossGovernment. So yes, certainly the agile development is a slightly different way of implementing system development. But certainly the kind of platform level is definitely the way forward.

Professor Margetts : I just wanted to respond to this point about HMRC. I do not think, as Dr Whitley said a little while ago, we should necessarily be blaming the computer services providers for this. Actually, Capgemini’s share price went down when they won the HMRC contract, which says it all.

HMRC took a decision a long time ago, in the early 1990s, to outsource everything-and I mean everything. All the expertise went over to the supplier, and a tiny proportion was spent on managing the contract compared with what the private sector would have done. We are seeing the consequences of that now, and that is the problem that really needs to be tackled. I do not think we should blame the computer services industry with running off with HMRC tax systems.

Q32 Charlie Elphicke: I was not blaming the computer services industry. The reason I ask it is last week the Cabinet Secretary came here and said that when he was at the Treasury he designed the whole thing to do with the HMRC integration and thought it had been a huge success, and that is why I am asking what lessons we can learn, since he now is going to roll it across the whole of Government.

Professor Margetts : At the time there was no technology expertise in the Treasury, and it was regarded as a great thing because it was new and very large, and we have got to move away from that.

Q33 Chair: Would you describe it as a great success?

Professor Margetts : No.

Chair: Right, okay. Sotto voce. Mr Flynn?

Q34 Paul Flynn: Thank you very much. I shan’t be tempted to go down the party political line that you indicated, except to quote the motto of the school in my constituency, which is "Nid da lle gellir gwell", which means "there is nothing so good that it cannot be improved", and that is our view when we come here, not trapped in the silos of the triumphs and the failures of the health service, but simply seeking after the objective truth based on the evidence before us, and part of that is the rather surprising view that has come from the Open Rights Group, Sirius and a group called ThinkGov, who said, surprisingly, "There are very few information technology failures, but plenty of examples where a public sector business change project using IT has been mismanaged." The theme from these groups is that it was not a question of abject failure; it was a question of the IT being introduced as an afterthought: management decisions are taken by Government in an often confused way, and they look at the IT as some of the bells and whistles that they hang on afterwards. Is this a fair criticism?

Dr Whitley: I think you would have to look at specific cases, but certainly there is a real risk that-if you flip the question around-if technology and thinking about implementation issues is not there early on in the policymaking process, not necessarily to say, "We have got this technology functionality. What problems can it solve?" But if you bolt on technology considerations then you are not likely to be very successful, and that is particularly the case for privacy-type considerations.

Q35 Paul Flynn: You might have partially answered this in the previous questions you have had, but it has come up so consistently in the evidence that one of the problems that Governments have is this particular one of being driven by a political agenda, and in getting to a technological field that is rarely understood by the people who are advising us. Is this true?

Dr Brown: I think that is a fair point, and as Dr Whitley said it has an impact not just on the success or failure of the IT system itself but particularly the privacy and security impact, because those are two qualities of systems that are very hard to fix after the fact. They are things that you have to plan for carefully right from the start of the policy development process, rather than just hope you can leave it to more junior officials to fix at the end.

Q36 Paul Flynn: There seems to be another problem with Government: there were a series of scandals involving losses of data; there were no scandals about anyone finding any data that actually did any harm, as far as I can recall, but huge excitement about losing files. Is this a pressure that private companies do not have-and they probably cover it up if they have lost data anyway-and that increases caution in Government, which is damaging?

Dr Brown: I think one significant difference is that ultimately individuals have the choice, by and large, whether or not to deal with private companies; they usually do not have a choice about dealing with the Government and providing information to Government that is required by law, and therefore I think Government does have a greater duty for that reason to look after and protect that data.

Professor Margetts : Also, private sector companies tend to know how important their data is, and I think Government is not so good at that.

Chair: We can come on to data privacy a bit later.

Paul Flynn: Okay, thanks.

Chair: We are moving on to the whole question of IT’s potential to transform public services.

Q37 Lindsay Roy: There is a huge expectation still that IT has a potential to transform public services. What criteria have Government departments used to design their systems, and have they got the focus wrong?

Professor Margetts : I think Government departments have been very slow to pick up on the possibilities of the internet and webbased technologies for transforming services. That is ironic, because there are far more possibilities there for innovation and actual transformation than there were in the great big administrative processing systems of the ’80s and early ’90s. So yes, and I would say that those kind of newer technologies, social media and so on, should very much be at the heart of initiatives like the Big Society and things like that, and they tend not to be.

Q38 Lindsay Roy: Have they focused enough on the needs of the consumer?

Professor Margetts : They are not focused enough on what citizens and consumers are actually doing. That is the one thing that the internet has done: it has allowed companies to know, to understand their customers and be able to treat them accordingly, and I think Government has not taken that capability of the internet, and there is a lot of possibility there.

Q39 Lindsay Roy: So would you say it has been more designed to meet departmental perception of need?

Professor Margetts : Yes, in a very narrow way, to engage with citizens exactly the same as it has always done, and to use technology in a very limited way, rather than thinking about how technology could be used to enhance people’s ability to solve their own problems, to pay their taxes on time, to maximise their health and things like that.

Q40 Chair: This all seems so obvious. What is the problem? Why can’t they get their brains round it?

Professor Margetts : You have got to remember that a lot of people within Government departments could not even see their own website, their department’s own website, while they were at work until well into the 2000s. Contracts were signed in the late 1990s for computers that did not have internet access. So there is no culture of innovating with technology. I think there are a lot of understandable cultural barriers within Government that are actually perhaps worse in this country than-

Q41 Chair: Are you seriously saying there are people sitting at desks in Whitehall now-

Professor Margetts : Not now, but until distressingly recently.

Q42 Chair: Until when?

Professor Margetts : In the early 2000s, mid-2000s even, there were people in very large Government departments that did not have internet access at work-could only see their departmental website when they went home.

Q43 Robert Halfon: If I can come in on what Mr Roy and the Chair were saying, I have argued in the previous sessions that Governments have opened up the internet, putting loads of information on there, which is good, but that is like the internet was five years ago, and that all it is is an encyclopaedia of information, and that the Government should actually be Wikipedia rather than encyclopaedia, so the people have interaction with that information and can actually make a difference via the internet and how they do it, which is what you were just saying. Do you agree with me, and if so, how could that be done?

Professor Margetts : I do absolutely agree with you, and I have been saying that for ages too. One of the barriers to that that needs tackling is Government is very uneasy with any sort of part-authenticated information. Government officials, Government agencies like information to be perfect, and a lot of the benefits of those kind of technologies come from things like-I do not know-rating systems and recommender systems, which we are very accustomed to, and systems that do not give perfect information, they just give an idea; they give you an idea of what is happening.

Those kind of systems could be incredibly valuable in picking up major problems in the public sector with hospitals, for example, or local government offices: picking up problems, indicating what people are feeling about services and using information, free information that citizens are ready to provide on social media, and Government is very uncomfortable with that idea. Okay, in NHS Choices, for example, there is the possibility that people rank their healthcare provider, but it should be the main part of the system, not buried after six clicks, by which time most people have given up. I think there is an understandable, but overcomeable, resistance in Government to that kind of facility-of using just part-authenticated information.

Q44 Robert Halfon: But, for example, you mentioned the hospitals. At the moment you have league tables that Government set; they set the criteria. Why can’t the people who use the hospitals set the criteria themselves via the internet and assess whether or not they think the hospitals are any good, and why can’t Wikipediatype Government, rather than encyclopaediatype government, reflect those kind of things, to give people real say-so through the internet-real power, in essence.

Professor Margetts : Yes, and that is perfectly possible, and there have been a number of quite successful social enterprise applications that allow people to rank hospitals and rank healthcare provision, and that facility is available on NHS Choices-one of the most expensive websites in the world.

Chair: Just because Professor Helen Margetts is sitting in the middle it does not mean that she needs to answer all the questions.

Professor Margetts : Sorry.

Dr Whitley: Just on that, one of the things that potentially would emerge from that is, if the criteria by which the citizens assess a local hospital-what they think are the things that the hospital should be providing-are very different to what the NHS managers, or whatever, have decided, then that gives a real opportunity for the transformation of public services type question that-

Q45 Robert Halfon: Exactly, and schools and transport, and where buses should go, and so on, because that is all decided from the centre.

Dr Whitley: There is always a risk that you only get the really enthusiastic people or whatever, but it is an extra data point that will have some benefit, but I would not say it is the only way.

Robert Halfon: But which is better: enthusiastic people, or just being decided from the centre?

Chair: We need to move on.

Q46 Lindsay Roy: How can Government promote consistently that kind of cultural change that is desired?

Professor Margetts : Can I…?

Lindsay Roy: Any of you.

Chair: The other two are so shy that you had better carry on.

Professor Margetts : Well, I think relaxing a bit, and actually recognising that there are all sorts of information out there that people will freely give and there is work they will freely do. We are all managing our own banking these days: anyone who uses internet banking manages their own banking, taking loads of burdens off banks, and people would be willing to do the same for Government, and it is recognising and capitalising on that.

Q47 Lindsay Roy: Critical to this is leadership.

Professor Margetts : I do not know if it is leadership.

Dr Whitley: I think it is leadership once the general opinions, general issues are raised.

Q48 Lindsay Roy: And leadership at devolved levels as well: I am not just talking about a single individual or a small group-a small elite.

Professor Margetts : It is more about providing some kind of framework, facility, application or platform, and then allowing citizens to get on with it.

Q49 Chair: But isn’t it about reorienting the whole of Government, and saying, "These information systems are not for Ministers and officials; they are actually to serve the public"? Don’t banks do that rather better than Governments?

Professor Margetts : Banks have got their own problems.

Dr Whitley: But certainly, yes, a clearer link to what the customer wants, and, as Ian was saying, with the opportunity to change banks, to change supermarkets or whatever if you do not find the level of service that you are receiving sufficient. Certainly it is a strongly driver.

Q50 Charlie Elphicke: Is it fair to sum up the problems in this latest round of questions by saying that what we have is a situation of what you might call mainframe Government in a wireless, laptop world?

Robert Halfon: Or IBM Government in a Linux world.

Charlie Elphicke: Indeed. Mr Halfon’s more modern than I am; he is much more modern than I am

Chair: Dr Brown?

Dr Brown: Yes.

Chair: Yes; okay.

Professor Margetts : Yes.

Q51 Chair: Moving on to the skills that Government has or lacks, it seems to me that this is very simply a skills question, isn’t it?

Dr Whitley: There is certainly an element of retention of skills, and also the relationship between the skill set of the technology role and the organisation more generally, so in many organisations, the CIO might sit on the council, but ultimately it is the chief executive who will take the final decision. So in that sense I do not think Government is that different to commercial organisations. We are not advocating that chief information officers should be driving everything, but certainly they should be having a stronger voice.

Q52 Kelvin Hopkins : Perhaps I can draw together one or two of the themes that emerged in earlier questions and bring them together. You talked about the need to be an intelligent customer: the fact that Government cannot handle the contractors, the big companies, because they have not got the skills inhouse means they cannot advise what potential there is in using IT skills throughout Government. Doesn’t that shriek that we need not just a permanent secretary but real big inhouse potential and skill facility that could advise on all of these things and really be influential, and could make sure that contractors are kept in order, that all Government departments are up to date and running properly? Doesn’t it really need a big, inhouse, powerful facility?

Professor Margetts : I think we need more inhouse than we have got at the moment, and if you look at successful Governments that is what they do. In Canada, for example, there is a big expertise within the Government that can step in if something goes disastrously wrong, but can also oversee the contracts. It is not all about keeping the contract to the letter and keeping the contract price down; it is also about cooperating and innovating, and having a more blurred boundary between the contractor and Government. Government finds that difficult in a way that the private sector does not; they are used to those kinds of relationships, and Government finds it much more difficult. But yes, you can only get that by recognising the need for expertise inside, and not saying, "Oh well, we are contracting it, so we do not need to know anything about it."

Dr Whitley: There is a real risk that the outsourcing industry within the private industry has recognised. Yes, you can outsource and squeeze down costs, and that is kind of great because you cut down your costs, but you do not do very much beyond that: you cannot innovate. If you want to innovate with your outsourcing partners you have to have a very different relationship with them.

So you certainly have to have-I hesitate to say big- certainly a significant capability inhouse, and a very different attitude to managing that relationship that says, "This is a collaborative arrangement and it needs flexibility on both sides," rather than, "This is what we have screwed down the costs on, and then, when you come back and say, ‘This was not in the initial contract,’ we are sticking with the contract so we will now charge you an awful lot of money. Oh, you need internet access, you need internet capabilities. That is extra to what we had initially agreed, and because we are sticking with our contract because you have forced down the price on contracts that is going to be the basis of our relationship."

Kelvin Hopkins : You need the top cutting edge skills inhouse as well as out of house to deal with it.

Professor Margetts : To manage those relationships.

Q53 Kelvin Hopkins : Another sphere I am very familiar with is-I won’t mention particularly what it is-where the contractors have all the power, they do a job. When it is not done right then the client comes along and says it is not right, they say, "Well, we will do it again for you, but pay us more money," and they get paid twice for doing the same job because it was not done right first time. If you can make sure at the beginning that it is right you save a lot of money and get the right job done as well. Just one last question, in the late 1980s, the Conservative Government-and I do not blame the Conservatives any more than I do New Labour, because they were all about contracting out everything-started winding down the Central Computer and Telecommunications Agency, CCTA, which could have been built up, but was wound down, and that might have been a basis for what we think we need now. Is that right?

Professor Margetts : Well, the CCTA, yes, it was in the Treasury, and then it was in the Cabinet Office, and it has changed. If you look at Governments that are managing better in this area than the UK, it is not a matter of central agency control and coordination. The CCTA used to own all the computers in Government, and I do not think that really is the way forward, and I do not think any of us would think that.

Q54 Kelvin Hopkins : It is the skills that are important.

Professor Margetts : It is the skills that are important, yes.

Q55 Kelvin Hopkins : So how would you go about regaining those lost skills? What would you suggest?

Dr Whitley: I think we have an interesting opportunity at the moment, given market conditions in the IT industry, that there are potentially a lot of skilled individuals who are open to new job opportunities. I think there is a risk that, once they move from the private sector into Government, they might find themselves incredibly frustrated by the inability to drive through the kinds of change and the kinds of best practice that they have been used to doing. Obtaining the skills is perhaps not as much of an issue in this current employment scenario as retaining the skills, but that is a whole separate…

Q56 Kelvin Hopkins : You have got to have politicians who are comfortable with all of this, and you have got to have senior officials that are comfortable with all of this as well to give them their head and let them do the job.

Dr Whitley: Yes.

Q57 Robert Halfon: You mentioned when you were answering Mr Flynn earlier that there was a difference between private companies and the state in terms of data privacy, because people had a choice with private companies. In theory that is true, but given that most people are connected to companies like Google and Facebook, and when those companies harvest people’s Wi-Fi details and personal emails-as has happened in recent times-is there really any difference, in reality, between private companies and the state? Isn’t there a privatised surveillance society as well as a public surveillance society?

Dr Brown: Yes, I certainly would not say that privacy is not important in the private sector, and in the specific example you gave of the Google Wi-Fi Street View cars, I think it was a mistake of the Information Commissioner not to take stronger enforcement action against Google as a result of that.

Q58 Robert Halfon: What do you think the Information Commissioner should have done?

Dr Brown: If you look at what path other regulators have taken in Europe, for example, they opened serious investigations of the company, whereas the ICO seemed to be satisfied with Google signing an undertaking saying, "Oops, we won’t do it again."

Q59 Robert Halfon: And when you speak to the ICO, they say they did not have the powers to do those investigations. What is your view about that?

Dr Brown: I am not sure that that was the case at the time. I think the ICO interpret their powers and their duties under the Data Protection Act very cautiously and conservatively.

Dr Whitley: There is also an interesting angle of IT oversight that seems to have been missing in that particular case, because you would have thought that somebody would have noticed that they were running code that potentially could mess up your entire Street View capture because it was collecting something that was corrupting, the fact that your hard disks were filling up far faster than you were expecting, that fact that somebody had actually screwed on and connected up a Wi-Fi receiver: somebody else should have noticed, there should have been proper IT oversight.

Q60 Robert Halfon: It was not just the Wi-Fi data; it was the emails and the passwords.

Dr Whitley: Yes, but the fact that you have a technological device that you have attached-these do not appear on the cars but are physically attached-there should have been oversight of that, and the oversight mechanisms that should have checked that the code was only doing what it was supposed to do, that you had not screwed anything else on to the car, etc, did seem surprising in its absence.

Q61 Robert Halfon: Do all three of you think the Information Commissioner was lacking and should have done more in this particular case?

Dr Brown: Yes.

Dr Whitley: Yes.

Q62 Robert Halfon: And do you think there should be more done on personal privacy and data privacy? I am going to come on to the governance side in a second.

Dr Brown: In general one problem with the system we have right now is that the Information Commissioner, in his data protection role, focuses very much on data protection as it is defined by the Data Protection Act, which is not the same thing as privacy. It is not taking wider questions of human rights into account, for example.

Q63 Chair: Does this have a bearing on Government IT, in that some of the evidence we are receiving suggests that the Government should be trusting Government-owned data, or people’s personal data, much more to private-sector providers like Google and so on, but with these problems about data privacy and the private sector, is that an impediment on the Government doing that, do you think?

Professor Margetts : It needs to retain some sort of control over the data. If you think about-

Q64 Chair: More than individuals have when we put our data on to servers in the private sector?

Professor Margetts : Yes, because it is our data, so, precisely.

Q65 Robert Halfon: If we are to pass our data, if we do have companies like Google running our data and doing things-which I am not opposed to, by the way-should there be, in order to safeguard our data privacy, an internet bill of rights that sets out intellectual property and how our data is used and so on?

Dr Brown: I think that would be one way of approaching it. A parallel way of approaching it would be using opportunities, as we have at the moment, for example, as the European Commission is reviewing the operation of the Data Protection Directive, to say, "How can we make that more effective? How can we better protect individuals’ privacy in relation with private companies and Governments?"

Dr Whitley: A very academic answer: I am involved in a research project that is looking at ways of enhancing how users get more control over management of their data, and one of the issues that we have been exploring is whether property is the best way of understanding your relationship with data, and are there alternative mechanisms-for example, contractual relationships-that might provide the same kinds of support and guarantees, without necessarily going down property, because property has its own particular challenges.

Q66 Robert Halfon: Yes, just two questions, if I may. One of the reasons why I asked my question was that I wanted to know if the Government were any worse than the private sector in this, given all the Government data scandals there have been and the HMRC mislaying data and so on, and given the Google issue and the scraping and all this stuff that has come out in recent months.

Dr Brown: It is impossible to know, because at the moment there is no requirement on the private sector to report data breaches, although that is being discussed in the review of the Data Protection Directive, and I think that would be a positive step forward. Of course Government usually has significantly greater risks than most private sector organisations, in that they have forced individuals to pass their data over to Government, and often they have very large quantities of it.

Dr Whitley: And the flipside of course is also, following the HMRC data breach, that the Government has rolled out procedures and guidance and training for all staff to go through to appreciate that, which is a very visible response that might not necessarily have rolled out in the same kind of way in the private sector.

Q67 Robert Halfon: Does the Government need to keep as much data as it does, and if so, how can it make it more secure?

Dr Brown: No it does not, and I think that is one of the most significant things that Parliament and others could do moving forward: make sure that Government is not gathering excess quantities of data, not taking an attitude, which seems to be prevalent so far, of, "We want this data, you will just have to trust us-we will put adequate security measures in place"; it is a really critical part of the data protection regime that you only collect the personal data you need to do a specific job. You do not just say: "Hand it over and we will decide later; we want the flexibility to do other things with the data."

Q68 Robert Halfon: But why does it not need to collect so much data? I agree with you, but can you just set out why?

Dr Whitley: One way of looking at that is in terms of the big question about what the system is trying to do, and the associated concerns about data quality. If someone has designed a system for unemployment benefits that has a process that requires you to fill out three screens of data, most of which is not particularly relevant, and if you cannot get to the end of the process without entering data into the data fields, then you are going to generate low-quality data, because someone just types rubbish into the fields because you have to in order to undertake the transaction. Then the risk is that if the Government is holding that poor quality data and potentially taking decisions, all of the recipients seem to have their date of birth as being April Fools’ Day, because they needed a date so they entered April the 1st.

Again, it is that bigger picture: if you have not really thought about what you are trying to do, what data you actually need to perform that transaction, then you build a system that requires lots of data collection just in case, because it might be helpful, with no mechanisms for checking that the data is of the right quality, or costly processes for double checking that the data is the right quality, when actually all you need to know is the National Insurance Number, and that the National Insurance Number matches other records that we have, or whatever it might be.

Q69 Charlie Elphicke: Very briefly, I am very concerned by what you are saying, because the Information Commissioner has a role with regard to the private sector and also the public sector, and what I hear-confirm if I am right or wrong-is we have equipment screwed on top of a car and codes to collect this sort of data. It seems to me it is very clearly an organised, premeditated theft of data, invasion of people’s privacy, and it sounds to me like you are saying the Information Commissioner turned a blind eye. Is that correct?

Dr Whitley: I won’t use words like "organised" and "theft", but it certainly would be an intentional activity. It did not happen by accident; someone chose to do that.

Q70 Robert Halfon: Google say it happened by accident.

Dr Whitley: You do not screw a device on to the top of a car by accident; somebody did it, and in any quality process somebody should have checked what that was, why it was going on , and why they were collecting more data than they thought. "We have gone down a street and we expected this much data from the photographic images; we seem to have more data-what is it and what is going on?"

Q71 Robert Halfon: Do you think the Street View by itself was an infringement? Forgetting about the Wi-Fi codes and the emails, do you think taking pictures of people’s houses and putting them on the internet is an infringement of personal data?

Dr Whitley: I have opted out, so you cannot find a photo of my front door. I have clicked the link to take my front door off Google Street View.

Q72 Robert Halfon: Do you think people should have an optin rather than opt-out? That is the crucial thing.

Dr Brown: I do in that situation, yes.

Q73 Robert Halfon: And is that the same with you?

Professor Margetts : I leave it to the privacy experts.

Dr Whitley: I am slightly inconsistent on optins and optouts. So, in that case an optin, but in terms of kidney donors and organ donation, I would prefer an optout.

Q74 Robert Halfon: And that principle should link in to Government data. This is the problem with the ID Cards: the Government just taking all your data, and that is why they want it-to have as much data as possible. You should be able to optin to how much data you give the Government, rather than the other way round. Unless you break the law, but that is separate.

Dr Brown: And I think that is an important principle, actually, that whenever Government claims they are doing something for the good of the citizen and the citizen should be glad this is happening, well, it should be the choice of the citizen to take up or not take up that service. That is the best test of whether it really is for the good of the citizen.

Charlie Elphicke: Did the Information Commissioner fail in his duties in turning a blind eye and fall down on responsibilities that he should have been upholding and maintaining in relation to this matter of Google?

Dr Whitley: Ian has followed it more closely.

Dr Brown: I think the current Commissioner and the previous Commissioner had a much more selfregulatory position than all of the other Commissioners in Europe, and I think this case shows why that is not always the right path to take.

Q75 Paul Flynn: The view, Dr Whitley, of your front door is something that can be recorded by a passerby. What is the point in opting out? What is so shameful about your front door?

Robert Halfon: Because the passerby cannot go round every house in the country, that is why.

Q76 Chair: I am going to move on-I must move on. Before we close this session, you have been extremely helpful to us, but it all seems very complicated and quite obscure, and anybody watching this session I think will find it quite difficult to make sense of everything that we have asked about and everything you have told us. But it seems to me that the fundamental thing is that there is scope for central Government and a centre in Government to define how IT projects are taken forward, and to require some definition about purpose and scope of IT projects before they are approved. Do you see this happening yet?

Professor Margetts : Well-

Chair: Let’s start with Dr Brown.

Dr Brown: Not yet strongly enough; we shall see if things change as we go forward, but I would add to what you said: Parliament has a role to ensure that it happens in not passing Acts and funding projects that do not meet these kinds of tests.

Q77 Chair: Could each of you just recap with a fundamental recommendation you think we should include in our Report to help this happen, or anything else?

Dr Whitley: On the earlier question, I think the third one that you mentioned previously but did not mention in that version of the question was the role of standards and interoperability capability, rather than saying, "We want this email system; we want this kind of functionality; we want this level of service; we want this kind of security; this kind of interoperability." I think potentially that is one of the interesting elements of the Government Cloud, in that it is not just about consolidating servers and putting computer systems together but is also about the possibility of saying, "Actually, Government as a whole requires these kinds of services, and we can have a market of service providers that can offer to this service requirement," rather than, "It has to be this particular package and this particular functionality."

Recommendation: as the evidence has made very clear, managing and implementing IT is a very difficult-

Q78 Chair: What is the recommendation? We know it is difficult.

Dr Whitley: It is kind of a meta one: there is not going to be a simple solution, you are not going to be able to say-

Q79 Chair: Okay, but what is the recommendation?

Dr Whitley: Let me come back to that.

Professor Margetts : Prioritisation: I think lots of what we have been saying is that okay, these issues are difficult, but I do not think you should make it sound too terrible. They are just really important, and that when any policy change is being considered, or any policy innovation, these things have to be at the heart of it. They are not completely policy-neutral; important policies and ideas and exciting things cannot get implemented without them.

Q80 Chair: So every time policy changes, some steps to go through to audit IT consequences.

Professor Margetts : Yes, in many countries that happens. You cannot propose any sort of policy change without considering the information systems implication.

Q81 Chair: Dr Brown, the last word.

Dr Brown: On privacy, which is my particular area of expertise, I would strongly support the proposals of the Information Commissioner’s Office that they are able to give Parliament a reasoned opinion on legislation that significantly impacts on privacy, and I think Parliament should really make use of that and be much more careful about the powers they give Government in future in the area of collecting and sharing personal data.

Chair: Thank you very much indeed for those last points. They have been very helpful.

Examination of Witnesses

Witnesses: Professor Nigel Shadbolt, University of Southampton, and Sir Ian Magee, Institute for Government, gave evidence.

Q82 Chair: Two very different witnesses. Thank you for joining us today. Could you each identify yourselves for the record, please?

Professor Shadbolt : Professor Nigel Shadbolt, University of Southampton.

Sir Ian Magee: I am Ian Magee, Senior Fellow with the Institute for Government.

Q83 Chair: We are particularly interested in your experience in Government. Given your experience of working in projects inside Government, why do you think IT policy is so poorly coordinated?

Sir Ian Magee: You could say better one sinner who repenteth. The jobs I did in Government that are most relevant to this, and indeed to some of the things we have spoken about in the report, would be in what would now be described as the CIO of the then Department of Social Security for five and a half years in the mid 1990s, but also all of the leadership jobs that you do in Government, where you have to have an idea as to how IT can improve the business.

Why are things different now? Well, I think two overwhelming reasons, and we bring this out in the report. The first is that technology moves at an increasingly quick pace, so Government, it seems to us, just as the private sector, has to be in the position to be able to respond to that for the good of citizens. This is not putting IT in a box, and there are sometimes some shades of that. The second is that we live, as was very clear in the previous witness session, in a world that is complex, we live in a world that is very fast moving, we live in a world where people understandably want to make changes quite rapidly, and the model, as we have again argued in the report, for implementing Government IT-certainly as far as the applications are concerned-does not necessarily allow that to happen.

Q84 Chair: In your experience of Government, can you tell us about any particular projects that you oversaw? Did you do the Transport Agency computer system?

Sir Ian Magee: I came to the Information Technology Service Agency in March 1993. We had just procured a system for the Child Support Agency from Florida in the States. There was a lot that was wrong-and again it goes to the heart of some of the things we are saying in the report-with the formation of the Child Support Agency in the first place. If you change people, processes, systems and policy all at once you are pretty much on track for a train crash somewhere along the line. I think that has been brought out in the PAC and other reports. The imperative on my colleagues was "find some technology to support this". Because we would not have been able to build it fast enough, we scoured the world to try and find something and we bolted a system on.

Q85 Chair: But wouldn’t it have been better to just give everyone a spreadsheet with a model on the spreadsheet of how where to put the numbers in and that could tumble the numbers, rather than do a great mainframe system, with churning out letters. Wouldn’t you have learnt from that system that actually the modular approach or the agile approach would have been a much better approach?

Sir Ian Magee: Absolutely, but we are talking 1993 now, and the awareness of those sort of things was not necessarily around.

Q86 Chair: I was on the Social Security Select Committee at the time and I asked the same question then: it seemed common sense.

Sir Ian Magee: Absolutely, I am saying that you could necessarily have done it on a spreadsheet. We would not have had the users who would have been able to do that at the time, necessarily. But as I emphasised, the technology was just one part of the problem of the whole setting up of the Child Support Agency, as you will remember from your experience.

Q87 Chair: What has frustrated you the most about the way that the Government continues to handle ICT issues?

Sir Ian Magee: I think the need to move quickly to a different world, of the sort that we emphasise in the report, has not happened sufficiently quickly in Government.

Q88 Chair: This report, just for the record, is System Error: Fixing the Flaws in Government IT, published by the Institute for Government.

Sir Ian Magee: Indeed, it is that one. It has not moved sufficiently quickly to embrace some of the principles behind that, to engage beyond the IT community to make sure that there is a proper understanding of, at all stages, what the policy intent behind something is and then seeing that that gets implemented. We mention in that report that, for example, it takes, under the current way of doing things, something like an average of 77 weeks to get to a procurement-a big procurement for Government IT. I think we describe that as glacial in this day and age. Professor Shadbolt would make that point himself, I am sure. Technology is changing just at such a rapid rate that by 77 weeks you might of thought of different ways forward and different solutions.

That is one of the things that frustrates me. One of the things that did frustrate me was the apparent inability-and this applies throughout my career-of agencies to subordinate-and indeed Government Departments-their narrow interest to the wider good.

Q89 Chair: That sounds like a motherhood and apple pie point. How does that operate in Government, and how would you suggest that the Government addresses that problem? It is very easy to say that departmental agendas overrule the national interest, but what is needed to change that?

Sir Ian Magee: It is about a very partial view about accountabilities, for perhaps good reasons, in an individual department where the accountability is to the Secretary of State and the permanent secretary’s accountabilities are pretty well defined, but sometimes-as you well know, because you see this all the time, and if you can show me people who have cracked this, then I would be very happy to speak with them and learn from them-you need to be able to communicate laterally and to do things together and collaboratively, but it has not happened often enough.

Q90 Chair: But it has not actually got to be led from a centre, from somebody, for example, in the Cabinet Office, to separate the decisions about means, which is what ICT is about, rather than ends, which is what policy is about.

Sir Ian Magee: I agree with that general premise, and indeed in the System Error report we have said that there is an independent role that the Government’s CIO should perform in that respect, particularly in making sure-I mean, do not waste a good crisis. We have a perfect opportunity to do something about this at the moment, because the imperative is on Government departments to make the most of their resource. We have suggested, as you know, a twin approach-platform and agile. Platform essentially means commoditise where you can commoditise, and bring Government’s spending power to bear in a way that has happened only in part so far.

Q91 Chair: Right, I am going to jump ahead here, because there is a set of questions we have here that we want to ask about platform and agile, and we will do that now, because I think it is so important. Can you explain what you mean by platform and agile?

Sir Ian Magee: I will try and keep this very simple. As far as platform is concerned, a shared, Governmentwide approach to simplifying common elements across departments. So, for example, bulk-buying of IT goods, and indeed services, reducing duplication across departments-and there have been examples of duplication-common standards being applied to ensure interoperability between systems.

Q92 Chair: So is that just about interfaces?

Sir Ian Magee: No, it is not just about interfaces; it is about a whole approach that says, "Commoditise what you can commoditise, but apply your buying power where you can apply your buying power; get better value for money as a result of doing that." If you have got an expert in a department who has shown something works, do not try to reinvent that in a different agency or a different department: build on what is there.

Q93 Chair: And that is platform?

Sir Ian Magee: That is platform.

Q94 Chair: What do we mean by agile?

Sir Ian Magee: Agile: we are not describing a specific software approach that is known as agile development here; we are talking about an approach generally. The key elements to agile, as we say, is a flexibility, responsiveness to change, the opportunity to bring innovation into Government systems, taking a different approach to business challenges, so that you actually build iteratively so that you can discard that which does not work and concentrate on that which does work.

Q95 Chair: Give an example, to give life and meaning to this, so that we could perhaps use an example in our Report.

Sir Ian Magee: There are 11 case studies in annex C of the report that have got lots of examples in them. I obviously will not go into all of them now, but some companies with whom we have spoke have been happy for their names to be quoted, so I will mentioned one that was. Centrica said that by adopting an agile approach they have improved their approach to this as far as cost is concerned by a factor of 20. We observed and worked with a project between the Metropolitan Police and the Home Office that took an agile approach, which was about fraud and fraud identification, and the quotes from the people who were involved in that make it clear: a) how enthused they were about it; and b) how they had made significantly more progress in the course of just a few weeks than they had been able to do for a long time hitherto.

Q96 Chair: The usefulness of this case study is they ran the projects on agile principles alongside the traditional method-what you call the waterfall method.

Sir Ian Magee: This was specifically an agile approach, but they might have run a waterfall method in-

Chair: In parallel.

Sir Ian Magee: Yes.

Q97 Chair: I am going to exercise Chairman’s prerogative again. What are the drawbacks of agile and platform, and what are the pitfalls? I mean, why is every permanent secretary in Whitehall going to say, "Oh no, we cannot possibly do it like that?"

Sir Ian Magee: I think that its implementation will require care for that very reason. If you try something out in an area where it is not necessarily suitable-because we are certainly not saying in the Report that agile is always suitable-then you might run into that risk and then you will get people being dismissive of what is a perfectly good and legitimate approach. But drawbacks: cultural issues; this is not straightforward; people are used to a sequential, structured, slow approach; slow decisionmaking; the need for consensus.

Q98 Chair: So it is going to feel like chaos?

Sir Ian Magee: It could feel a bit chaotic as they go along, but the evidence that we have produced in our report suggests that people get to a better result as a result of doing this. Governance : you talked about the OGC to the previous witnesses and about the Gateway Reviews. It is not immediately clear how Gateway Reviews could be applied to this methodology, and Government would have to come up with something very different.

Q99 Chair: Are Gateway Reviews oldthink?

Sir Ian Magee: Gateway Reviews might be perfectly appropriate for a waterfall approach, but they would not be appropriate for an agile approach.

Q100 Chair: Because you have got to let it happen?

Sir Ian Magee: Because you have got to let it happen.

Q101 Chair: There is going to be lots of resistance to this in Whitehall, isn’t there? They must hate you?

Sir Ian Magee: Well actually, at the launch of the report last week, where I did a piece explaining what it was all about, we had Ian Watmore, who is the Government’s Chief Operating Officer, responding to that, and in the room a number of people, both from within Government and outside Government, largely from the IT community, and the atmosphere was very supportive. Nigel was there; he can probably speak for how he found the atmosphere. We felt that we were potentially pushing at the same door here, and that something different has to happen. The solutions of the 1980s cannot be appropriate for 2013. It is a long time. It is 13, 14 years since I ran the IT organisation. A lot has moved on since then.

Chair: Forgive me, I hope the Committee will forgive me, but I think it is appropriate to come to Professor Shadbolt and the questions we have for him on open source and open standards.

Q102 Charlie Elphicke: Thank you. Professor Shadbolt, we heard from our previous witnesses that in effect there is an IBM view in the Civil Service in a Linux world.

Chair: We heard that from us, actually.

Charlie Elphicke: Yes, but they agree, they broadly agreed-that was broadly the thrust of where things were going. Do you see it that way as well, and what could be achieved out of making greater use from open source?

Professor Shadbolt : Yes, we have direct experience, in fact, because Tim BernersLee and I were involved in setting up what was an agile project within Government, the site, which is a site where all of the Government’s nonpersonal public data is being catalogued, and that work has continued apace under the Coalition Government too, and partly because we did not know what we could not do or should not do, we simply went in. We had very little resource, but we did have a small group and we specified open source software.

The reason for that was of course it was not going to cost us anything, but more importantly it was not rung about with licences for reuse, but also, one particular piece of software we used was at the base of Wikipedia, and we knew, therefore, that it had been subject to the most massive range of collective attacks and subversion that you could imagine. So it had been improved and hardened by a large community effort. That is not something you can get with a single supplier perspective. So open source software has a number of merits: it is cheap, it can be easily licensed, and it can be subject to largescale collective improvement, and we think those are really strong reasons why people should be looking at open source solutions.

The other element of that is open standards, and much of this relates to why the web has succeeded as the most successful information structure in history, because that is at the heart of the web. It really took off because many of the original software elements were open source, but they conformed to basic standards about how machines would talk to one another, how they would work out how to exchange content and, indeed, how that content itself was to be expressed. It was not proprietorial, it was not a Microsoft product, it was not a CISCO product-it was open and the standards are developed in an open forum.

Q103 Chair: Thank you Professor Shadbolt. Isn’t it the case that the first open source policy was adopted by the Government way back in 2002, and since that time all we have seen is the senior echelons of the Civil Service consorting with IT fat cats, rather than actually making use of open source and value for money. Do you think more could be done on that, and why has it not been done already? Why did that not happen previous to now?

Professor Shadbolt : There is the challenge, and it relates back to the whole issue about how we procure, how we get a mixed ecology of providers, from SMEs through to larger organisations, and indeed, in the open data world in which I am working at the moment, advising Government, there is an entire community who you would not even describe as SMEs-they are activists. They are people who care about integrating data and about providing applications. The challenge there is how you let them into the process at all, and how we enable the broader community to be built, and for Government officials to listen to it, and I think there are some quite promising experiments in that area. I think Governments now regularly hold hack days, they regularly include people in to try and explore what they can do with the data, which would have previously been procured at large expense very slowly.

Q104 Robert Halfon: Do think that the big IT companies have become too cosy in their relationship with Government?

Professor Shadbolt : I think because of the various rules in place, it is very hard for anybody else to get to the table.

Q105 Chair: But the system mitigates in favour of the big providers, doesn’t it?

Professor Shadbolt : That is right. I think it is as simple as that.

Q106 Charlie Elphicke: That is because of gold plating. No other EU country has this problem; it is our Civil Service, our gold plating and our IT fat cats.

Chair: But is it just-

Professor Shadbolt : Actually it turns out that all European countries have a serious problem with opening up open source efforts. It is not just a UK problem.

Q107 Chair: But is it a regulatory problem or is it a cultural problem?

Professor Shadbolt : Both, and I think we have to look hard at how we procure. We have to begin to invert the assumptions about who will make the decisions on what is procured. At the heart of this, of course, is a real problem about the technical competence of the people making the decisions.

Q108 Chair: I understand that; we are going to come to that later. But on the question of particularly the Public Procurement Directive, upon which so much of our own regulation is based, is that directive actually a problem?

Professor Shadbolt : I think the onerous requirements it puts on companies to be able to compete is really a selfselecting audience.

Q109 Chair: So it is a problem?

Professor Shadbolt : Yes.

Q110 Charlie Elphicke: Let me just press on this. Can I ask Sir Ian to come in, Mr Chairman?

Chair: Yes.

Charlie Elphicke: We heard earlier from our previous witnesses that there are much more competitive open markets in the rest of the European Union and in the United States. Sir Ian, do you think lessons can be learnt from the past? Can we move into wider competition, not just the same old group of mates and IT fat cats that Government lets contracts to, and does the Government have the skills to make use of open source, or are we just going to have more disasters?

Sir Ian Magee: There are two questions there, as you will recognise. On the first one, that is why we have recommended an agile approach, because an agile approach, by definition, allows for smaller procurements than has naturally been the case in Government before. You do not specify your requirements up front and then wait until you have gone through the procurement process, got somebody to develop the thing for you, technology has moved on, etc. You are able to do things very rapidly, and that has been tested out in a number of different environments.

Does Government have the skills? It appears to have the appetite at the moment to do it, which is very different from the skills question that you asked. It will take a very different approach to make agile successful. The good news is that there are some people around, and again we quote a case study from an unnamed Government agency, where they have introduced an agile approach, they have saved money in doing so and it appears to be the right way for them to go. If people can celebrate that sort of success around Government, then we have an opportunity to show that this is a better way.

Q111 Chair: Sorry, order; Sir Ian, you say in particular in annex B of your report that EU procurement law is often seen as a barrier to procuring agile projects. Can you elaborate on that? Is that what you believe?

Sir Ian Magee: If it is in report, I believe it. I think it is two things: it is first of all not necessarily the underpinning procurement law, as it were; it is how we choose to interpret that in the UK that is a much more contributory factor. For example, if you look at, I think, Germany, in the report somewhere we say their average is 40 weeks, so almost half the time that it takes to get to the requirement stage in Germany than it does in the UK. That suggests that we are interpreting things in a particular way rather than necessarily that the law itself is flawed.

Q112 Chair: As usual. And is it just a question of interpretation?

Sir Ian Magee: Maybe-we will see. I think the way that we will see is whether or not some of these more rapid application developments are allowed to go ahead in Government and whether Government embraces this way forward.

Q113 Chair: Before we leave this point, because I think it is very important, could I ask you to produce-or maybe both of you to produce-a note on this question of the legal framework? Are there particular changes that should be made? Are there particular interpretations that need to be adjusted, because that is the sort of thing we would like to include in our Report.

Sir Ian Magee: We can certainly try and do that.

Q114 Robert Halfon: Going back to what you said about Wikipedia and open source, one of the reasons that the Government says, or departments say, you have to have the big, as he calls it, IT fat cats is because of security. Do you think they just hide behind the security issue in order to keep things as they are, and that is the excuse why they do not go for open source?

Professor Shadbolt : I think it profoundly misunderstands the power of open source development. These are some of the most secure software systems in existence.

Q115 Robert Halfon: In essence, what is ranged against the open source idea is the power of these huge IT companies, so it is very difficult for the open source concept to-

Professor Shadbolt : It is interesting; of course, many of these large companies run significant amounts of their IT operation on open source systems, so they entirely understand the benefits and merits, and they also understand where want to keep their own IP locked down and secure and available.

Q116 Chair: Open source is not the best way of adding value to a contract, is it? Get all this free software?

Professor Shadbolt : It has certainly done Google no harm: they have substantial amounts of open source software in their-

Q117 Chair: If you want to sell yourselves to the Government, you want to say, "No, the open source is not good enough for you. We have got to write you a new programme."

Professor Shadbolt : I think this is what is very interesting about how we are going to go about procuring what we think we need, and of course how we are going to try and do that with an agile method, where you revisit the assumptions very frequently about what you think you are trying to build. The real thing that, again, we have experienced in looking at some of the Government systems where we want to get the data-the information that is locked into content management systems, for example-is where we have been reduced to scraping sites, because the actual content management system would not make it easy to get the data in the content system out.

Q118 Robert Halfon: Do you think you need to change procurement legislation in order to ensure that open source gets a proper, genuine look in?

Professor Shadbolt : I think so, and I think we also need to change procurement so that when we procure we do not forget to say, "And the data in the system will be just available. You will just provide it against some common standards." Perhaps we will talk about this later, but I think the actual data standards, this whole piece around how we organise the interface-which may sound dull and technical-the way that we can get our systems to interact and not remain as silos is crucial.

Chair: Your initial comment was yes, we do need to change the regulatory framework, and that is in effect what we would like your note to concentrate on, but we take on board your other points.

Q119 Charlie Elphicke: If I was an IT fat cat I would want to make my system as uncommunicative with every other system as possible, so you would have to rely on me, which is exactly what has happened. How can the Government ensure that we have open standards so we can have open communication between all systems, and how can we make that successful and effective?

Sir Ian Magee: Two points: in our System Error report we are painting a picture of the future. We do not think it will be possible to get the future in one step, and indeed our recommendations recognise that. I do not myself go for the conspiracy fat cats theory of big IT providers. I do think that Government has got enormous potential to shape markets because of its buying power, and if it chooses to go down a route that is more designed towards open source then commercial companies will find a way of responding to that. You could argue that the IT companies have had no incentives to go down any different route from the way that they have always behaved in the past, because it is a good business model for them, it is the business model that suited Government, there is too much gold plating, as we say in the report.

Charlie Elphicke: And a revolving door.

Chair: Now, we have jumped around our own agenda, and I think Mr Hopkins feels his points have been covered.

Q120 Kelvin Hopkins : There is one question I would like to ask as a theme: benefits systems clearly are reform systems that require very good IT, and yet British Governments have insisted, the last Government insisted, that we have at least three Government departments and some agencies to deliver means-tested benefits in separate places. I know there is now a plan to bring it all together in one sense, but shouldn’t the IT experts suggest to Government sometimes that some of the things they are doing are going to cause immense complication for ordinary people, and if they did it in one place, one department-like most other governments would do-all benefits are delivered one government department through one office, so people can go and see one computing system providing all their benefits and means testing for them in one place. Haven’t Governments made, for political windowdressing reasons, life much more complicated for IT?

Sir Ian Magee: I do not think it is necessarily for that reason. I think we are in many ways a prisoner of our past here. The first generation systems were built in silo fashion. Interoperability was not necessarily the first thing that came to mind when they were being built. They are generally speaking still reliable and still lie at the back of a lot of the processing that is done in the Department for Work and Pensions. One thing that would have cost me my job in the mid-1990s would have been if pensioners or other social security beneficiaries did not get their benefit on time, and rightly so too. So there is some reliability that has got to be factored into this somewhere.

That said, it is enormously frustrating for the citizen, as you will know and your constituents will no doubt have told you, to have to contact different Government departments and feed data into different systems, and that certainly is a problem that needs to be addressed.

Professor Shadbolt : Yes, and certainly that is the case with some of the big transaction-based systems. I think there is a huge opportunity though there for Government to look at a different way of how it engages. This was touched on in the previous session: people talk about trying to get to Government 2.0-can the citizen interact more directly? Certainly one view is that the Government should just get out of the way of a lot of these applications. It should simply provide the information and allow the market and external developers to innovate.

Q121 Chair: Can you just give an example of what you mean by that, because it is quite difficult to understand.

Professor Shadbolt : One example brings together the whole idea of standards, but also innovation. Recently local authorities have been asked to produce all of their spending above £500 in value. Now, to achieve that end, the Local Public Data Panel, which I chair, issued guidance about what it meant to publish this material at all, so simple information about what was required and how that would then make it very straightforward for the information to be aggregated. We now see companies, but also various community efforts, taking all of that information and building procurement analysis tools, looking at whether one authority is purchasing and acquiring as efficiently, you might argue, as services somewhere else. So you can put a whole level of additional service on top of the data to enrich it, and I think public spending, of course, will be a particularly interesting area.

Q122 Chair: Shouldn’t we require PFI contractors to do the same thing?

Professor Shadbolt : That is actually a very salient point. One of the things that we need to look at as we outsource more and more of these capabilities is "do not outsource the data with it", because generally that is what they public has paid for.

Chair: Right, Mr Heyes: governance arrangements.

Q123 David Heyes: I think, Chair, we have got the panel’s view on the adequacy of governance arrangements, but I particularly wanted to ask Sir Ian about the role of the Cabinet Office in this, particularly as this is an ongoing responsibility of yours, I think. The Cabinet Office are able to recommend, but they are not the controlling hand that it sometimes seems might be necessary in terms of governance.

Sir Ian Magee: I think they have rather more ability to do so right now because of the financial imperatives on them than maybe they have done sometimes in the past. It was interesting listening to your previous witnesses talk about the CCTA and the way in which things have moved from a lot of control at the centre to not very much control at the centre.

In our report we say several things about governance. The first one is that we do think that it is necessary to have a strong and independent CIO; that as far as the platform element of what we are recommending is concerned, there should be a comply or explain approach taken to Government departments. If they do want to go off on a different route they ought to be prepared explain why. That, to your question, does imply a very strong role for the Cabinet Office. We do not necessarily believe, and we say this in the report as well, that therefore means the one person at the centre ought to be calling all of the shots. They should build on where the expertise is out in departments and do things collaboratively across Government.

I think governance requires one more thing as well, which is not just to leave it to the IT community: there is a leadership issue here for permanent secretaries and for people in departments. Just as a CEO of a FTSE 100 company would understand more than intellectually the power of IT for his or her organisation, so that should happen in Government as well, and I am not sure that we have yet necessarily got there.

Q124 Chair: Thank you. But you are both agreed with the previous witnesses that the platform element needs to be centralised, and controlled?

Professor Shadbolt : To speak to the earlier point around whether the large suppliers never have it in their interest to think about using open standards, I think actually they are increasingly seeing-and some have a tradition of doing this-we need to think about really enforcing that, so to say when we build these systems you will build them using open standards, because that will simply alleviate a lot of the problems that you get after the fact the system is commissioned and you find it cannot talk to anything else in the world except itself.

Chair: Moving on to the postbureaucratic age and the implications for IT.

Q125 Paul Flynn: We are told we are in year zero of the postbureaucratic age, and if you were introducing the Child Support Agency now rather than 1993, how would it be better now we are living in this age of enlightenment?

Sir Ian Magee: I certainly would start from 1993. I might start from some of the lessons learnt there, which are, as I said before, not to try and change every element of something at the same time. If you assume, behind your question, that there is a sort of platform approach that we are advocating in our report, then that gives you a better starting point. You might or might not end up, as the Chairman was suggesting, with a spreadsheet solution, or you might end up with something a bit more complex than that, but you build the systems by making sure that there is constant iteration between not just the users within whatever the agency is that is applying the policy and the policymakers but also with the people that are going to be affected by the changes that you are trying to introduce.

There is a problem here for Government, incidentally, a problem with accountability for Government, because you have to be prepared to fail, and if you take an agile approach, that means writing off something that is not successful. That is not easy to do, as we all well know, in a public environment. But it has to be done if this is going to succeed.

Q126 Paul Flynn: How big a factor is it that the people that run the job of implementing policy have a vested interest in continuing the status quo? They are not likely to selfexecute their own careers-their own paper pushing that they have been doing for probably all their careers.

Sir Ian Magee: There might be something in that, but my experience of the leaders in the Government IT community is that they are a long way removed from that. They are frustrated as anybody else: they want to find a better way. They do not want to have a policy change suddenly announced in Parliament or elsewhere without them having had the opportunity to work through what the implications of that policy are with Ministers for the technology and to be able to offer their advice.

Q127 Paul Flynn: The promise of the postbureaucratic age, as described by Oliver Letwin, is that it is an age where people expect to have a wide range of choices available and have those choices met. Is this a postbureaucratic age, or is it utopia?

Professor Shadbolt : A wide variety of choices; I think-

Paul Flynn: They expect them to be met, for everybody.

Professor Shadbolt : I think variety works. What we have seen with the web-

Q128 Paul Flynn: If everyone uses their computers and they all apply for the same popular school in a city, how can their choice be met by the wonders of the postbureaucratic age?

Professor Shadbolt : I think that is probably beyond the scope of the IT systems themselves. As I understand this, one of the things we have to let go of in terms of our view of what Government should and should not do is that they are custodians of everything: to the applications, to the type of options on offer, even to the data. A very good example, a transport example, was where all the bus stops are. There are 360,000 bus stops in the UK, and we finally got the Government to publish that data freely. We discovered that 18,000 of them are not where they thought they were. But now, we are finding out where they are because people are participating in a process of improving the actual underlying data the Government holds. Now, that seems to me a great example where you can recruit the energies of individuals to actually improve for the greater good. I think it is going to apply in applications. Of course, when you are really successful you then have a problem because everybody is piling in to make informed decisions. Then you have to meet those expectations politically.

Q129 Paul Flynn: I have a number of nostrums for new staff. One of them is that a Child Support Agency case is for life, not just for Christmas. Looking back at your contribution to that, Sir Ian, what would you change now, and what are the lessons learnt? I think most MPs would say it was the most painful piece of legislation, as far as the results on our constituents and on our staff and us, in my 24 years in Parliament at least.

Sir Ian Magee: It would be in some senses wrong for me to apply 20:20 hindsight from 19 years ago to an agency that I was never responsible for.

Q130 Paul Flynn: But your career has prospered since then. You talked about some things you would have done that would have ended your career. You have been knighted. Were you knighted for your services to the Child Support Agency?

Sir Ian Magee: No, as I said, I did not work on the Child Support Agency. I did try to provide something that would work for the staff in the Child Support Agency so that they could serve their people. That was not adequate for the purpose. I would not have started from there; trying to say that an IT solution was the right way to cure the ills of the way that that agency was set up in the first instance was not the right way to start, as it is not, indeed, for any business problem. You look at the business and then you apply the technology to the business. You do not do it the other way round.

Q131 Paul Flynn: Do you see anything in this concept of a postbureaucratic age that is going to ensure that IT works more efficiently in the future?

Sir Ian Magee: In the Institute for Government’s report we have suggested a way forward that we think will be much better for the users of IT, for the people who are served by IT, for the taxpayer, and not least for the technologists themselves. I think if those sorts of recommendations are adopted we have a better chance of making things work than we have had hitherto.

Professor Shadbolt : I think it can be very hard to retrofit an IT solution to a process that is fundamentally broken. Some of the problems in many of the large transaction systems in Government is that the back office requirement is very onerous. Frequent re-presentation of a individual for benefit, to physically prove themselves there time after time after time, one suspects is part of what the problem is with some of these systems and not trying to build a very extravagant IT system to sit on top of what is a broken process. So one of the challenges is I think for us to look at those kinds of processes of Government from the point of view of whether they make sense as a process.

Sir Ian Magee: May I add one thing, which is to your question. It is inevitable and it is right that public servants and Government Ministers should be held for account for the many things that have gone wrong, but there is precious little focus on the many things that have gone right in Government as well, and the National Audit Office produced a report in 2006 that identified the number of those too. There are unsung, they do not get publicity: people continue to get their benefits on a day-by-day basis; people continue to take advantage of other developments in IT. That is all to the good, so it this is not a one-way street. Equally, there are much better ways of doing things for the future, and we have suggested some of what they might be.

Professor Shadbolt : And we should not get too starryeyed thinking that the private companies know how to procure their IT any better than parts of Government. In fact you find bad examples of that too in the private space.

Q132 Paul Flynn: I think we can all rejoice in the 22 million who get their car discs online now, which saves an enormous amount of time and goes very swiftly. Can I just finish? I have been allocated the task of seeking out the truth on the role-

Chair: You chose it.

Paul Flynn: -of the postbureaucratic age. Does it exist? Is it a myth? A slogan? A nothing? A figment in the imagination of Mao TseLetwin?

Chair: You may decide that that is not the subject of our inquiry.

Sir Ian Magee: You would have to ask the Minister.

Professor Shadbolt : There has to be an opportunity to think about how we engage the machinery of Government with the citizen. I think our technology gives us a new way of doing that.

Q133 Kelvin Hopkins : I have a bee in my bonnet about particularly the tax credits system operated by HMRC, which I think is absolutely daft and should have been merged with benefits, administered within DWP. Is it not possible even now for you as IT experts to suggest to Government that in future they should take account of the complication they can impose by having policy whims? It would be much more sensible to do things in one department, rather than spreading something across several departments, because to them it is politically appealing?

Sir Ian Magee: That is a whole different story. I am tempted to go down that route, other than to say that it did not surprise me as somebody who had worked for a long number of years in the benefit system that people-and this has been well recorded elsewhere-who are not used to dealing with changes of circumstance on a weekly basis, i.e. tax officers, should have found it difficult to cope with that aspect of things, whereas people working in social security offices are much more used to dealing with changes of circumstance on a frequent basis.

Kelvin Hopkins : Exactly the point I made in the debate last week.

Professor Shadbolt : I do not think the perfect should be the enemy of the good in any of these solutions either. What we notice is that a degree of decentralisation is just a state of nature and can actually make systems very robust, but occasionally you need to work out where the join points are-where the common standards are that will make the rest of the information flow and the applications flow, and they are in some very simple areas. They are in areas like standard supplier identifiers for Government suppliers, the kind of stuff that we could engineer really very straightforwardly, some of this stuff locked up already in places like Companies House.

Q134 Chair: You sound quite frustrated that this is not as obvious to the bits of Government.

Professor Shadbolt : I think it is becoming so. I think one of the opportunities in thinking about the information, the applications that Government holds as an information fabric is that they are noticing that there are some obvious points where the systems just do not join up. The Ministry of Justice Libra System and the various other parts of legal software simply have no way of actually being integrated.

Q135 Greg Mulholland: Can I take you back to a very basic question? We have gone off and talked about some of the rather interesting aspects of this whole question, but going back to one of the fundamentals-and I touched on this in the first session-how well integrated do you think IT considerations are in the wider policy development process? This is particularly for you, Sir Ian, but for both of you.

Sir Ian Magee: We have dwelt on one case, but too often it is a bolt-on at the end, and IT being seen in Government as a problem rather than an opportunity. I absolutely endorse what Nigel Shadbolt said about the private sector not having every answer, but private-sector companies would, generally speaking, see IT as an opportunity. If I could caricature this, it is much more likely that a permanent secretary will get involved in this with a rolling of the eyes and a thought of being scourged by the Public Accounts Committee than necessarily thinking what is going to be good for his or her enterprise in moving it forward, and I think that is something that has to change, if that gets to your question.

Professor Shadbolt : As one of the interviewees for the reports, I would endorse many of those findings. I think the observation there is that, again, it is about competence and expertise; it is about having a sense that there is an opportunity. The other challenge is the rates of change: to suddenly realise that you are going to have to organise an entirely new way of communicating with yourself as a department and the outside because a new social medium has come along in the space of a year and a half-Twitter-and people would mock it at first and then realise they cannot afford not to be there. But how do we engineer ourselves to see these opportunities, to actually anticipate them rather than always feeling that we are catching up or, indeed, that this is a terrible added burden?

Q136 Greg Mulholland: It strikes me that there is something potentially contradictory in some of the evidence that we have received, because on the one hand, certainly some Government IT failures appear to be because the Government has focused too much on the IT as a standalone area of policy almost, and certainly focused on the procuring of those new systems and new technology but not following clear policy procedures. And yet other people, such as Sirius, have argued that IT is often too much an afterthought and considered only when you have done that. But you cannot have it both ways. Surely if it is integrated then it has to be thought of as part of the whole process. But going back to my questions in the original session, because we are talking essentially in all cases about policy, does it not rely particularly on having clear policy that IT then is supposed to deliver, and where the policy is perhaps wrong or changing that can lead to the impossible situation for IT to deliver that?

Sir Ian Magee: The short answer to your question is yes: the clearer the policy the more likely it is that you will get some sort of workable solution, whether it is IT related or not. I think the interesting point that perhaps underlies your question is just how difficult Government IT is: we start with a quote from the Government’s Chief Operating Officer that says that IT in Government is as difficult as it gets. Why is that complicated? It is for all the reasons that you will no doubt face with all your constituents every day, every week of the year: that there is this difficulty about them having to interact with lots of different Government departments, sometimes at the same time, in order to get where they need to get as individuals.

Q137 Chair: Sir Ian, in your opinion is it that IT drives the policymaking process, or is it rather like, as I mentioned earlier, Prime Minister Blair deciding he wanted a choose and book system for the NHS and thought about *IATA* [1:54:44] ticketing system as he did it? Or is it that IT comes in as an afterthought when the policy has been thought up in isolation of IT possibilities and constraints. Which is it?

Sir Ian Magee: I think it could be both of those in different circumstances. Trying to think of examples: you have talked a bit about the ID Cards, and I am not terribly familiar other than what I read in the papers with what happened around ID Cards: that did sound technology orientated. You have talked also about the Child Support Agency; that was bolted on at t’other end. What I would say is that, if Government chooses to adopt the recommendations in our report, that goes to Mr Mulholland’s question and starts to tackle those platform issues so that there is way of doing things around here that is common, so that there is more interoperability introduced, and you have got a much better chance of avoiding some of these situations than you have had in the past.

Q138 Chair: But in terms of process, this is not about balancing the pressures between the two, is it? It is about sequencing the decision making in the correct order.

Sir Ian Magee: Absolutely, and that is why I think things need to happen fairly quickly in that respect: get on with the platform quickly, start to try a few things out in the agile environment quickly too.

Professor Shadbolt : I was going to say, what we are seeing of course-and Professor Margetts touched on this-is that with the information systems we now have, the issue of what is prior-policy or the system-is really very blurred indeed. So if we take the example of crime maps, which were launched recently with huge public interest, the issue there was that if you are going to provide a level of detail to everyone in the country to the level of their street, whatever one’s view on that is, then you absolutely can only do that with a particular type of system, and in fact the opportunity to even make that policy is partly a function of having the technology. So I think that is where we have, in some cases, not this policy here and then the IT, but the two are coevolving.

Q139 Greg Mulholland: Final question from me. A quote from ThinkGov, who have argued that there are "very few information technology failures, but plenty of examples where a public-sector business change project, using IT, has been mismanaged." So the first thing is would you agree with that, but if you do agree with that then who do you think has been guilty of the mismanagement that we have seen? Is it Ministers, is it civil servants, is it IT companies delivering one-size-fits-all solutions, etc? How do we try to stop that mismanagement, to get to the stage where IT is actually delivering policy objectives for Government? Clearly that is what all of us want.

Sir Ian Magee: I am happy to have a go at this first. I agree with the premise; I do not think it is the underpinning technology that has generally failed. As to the solution-and you would expect me to say this, wouldn’t you-adopt our recommendations and you have a much better chance of making progress in the future.

Chair: Platform agile.

Professor Shadbolt : I would endorse that.

Q140 Chair: Just as a last question: Professor Shadbolt, you said that you started your open data project in your local area with agile methods. Are they sticking to that? Does that hold good, and is that driving the change that is needed?

Professor Shadbolt : Well, it still says "beta" on the site, so it is still a site under development. I think that is an interesting aspect of this, and essentially with the agile method, in some aspects the job is not finished. You are looking to constantly improve and it is built out from that.

There will be an interesting challenge as we look to-if indeed we are able to launch agile efforts within Government-work out how they become sustainable, and what going mainstream means, and do they have to be consolidated into larger IT functions, and without losing the essence of remaining creative and reactive and adaptive. I think that the evidence is people can be developed and can be organised to deliver these kinds of benefits, that existing IT teams need to be given the permission-and often they are; one of the remarkable things we discover is the willingness of people within Government departments to want to be allowed to operate in this kind of way.

Chair: Thank you very much to you both, and another very useful session. I am most grateful for your help and we look forward to your further memoranda on the legal questions about procurement. Are there no other questions from my colleagues? My thanks to them.