Examination of Witnesses (Questions 223-254)
ADAM MCGREGGOR, ANDY BURTON, JIM KILLOCK
15 MARCH 2011
Q223 Chair:
Welcome to our new witnesses. Perhaps you could introduce yourselves
for the record.
Adam McGreggor:
I am Adam McGreggor, the Chief Technologist at Rewired State.
I should declare an interest here; if I don't, it could crop
up that I cosigned the Constitution for NO2ID and remain
the Technical Director of NO2ID.
Jim Killock: I
am Jim Killock, I am the Executive Directive of the Open Rights
Group. We are a citizenbased organisation that campaigns
on human right issues in relation to digital technologies.
Andy Burton: My
name is Andy Burton. I am here as the Chairman of the Cloud Industry
Forum. We are a notforprofit organisation made up
of members representing the broader technology industry and our
aim in life is to try and make it easier for consumers and technologists
to meet minds.
Q224 Chair:
Did you all sit through the previous session?
Andy Burton: Yes.
Chair: That is very useful.
In that case I shall not repeat my own declaration of interest.
Q225 Greg Mulholland:
Good morning. Can I start with you Mr Killock? I am going to
ask all of you to comment but in the evidence that the Open Rights
Group supplied, you said that, and I quote, "Viewing IT as
a standalone area for policy is a bad idea", and we are very
aware that this is one of the big challenges of how this is done.
How do you think IT could and should be integrated into the policy
making process?
Jim Killock: It
needs to come further down the line. The evidence that I presented
to this Committee is mostly based on a series of seminars we did
which looked at various big IT projects that were causing a number
of human rights issues from things like ID cards through to health
projects. But what really struck us when we did that work and
we talked to the practitioners is that IT solutions were essentially
being thrown at services. Services, such as in child safety,
would be told, "Here is the next thing that you must deliver
and therefore everyone must have information about children to
the nth degree". And these projects were essentially being
imposed in a rather topdown way so they totally failed to
really ask both the end users, perhaps in this case the children
and parents, but also the service users, such as childcare practitioners,
what they actually needed from these systems. So IT was really
being regarded as a solution in itself. So the first step was
to ask "Who is doing the work? What work are they doing?
And what do they actually need?" So then whether IT fits
into that is a completely secondary question. I don't know if
that makes is a little bit clearer.
Andy Burton: There
are two ends of the spectrum we need to look at with this; first
of all, if IT does not serve an organisational purpose then, arguably,
what is its function in life? It is there to achieve an objective
and that objective is not to selffulfil and deliver it by
IT, it is to achieve an organisational objective. Listening to
the earlier session, it also seemed to me that we risk lumping
IT into this homogenous mass that only has one procurement model,
which is outsourcing, and there is a risk that in looking at that
as a deployment procurement method, you automatically lock in
certain philosophies around how you build software, how you deploy
software and how you manage software. We were mentioning about
agile computing and things like that briefly, and it seems to
me that the challenge is that is has to be serving an organisational
or Governmental objective for public purpose, but the way in which
it is procured needs to look at the elements where cost waste
is incurred. There are issues around hardware and scalability,
softwarehow it is built and whether it is licensed or notand
the way in which it is managed. You need to look at that whole
spectrum and there is not enough rigour, I think, given to how
the solution is procured because the method of procurement today
typically advocates a lead organisation defining what sits underneath.
Adam McGreggor:
I endorse both previous speakers' comments really, regarding
a topdown position and not actually considering design for
the people using the service, whether they are the end users or
those actually keying in the information, who are possibly very
crucial in this sort of thing but are often left out. It is all
very good to implement IT systems but is there always a case?
The answer is: is this a technical problem or is this a social
problem? I would look at it from those sorts of direction as
well and consider is as an allround process, not just ongoing.
There is always this wonderful thing of continual improvement,
which is the other thing rather than just doing it. As we heard
earlier our rigid framework does not allow scope to change and
77 weeks is an immensely, ludicrously long time just to deliver
a project.
Q226 Greg Mulholland:
And do you think that, as part of the procurement process, the
Government focuses too much on the procurement of new systems
and technology rather than thinking about how they will actually
be used and the data that the systems will hold?
Andy Burton: I
would say it is both of those things. The fact that it is a silo
procurement, i.e. you have Departmental projects, institutionally
leads to looking for a solution for that particular purpose, almost
ignorant of what else is available across the Government. The
fact that there are 168 different data centres in Government today
is a reflection of that.
Q227 Chair:
How many?
Andy Burton: About
168 I believe.
Chair: Different data
centres.
Andy Burton: Yes.
The point I was making in the previous statement is that, if
you look at it, there are basic savings; regardless of who you
buy solutions from, at the end of the day they use computing power.
If you look at it, it is a standard fact that the average computer
or server is using 20% of the capability, so if you are using
20% of the capability and you have this replicated multiple times
because you always build software solutions that scale to your
peak demands; you are building capacity for your income tax returns
on 31 January or whatever it is, but on the other 364 days of
the year, it is running at a lower level.
Q228 Chair:
One of the interesting things that we heard, I think it was about
Amazon, was that they sell their data storage capacity for 11
months of the year because their peak time is Christmas, but Government
do not do that.
Andy Burton: That
is why they have moved from being a pure book retailer, which
they started as, to now offering a massive cloud as their product.
But I am obviously not here to representative a specific commercial
agenda. The point I am trying to make is that when you look at
procuring IT, the tendency is to look at the overarching solution,
but Government actually needs to provide a framework for organisations
to comply with. It comes back to the comments in the previous
conversation about the participation of small businesses. If
you actually provide a frameworkgoing back to Open Standards,
you have this initiative called GCloud running in Government,
which I do not believe has enough teeth yet because it should
be providing a blueprint to all Government Departments about how
IT solutions should be procured. You should be sweating your
hardware assets, you should be running less data centres, you
should be consuming less power and there is no reason that someone
who is delivering a software solution on top of that, and managing
it or not managing it, cannot work on top of that underlying platform.
At the current moment in time, you tend to look at a solution
as a complete turnkey rather than saying, "Okay, it has got
to fit within this model because we are going to use that capacity
that we have now better." And so because you are buying
everything in a vertical stack, you are not getting the benefit
of the investment you have already made.
Jim Killock: The
question needs to start off with: what are the Government trying
to achieve? Just to take a quick case study, we have been involved
in looking at the consequences of certain sorts of systems rather
than at the detail of how they got procured, and we ran a campaign
about electronic voting. We got involved in electronic voting
as an issue because, to us, it was some significant issues about
democratic accountability, because you are trying to bring together
certain things which are nearly impossible to bring together-anonymity
of voting, security of voting and transparency of the process.
These are very difficult things to bring together. How do you
make a process both transparent and anonymous? It is actually
very difficult in an electronic system, because, most of the time,
you are trying to account for what happens in transactions by
seeing everything that is going on, so it is very difficult to
make something transparent, accountable and anonymous. But the
Government started off from a position that they wanted to increase
voter turnout and just assumed that the answer was going to be
technology. The policy process appeared to be, "What technology
might we throw at this? Electronic voting sounds good so let's
put that in the mix." If you think about the question of
how you increase voter turnout, that is actually something about
democratic accountability first and foremost and about whether
people think who they are voting for actually holds power, and
whether they are going to have any influence. So trying to answer
the question of voter turnout through technology might be entirely
inappropriate. Then when it got down to, "How do we make
any of these systems work?", the key problem in technology
terms turned out to be far less about the method of votingwhether
you are using an electronic machine or a paper ballotbut
far more to do with voter registration, which is a very mundane
problem but is causing lots and lots of issues around voter security
and whether people really are voting, whether postal ballots are
really secure and so on. In a way, the Government led policy
from, "Here is a technical solution that sounds great that
we'd really like to impose on our Departments", rather than,
"What is our problem here? What are the best fits to answer
that problem?" I cannot really say how Government stops
using democratic, parliamentary or other political whim to drive
policy but it seems to me that a number of the projects that we
are talking about and criticising fall into that category. ID
cards is arguably another. Would it have solved any real identity
problems or was it actually far more about Governments appearing
to look tough on law and order? What was really the driver behind
that system?
Chair: I don't think
you've got any dissenters here.
Paul Flynn: It would
destroy a lot of jobs in my constituency.
Q229 Greg Mulholland:
I wanted to ask a question on the IT card scheme so that leads
very nicely on from there, but I thank you for declaring an interest
and congratulations to NO2ID for their excellent and successful
campaign which I am involved in and delighted about. Do you
think that, concerning the whole ID card scheme, whatever people
thought about whether it was a good idea or not, there were other
issues that we can learn from? One of the interesting things
about the ID card scheme was that it was a policy idea and an
IT solution all wrapped up together. Do you think that one of
the reasons that it was clearly going to be unsuccessful in policy
terms is because those policy objectives kept changing throughout
the course of the development of the programme in itself, but
also because it became IT driven rather than policy driven?
Adam McGreggor:
I will kick that off. On the policy objectives changing, if
we go back to when I first got involved in identity cardswhich
was when they were still Entitlement Cards back in 2000-ish or
so, and even before then going back to the previous Conservative
Administration when the idea was being mooted even thenit
is actually quite interesting to look at the identity cards and
how, as a piece of machinery of Government, they actually came
into fruition. There are some people who have even traced Permanent
Secretaries and Deputy Secretaries around departments to see how
departments followed when the servants moved as well, so there
is that objective. It was kind of destined to fail from the start,
with ever-changing policy objectives and as the solution, for
the Government, for everything from terrorism to benefit fraud
through to everything else. It didn't actually address the underlying
problems in any way. There was still this problem: if we are
going to tackle benefit fraud then why don't we look at the number
of National Insurance numbers in circulation compared with those
actually being used? Similarly, if we take immigration then why
don't we look at it from the other side of things, at those actually
leaving as well as those inbound? So there are those aspects.
The policy change did not help at all. A golden rule is that
if you are going to be delivering a service then it is useful
for the goalposts not to continually be moved. So there is certainly
that aspect of it. I suspect that I am probably going to turn
into a previous witness here with the idea that I don't think
it was IT driven; it was driven by IT procurers, those consulting
and those involved in the procurement process, rather than the
whole industry. They had an interest, to make lots of money for
their shareholders, and they had the perfect opportunity with
a nice little system that would be used in every single Government
building, by, near enough as damn it, by every Government official:
"We might as well build a system that will have universal
rollout if it succeeds." As your previous witnesses last
week have shown, if we actually designed the system based on the
cardthe Ministerial whim was making the card and then the
database behind thatthen we have that sort of issue here:
are we actually delivering for a consumer who is going to use
it? No. Does it actually deliver any benefits to the consumerthe
citizen? No. Does it make life easier for Government? Possibly.
Q230 Greg Mulholland:
Any comments?
Jim Killock: I
would just add that it is not the only example of these sorts
of projects. With ContactPoint, the Government had a concern
about child security, so they invented a database system to solve
the problem rather than talking to the professional childcare
people and asking whether it really answers the problem without
distracting them from their job because they are busy filling
in databases that are largely full of useless material on people
who are not actually at risk of child abuse. Those are the sorts
of problems that you end up with, but I would just mention that
there are a couple that are still carrying on, still in this vein.
Summary Care Records are arguably in a similar vein, and the
intercept modernisation programme is potentially a similar sort
of massive IT project looking for a problemit relates to
needle in a haystacktype cases of terrorism. That involves
collecting all the online traffic data of every UK citizen in
order to solve a needle-in-a-haystack problem. So these drivers
and the things pushing these policies forward still seem to be
there. Intercept modernisation could be an incredibly intrusive
and anti-human rights, anti-human privacy, measurethe sort
of thing that both the Conservatives and the Liberal Democrats
were very keen not to repeat. The fact that that is still somewhere
in the Government agendaor perhaps I should say the Department's
agendasays to me that the civil servants have not necessarily
changed their view of how they want to solve the problem.
Q231 Chair:
But can I just press you on this for a second? If you have everybody's
emails, there are search engines that can search that pretty efficiently,
aren't there?
Jim Killock: The
idea of the programme is to store the traffic data, who talks
to whom onlineso it is the e-mail headers that are wanting
to be keptor who talks to whom on Facebook or who talks
to whom in chat rooms. The problem is, of course, just collecting
that data on the basis of no business case but purely on the basis
that somebody somewhere
Q232 Chair:
You might want to search it one day.
Jim Killock:
Yes, that is not how our human rights privacy is meant to work.
We are meant to have a right to privacy until we are suspected
and the use of traffic data in lawlike your phone records;
who you might have been talking to on your phonedepends
on the businesses having a case for keeping that data; that is
why they keep it. They do not keep it in case the Government
wishes to survey all individuals; they keep it because they have
a business reason. The Government is able to take that data because
they have suspicion of an individual and they wish to get hold
of that for investigation purposes. It does not therefore follow
that, if the Government wishes to survey people, it can just simply
have a blanket surveillance of everybody in whatever case. So
that is how the balance in privacy is meant to work, but that
does not seem to be any part of this debate internally, within
the Home Office, about why the intercept modernisation programme
should be advanced.
Q233 Paul Flynn:
One of the things I see in your biography, Mr McGreggor, is that
you were responsible for FaxYourMP, which nobody does any more.
What more successful things have you been involved in recently
and why did you want people to fax their MP?
Adam McGreggor:
We built FaxYourMP almost by accident. It was one of those things
that came out of a now defunct organisation group that, in some
ways, led to the cofoundation of the Open Rights Group:
the Regulation of Investigatory Powers Bill. We had lots of people,
lots of our friends, saying to us, "We have to do something
about this. How do we contact our MP? How do we write a response?
How do we actually get involved in responding to a Government
consultation?" Many people did not have any idea and a few
of us were working in this building at the time, and those of
us who founded FaxYourMP were all pretty activist and politically
aware. So we thought, "Actually, how can we get hold of
these MPs?" If we go back to 1997, if you remember, every
MP had their pager. We initially thought of PageYourMP, with
these wonderful 130 characters or something like that which people
could use to say, "This Bill is bad, do not vote for it".
So we ended building this campaign website and collated 5,000
opinions on why the Regulation of Investigatory Powers Bill was
bad, the reasons why, and we collated those into a response.
Part of that was because people wanted to get in touch with the
MP and say, "Vote for this please", or "Please
read this", or "Support this EDM" and things like
that. We got hold of the information, contact numbers and fax
numbers in those days because email was still in its infancy in
Parliament, and we built a website.
Q234 Paul Flynn:
38 Degrees are operating this very successfully now; it is Write
To Them in the present form. Do you think that is has a longterm
effect or are MPs going to be able to sort out who is lobbying
them? If they are the same people lobbying them on half a dozen
issues, it would not be seen as vox pop by MPs; it would be seen
to be people who are strongly motivated in certain directions.
Adam McGreggor:
That is the case with surgeries though, as those who have a need
contact their Members. We have merely made a little annoying tool
which is slightly better than Parliament's own offering; we at
FaxYourMP and now Write To Them have set it up that only your
constituents can contact you. If you visit the Parliament site
14 years on, anyone can contact their MP, according to the 300-year-old
tradition. I think I remember there was something from Bagehot
about that.
Chair: How is this relevant
to our inquiry?
Paul Flynn: It is interesting
though isn't it?
Adam McGreggor:
I was wondering that, Mr.Chairman
Q235 Paul Flynn:
We are told we have just entered this postbureaucratic
age, which is an idea that I am sure thrills you as much as it
thrills us. Do you see the concept of IT helping to lubricate
our advance into this brave new world?
Adam McGreggor:
Yes and no. IT can facilitate and IT can enable. What it cannot
do is get people talking facetoface and having dialogue.
It can certainly allow people to arrange to meet up in a pubwhile
in the old days we would have used telephones or had regular meetings
with peopleto talk amongst our peers. It goes back to
the public discourses and the foundation of coffee shops. Technology
can help to some extent but it is not the solution to everything
and that applies to social, political and economic technology.
Q236 Paul Flynn:
I believe that part of the hope is that instead of a topdown
approach from Government, there will be a parallel contact between
citizens and that will take the place somehow of this authority
down to the peasants. Is this a daft idea? Is it a great concept?
Have we suddenly become postbureaucratic or not?
Adam McGreggor:
To me, postbureaucratic will not happen unless bureaucracy
disappears. There is this wonderful oxymoron of postbureaucratic,
yet there is still bureaucracy.
Q237 Paul Flynn:
Can we use IT as a magic wand to make it disappear?
Adam McGreggor:
We could, but I don't know whether it would have the same effect.
It is a question of whether you go for your armchair expert or
armchair auditor versus someone who has had 40 years in the field
and is a proper expert. It is a provenance issue as well; the
provenance of to whom you are listening, and whether the person
you are talking to is in a position to give you sound advice.
It is a trust issue as well.
Jim Killock: Thinking
about how we might become rather more of a big society or rather
more postbureaucratic, there are three things that were
touched upon in the last session which are very important here;
there is a question of Open Standards. Obviously the Government
does not want to lock itself into very tight, closed and impossible
to get out of relationships with software vendors. Open Standards
allow free competition on that sort of basis and that goes through
the whole of the software world; we understand this but it is
still not being done. We are all still locked into Microsoft
formats for documents, and it is understood that that is a bad
thing and it is understood that those companies are probably creaming
off extremely large profits for very little work but we are not
really pushing that hard and fast enough. There is a second question
around Open Source. Government spends a lot of money on IT; when
it spends that money, there is intellectual property being created
and that will potentially be reused and resold back to the same
Government, different departments or other governments elsewhere.
By insisting that IP rights are made open, Open Source offers
the potential for governments to retain control of those IP rights
and not to simply be charged licence fees for things that they
have essentially already paid for many times over. So Open Source
can obviously enhance competition between different vendors using
the same software; it can get you better returns on your investment.
The third question is around open data which Adam just touched
on. Open data obviously allows people to construct markets and
analysis on that data but it also allows people to criticise Government
and look inside what Government is doing, and that is incredibly
important. The question about analysis is also very important;
if we are going to make best use of open data over time then people
need to have the skills to analyse that information and there
needs to be a dialogue about it, but we should not just assume
that, just because open data might lead to people coming to the
wrong conclusions from that data, therefore they should not be
given that information. That is an erroneous and rather shortterm
approach.
Andy Burton: We
can only achieve this postbureaucratic ideal, for want of
a better phrase, if we don't view IT as an outsourcing solution.
The fundamental thing that I keep hearing again and again is
that we are looking at IT as something that is designed and built
deliberately for a Government department and managed by a third
party. You have got to look at the component parts. The technological
world has changed so dramatically that we are still trying to
build things based upon archaic understanding of what technology
is capable of. Therefore the procurement process of making the
IT uphold the bureaucracy is the wrong way round. There is not
enough new thinking; there are some great initiatives like GCloud
out there and there is some very lowhanging fruit, to use
a horrible phrase, from which the Government can save considerable
sums of money and reports have been written by organisations like
the Open Computing Alliance saying that there is about £44 billion
over a 10 year period, as a conservative estimate as to what can
be saved, versus the £95 million that we are talking
about at the moment in time.
Q238 Chair:
But what you are saying is that the postbureaucratic age
is an essential component of harnessing modern technology. You
have got to do agile development to do Open Standards and Open
Source software. There has got to be a letting go.
Andy Burton: It
is not about ceding control, it is about providing guidance to
the market. It is actually the other way round, I would counsel.
It is having the courage of conviction to say, "This is
what we need as a nation, this is what we need as a set of public
services". Just jumping back to the whole identity issue,
that argument got lost with the manifestation of how to authenticate
a person to their online identity. The notion of having an online
identity is not a bad notion, and being able to reuse it multiple
times rather than having to do it in every single system is a
very sensible philosophy. The problem is that there is a lack
of tangible evidence as to what the Government plan is. I would
use GCloud as your best example and the Cabinet Office is
on to a great thing there. It is a very sensible model which allows
for that open standard to be deployed; it enables you to rationalise
data centres; it enables you to break the provision of IT down
into hardware and software and when you do that, you start enabling
the SME, the entrepreneurial organisations. As Mr Rice said in
the previous session, there are plenty of organisations out there
that have the intellectual capability. The issue is, if they
can only procure in the solution that is going to cost hundreds
of millions of pounds to deliver, they just do not have the ability
to come forward and even to be part of that consortium.
Q239 Paul Flynn:
What happens when the creation of the postbureaucratic
age comes into conflict with the Government cuts? The mythology
is that you cut nonfrontline services, and IT is seen as
something behind frontline services, and when cuts take place,
it is 30% here and 30% there. Does it make sense to cut IT by
the same amount because it is not seen somewhere and it is not
on the frontline?
Andy Burton: What
is the point of having hundreds of thousands of servers running
at the 20% capacity? There is no benefit to the taxpayer, there
is no benefit to the Government, all it means is that the way
in which it is being procuredalthough at the time of procurement
it may have been legitimateat the point we are now, is
no longer relevant. So would we rather save hundreds of millions
or even billions of pounds in the way in which we procure our
IT, rather than keep the method going? And by the way, we can
then reinvest that, because IT services in this nation today
do not do us justice, so even if you do not want to take that
estimate of £4 billion a year saving and making it as
a saving, you can reinvest it in the agility.
Q240 Chair:
But the astonishing thing that one of our previous witnesses
has just said is "If you want value, just turn off the tap".
Do you agree with that?
Andy Burton: There
is no point turning off the tap unless you are prepared for the
drought, that be the way that I would put it, because you have
got to say where it is that you are going. Just turning it off
will mean that you are going to end up with chaos because you
have nothing to replace it with at this moment in time. Getting
to the blueprint is not that far away and the GCloud initiative
is a very credible step in that direction.
Chair: We will come to
that in a second.
Q241 Paul Flynn:
There was great distress in the past about the loss of private
information. There were tens of millions of people involved in
the huge loss of Health Service data. I can't remember any single
case where data was found and anyone was harmed by itperhaps
you know of somebut I am sure that the procedures have
been improved in some way. What was the justification for the
hysteria about lost memory sticks that took place when in fact
very little, if any, damage was done by those losses?
Jim Killock: I
don't know if no damage was done. Have you got concrete examples?
Adam McGreggor:
Of disks being found again? No.
Q242 Paul Flynn:
I don't think they found any of them did they? Being lost is
one thing.
Adam McGreggor:
I don't know of any cases but it is still a case of: where is
this data and what is going to happen? A vaguely comparable thing
is the Metropolitan Police sitting on the News of the World
phone-hacking data. There is a wealth of data sitting somewhere
and the content of it is a hissing time bomb waiting for the release
moment if it is in various hands. If it has just fallen down
the drain then it is a case of what the damage actually is, where
has it ended up and, even before that, why it was being transported.
Why was it being transported and transferred in such a way?
Jim Killock: Some
of that included bank details didn't it? I would imagine that
anyone with bank details can engage in minor fraud of setting
up direct debits and so on.
Q243 Paul Flynn:
But did it happen? Was the nervous breakdown by the Daily
Mail justified on this subject?
Jim Killock: It
was; whether or not concrete examples in specific cases occur
or not, the point is that if large amounts of data is getting
out there, then it is a problem. It is certainly the case that,
in certain instances, there has been a great deal of embarrassment,
people will have been quite scared and if your bank details are
among 10 million or 15 million other people's bank details
that you know have got out there, you know that is going to cause
worry to every single one of those citizens because they do not
know if there is going to be a consequence or not. So worrying
whether there is always going to be genuine large scale harm to
individuals is not necessarily the point, but if Government systems
are not up to the job, and they are creating risk and worry for
people, then that is a very serious concern.
Chair: We must press
ahead in the next 10 minutes. I would just observe that it is
like explosions at a nuclear power station; nobody gets hurt but
everyone is very worried about it.
Paul Flynn: I don't think
that's true.
Chair: Well, nobody gets
killed by the radiation.
Paul Flynn: There were
10,000 at Chernobyl.
Chair: Well obviously
I was making a parallel. Mr Heyes?
Q244 David Heyes:
It is pretty clear from what each of you have said so far that
you do not think that Government understands the potential of
IT to change the way it runs and delivers services and so far,
the focus has been on automating existing processes. I would
like to tease a bit more out of you and ask each of you to give
some examples of how the Government could use IT to deliver services
differently. You talked about lowhanging fruit, so give
us some examples.
Andy Burton: At
the most basic level, and forgetting even the applications that
are being used, when you look at how IT is being delivered, you
have effectively got hardware, software applications whether
Open Source or commercially licensedand you have people
managing it. Purely at the level of the way in which hardware
is bought, consumed and used within Government, by default, it
is running at 20% of its efficiency because of the silos, the
way that the original technology was built, the fact that systems
are designed to work at peak capacity although they do not typically
work at peak capacity and the fact that every Department has its
own IT approach. By consolidating that infrastructural service,
you can release considerable capacity growth and you can realise
considerable savings because you move away from the capitalbased
investment plan into an operational, payasyougo
delivery planas the previous gentleman saidand you
are only paying for what you need when you need it rather than
building something that is for the 31 January tax deadline.
It is that kind of philosophy. Without even worrying about what
the applications are, there is a huge saving there.
Jim Killock: We
don't study these things from the point of view of trying to deliver
actual systems; we are just observing what goes on. So from our
perspective, what we see is that there is a huge disjunct between
the intentions of Government, what people within those Departments
or projects need, and what then gets delivered or what these projects
aim to deliver. We also see the lack of expertise in Government.
There were very good comments made in the last session about the
need for that sort of expertise. We also experience that it helps
understanding when technologists are able to get in and talk to
Government officials directly. The big things for us are probably
around releasing data and actually allowing Government data and
Government information to empower citizens. That is our particular
concern, and we think that Government currently has the right
approach about that and it should go as far as it possibly can
on that. However, in terms of the experience we have had of looking
at the systems over the last five years, we would say that the
Government has got to be very, very clear about why it is doing
things with IT and know that it has the right idea at its core,
that it has chosen an objective that is actually needed rather
than essentially driving IT from a political priority that it
has set.
Q245 David Heyes:
Mr McGreggor, you have done some specific work on this, haven't
you? I understand your hack days are designed with this in mind.
Tell us about it.
Adam McGreggor:
We have heard in passing from Martin Rice about hack days. I
hate to correct a witness but actually these two day events were
run by Rewired State not The Guardian. A hack day[2]
is something that probably needs explanation here. Essentially,
within a given period of time, either 24 hours, 48 hours or something
similar, a specific problem is given, with some specific data,
and by the end of that, depending on the number of participants
in the hack, you will see a number of prototypes knocked up.
So for example, you heard talk of the Jobcentre ProPlus earlier,
which involves Jobcentres looking up and finding jobs close to
you. These services are built up by keen developers on the basis
of a real need. There is actually a case for this, people are
actually going to use this; so it is built up from the view of
demand rather than on the basis of what Government wants, or what
Government thinks it needs.
So that sort of approach to it results in a very
rapid process: prototype through to a fullyworking application
in a very short burst of time. So that is one of those things,
but in order for those to function, as Jim mentioned, data release
is needed. It is all very good to release past data, but live
data will give developers a much better, much faster and a much
more realistic approach, particularly if there is something that
you can tap in. So for example, building a simple service for
something like "When is my bin going to be collected?"
would rely on the Council providing up-to-date information because
bin contracts change occasionally, so there is the issue on that.
Going agile, which we have heard about already, can certainly
help; you could not build a site or a hack day using a traditional,
project management, project procurement tendering process at all;
it just would not work. The idea for the hack day is that these
things come up very quickly, they are built and that is it. There
is handover and so on to take it beyond there; so in our case,
the intellectual property rights remain with the developers themselves,
with the source code generally being available so that people
can add in and build additional functionality. People can also
peer review the code so as to have some confidence in it to say
whether it actually does what it says it does. People will scrutinise
other people's code, be competitive about it and come back with
suggestions. That is improving in terms of waste by hitting at
the very root of it, and the code that drives the site can be
collaboratively worked on.
To go back to the question, it is maybe a bit harsh
to say that the Government do not wholly understand the potential.
Some Departments have got it right and some Departments are keen.
Certainly with our professional hats on, we are realising that
Government departments want to run hack days; Government departments
want to go agile; Government departments are thinking about how
they can do stuff and how they can do it quickly. They go along
with this idea of, "What can you do with our data? We do
not have any ideas, we have this wealth of data, build us something,
show us something fun, something that ordinary citizens can actually
make sense of. Show us what we can do."
Jim Killock: It
strikes me that, at the moment, a lot of the data sets that are
being licensed or paid for fall into two categories; one is basic
infrastructure. When we are talking about information, things
like maps and postcodes are really critical infrastructure, so
if they are being charged for, that is causing either social or
economic barriers to people really using data properly. The Government
should identity those parts of data which really are infrastructure
and critically important to make sure that they are free and open
to use. Secondly, some of the data that is being charged for,
people have a tendency to license, which I feel is almost competing
against the core purposes of those departments, businesses or
Government functions. Take transport as an example; fair enough
it has been privatised but the core business of train and bus
companies is to get people on trains and buses, but it is nevertheless
quite difficult to get the data off them to advertise their services.
So in a way, they are trying to charge or license the data of
their train and bus services, and that attempts to charge for
the data and provides a revenue stream that actually competes
against their core business of getting people on transport. Around
a number of places where people are trying to sell or license
data restrictively, that is quite a common feature. People assume
that they can charge for data and go about finding new revenue
streams when that is not really the point.
Q246 Chair:
We must bring our session to a close but can I just briefly ask
Mr Burton about how Government can make use of the Cloud? How
could the Government make much better use of the Cloud than it
does?
Andy Burton: I
do not really believe that it is making use of the Cloud at the
moment, or certainly not as a conscious strategy. The GCloud
is the formation of that and that initiative can provide a framework
to the wider marketplace, bearing in mind that about 26% of IT
spend in the UK is made by public sector; it is a major fault
in the way that IT is shaped in the nation.
Q247 Chair:
Does the Government need to own its Cloud?
Andy Burton: No,
it does not need to own it at all.
Q248 Chair:
So GCloud is not necessarily Government-owned infrastructure?
Andy Burton: No,
in its simplest form, GCloud should be providing the standard
by which solutions should be built and it should determine what
data is held and protected on sovereign soil.
Q249 Chair:
And it should be happy if its infrastructure, GCloud, is
used by other users for storing information, and for commercial
use? It doesn't need its own exclusive cloud?
Andy Burton: It
does not need its own exclusive cloud. I would counsel that there
are probably some areas from a political and conceptual point
of view
Q250 Chair:
We won't put GCHQ on the Cloud.
Andy Burton: Exactly.
So there are issues around data privacy, data security, and data
sovereignty. They are the three key issues that the general public
and businesses are concerned about.
Q251 Chair:
And what do you perceive the barriers to Cloud to be?
Andy Burton: If
I go back to the tenor of this meeting, a current barrier to Cloud
is that procurement is not geared up, at this moment in time,
to even define how those organisations move from classic outsourcingbuild
a data centre, build a unique application, manage it 24/7to
building something and saying, "It had got to conform to
this standard; it has got to be able to work within this security
framework and it has got to enable small businesses, from a software
provision point of view, to be able to interface with local community
group", or whatever the case may be. The lack of framework
is the biggest disabler today, and that lack of framework does
not advise and guide your procurement process.
Q252 Chair:
And presumably the existing framework is reinforced by the existing
contractual commitments.
Andy Burton: Correct,
and something has got to give. That is why I fundamentally believe
that the initiative of GCloud is very powerful; it just
has not yet manifested itself in a way that is design first and
therefore procurement. The critical three things that I am hearing
are: on agile computing, I think we all agree that this prototyping
and design is an important issue to involve in before you get
into contracting; the use of Cloud computing to get a least cost
operation; and the definition of Open Standards.
Q253 Chair:
And very lastly, how do you address those three qualitiesprivacy,
security and sovereigntyin the Cloud?
Andy Burton: Bearing
in mind the example that I gave earlier, a lot of those issues
about data leakage were not actually around the central systems.
They were about data being left in briefcases or couriers not
delivering it, and things like that. It was when data was in
portable media that it was being lost. I would counsel that most
data centre organisations, at least the credible ones, will have
very stringent security operations in place. There is a lot of
fear, uncertainty and doubt about security in technology, and
a lot of the scenarios we have seen have fed a public concern
that it cannot be done. I would counsel that it can be done,
but the issue is that you need to be clear about what you require
of it, and those standards need to be enforced with any providers
you use.
Q254 Chair:
But we need to be far more concerned about people with memory
sticks and losing their laptops.
Andy Burton: Than
using Cloud computing. Correct.
Adam McGreggor:
One of the things which should be consistent with a GCloud
is that data should be easy to get out as well. At the moment
the trouble is if a Government Department wants some data out
of their own systems, sometimes they could end up paying a contractor
their hourly rate[3] to
get the same data out, which is a problem when it comes to Freedom
of Information requests and the limit on the expenditure available.
So if Government owns the data, it can get it rather than paying
a contractor to release its own data to it, which would then open
up transparency even more.
Chair: This has been a
very helpful session. Are there any other burning comments? Excellent.
Well I am most grateful for your help with this. It is difficult
for us lay people to understand some of this. I think your session
has been extremely helpful in that respect, so thank you very
much indeed.
2 Note by witness : "Tell Us Once" (mentioned
in Q188) was the product of a Rewired State Hack Day. Back
3
Note from witness: evidence from Freedom of Information Act requests
suggest that third parties may be over-quoting for these requests.
Back
|