It’s easy to read too much into any party election manifesto, but the Conservatives’ plans – should they win the election, as the polls suggest they will – offer plenty of scope for speculation around the next steps for digital government.
Cabinet Office minister Ben Gummer was closely involved in writing the Tory manifesto, and his hand is certainly apparent in the recognition of digital being highlighted as one of the “five great challenges” faced by the UK over the next five years. Gummer is, after all, a man who sees digital transformation as a means to “restore faith in democracy”.
It will be interesting to see how the timing of the election affects the Government Digital Service (GDS), which sits at a crossroads in its evolution, after being heavily criticised in March by the National Audit Office and told by the watchdog that it needs to redefine its role.
Nine months into his reign, GDS chief Kevin Cunnington has completely overhauled his leadership team. Insiders suggest the changes at the top have not fully filtered down to the troops, but the start of a new parliamentary cycle offers an opportunity to drive forward afresh.
Cunnington is redefining the scope of GDS’s responsibilities – in particular, much of the legacy of former CTO Liam Maxwell is slowly being dismantled.
The role of CTO itself appears to have been abandoned, with no apparent prospect of a replacement for Maxwell’s successor, Andy Beale, who left GDS earlier this year.
The Common Technology Services (CTS) team – set up to roll out better technology for civil servants and to advise departments on ending their large outsourcing deals – has been mothballed, according to several sources, now that its director, Iain Patterson, has left. CTS is continuing certain existing projects, but not taking on any new work, say sources, who claim that Cunnington never saw CTS as part of GDS’s future.
It’s worth noting that as part of the £450m budget GDS was given in the 2015 spending review, the CTS programme was projected to deliver £1.1bn of the forecast £3.5bn savings to be achieved in return.
Computer Weekly asked the Cabinet Office to confirm the status of CTS, but they were unable to comment due to the “purdah” rules that prevent Whitehall discussing future government plans during an election period.
Meanwhile, Maxwell’s other big initiative, spend controls – responsible for a significant portion of the savings GDS claims to have made from government IT costs – has been watered down, handing greater control back to the departments the policy was intended to rein in.
The Tory manifesto gives only a few clues as to where GDS – and wider digital government plans – go next. Much is simply repeating the past.
“We will create a new presumption of digital government services by default”, it says – replacing the old and presumably identical presumption that’s been in place for the last five or six years.
“We will publish operational performance data of all public-facing services,” says the document – presumably that’s the Gov.uk Performance Dashboard that’s been around for some time.
There are references to open data, publishing more information online, and rationalising the use of personal data – which presumably tee-up the imminent appointment of a chief data officer (CDO), for which recruitment has been underway for a few months.
Notably, sources suggest the new CDO will also be positioned outside of GDS.
A few eyebrows were raised to see a specific commitment in the manifesto to Gov.uk Verify, the sometimes controversial online identity assurance scheme. Plenty of outside observers have questioned progress on Verify, some calling for a formal review, but minister Gummer clearly remains a strong supporter.
Perhaps the most interesting manifesto line, in the context of digital government, is the most vague: “We will incubate more digital services within government and introduce digital transformation fellowships, so that hundreds of leaders from the world of tech can come into government to help deliver better public services.”
The use of “incubate” is interesting – past manifestos might have used the word “develop”. Does this suggest a desire to push more development out to suppliers?
What exactly is a “digital transformation fellowship”? Given that so many IT contractors have stepped back from government IT work after the April reforms of IR35 tax laws, is this simply a way to bring them back? Is it some new status of employment that allows Whitehall to pay private sector market rates for IT professionals to get over the limits imposed by civil service pay structures?
Cunnington has been leading a review of digital jobs, skills and pay structures, so perhaps this is one of the fruits of that work.
We can conclude with some confidence that work on Verify and other common platforms will press ahead after the election, but we will have to wait to see whether there are further changes in the structure and delivery of digital government.
In all the debate about the NHS ransomware attack, much has been made of a government decision in 2015 to end a contract with Microsoft to provide support for the ageing Windows XP operating system that was widely in use across the NHS at the time.
Continued use of XP has been highlighted as one of the factors that enabled the ransomware attack – although the bigger issue is the lack of discipline in patching newer versions of Windows, which allowed the attack to target PCs without a fix for a known bug that has been available for two months.
The XP support deal has even become a political issue, with Labour criticising the Conservatives for “cancelling” support for XP. The truth is very different, and sheds light on the deep organisational and structural issues within NHS IT that made a cyber attack on this scale inevitable. It also raises questions about how the prevailing political ideology directing the NHS contributed to the situation.
Computer Weekly has talked to several people directly involved with the decision not to renew the original 2014 support deal with Microsoft – they have asked to remain anonymous – but they provide insights into why the NHS was uniquely vulnerable to this attack.
A purely commercial agreement
The £5.5m XP support contract with Microsoft, signed in 2014, was trumpeted by the Crown Commercial Service (CCS) and the Government Digital Service (GDS) as a helping hand for public sector organisations that had yet to migrate off XP – the end of support had been flagged for years, and Microsoft had long encouraged users to upgrade to newer versions of Windows.
However, the contract was purely commercial – a volume pricing agreement. It added no new capabilities for XP support to that which individual government bodies already had. CCS simply negotiated a pricing deal – a volume discount – to take advantage of the large number of XP support contracts already in existence, and thereby to reduce the overall cost to the government IT estate.
GDS used this opportunity to put pressure on laggards to upgrade XP, saying effectively they had one year left to do so. GDS, however, had no mandate or ability to force any organisations to upgrade.
A year later, CCS proposed a renewal of the deal, but this was turned down by a group called the Technology Leaders Network (TLN), which was set up by GDS for tech chiefs across Whitehall to collaborate and, where appropriate, make collective decisions on IT policy.
What’s important is this: the TLN did not cancel support for Windows XP. They decided to end the volume pricing deal, leaving any organisation still using XP to continue with XP support if they chose to do so. This was clearly communicated to affected departments.
The tech leaders felt the volume pricing deal was acting as a “comfort blanket” for laggards who would prefer – for their own local reasons – not to have to worry about upgrading from XP. There was never a central decision to end support for XP – any such decisions were left entirely to local decision-makers.
Relations between GDS and Microsoft at the time were also not good. Microsoft was reeling from GDS decisions around open standards that threatened the supplier’s dominance of government IT. GDS, in turn, felt Microsoft was behaving badly, unnecessarily playing hardball in its commercial relationship.
The extended support deal already had fees set to double every six months after April 2014 until April 2016, when those charges would have been renegotiated.
The contract agreed by CCS in 2014 was purely about saving money – not about extending support for XP beyond what was already in place. Its cancellation was not about ending support for XP, purely about putting responsibility for the decision to pay for XP support back on those people who still used the system.
Every one of the tech chiefs agreed to the decision to end the contract. Each took responsibility for ensuring any XP users in their departments were fully aware of the implications.
Furthermore, GCHQ had advised the TLN that the XP support deal was practically worthless in terms of protecting XP users from IT security vulnerabilities. While the contract covered the availability of critical patches for XP, GCHQ said there were so many vulnerabilities in the ageing software, that even those critical patches would never be enough to protect users.
GCHQ was well aware that XP was, and would remain, an insecure and vulnerable system whether there was a support deal in place or not.
IT governance in the NHS
Crucially, however, while the Department of Health (DoH) was represented in the TLN, the NHS was not. GDS had no governance role over IT in the NHS. The DoH tech chief told the meeting he could not take a decision on behalf of the NHS – although clearly he could communicate the decision.
The NHS, meanwhile, was still grappling with the reforms introduced by the 2012 Health and Social Care Act, which controversially separated decision-making powers in the NHS, and removed legal responsibility for healthcare from the secretary of state for the first time. NHS organisations were effectively federated, with greater local control over budgets and decision-making, delivering services “commissioned” by GP-led Clinical Commissioning Groups.
As a result, there was no longer any central organisation with responsibility for IT in NHS trusts. The Health and Social Care Information Centre (HSCIC) – now NHS Digital – is responsible for certain central issues, such as data standards, managing the run-down of contracts from the failed National Programme for IT, and driving digital transformation. HSCIC had no responsibility to set technical standards for IT across the NHS, in the way that GDS was able to do across Whitehall.
GDS was worried enough about this situation that it met with then DoH minister George Freeman, to emphasise the need for a central body to set technical standards across the NHS, with the authority to ensure trusts and other organisations followed best practice, and with the transparency to highlight those who chose not to.
One source claimed that secretary of state for health Jeremy Hunt was also briefed on the security risks that a lack of IT standards would create in such a heavily federated NHS organisation, but it was never a priority at that level. “Hunt never grasped the problem,” said the source.
As a result, accountability for IT standards – including security – varies widely in the NHS. Not all trusts have a single person with responsibility for IT on their board. There is no way to know whether trusts include information security on their risk registers unless they choose to publish them.
As Computer Weekly has reported elsewhere, there were further warnings about the security risks to the NHS, including from national data guardian Fiona Caldicott, and from CareCERT, the NHS Digital organisation that now co-ordinates IT security activity across the health service.
But ultimately, decisions and priorities are set locally by managers in each NHS organisation. As we now know, there were plenty who failed to recognise the cyber security risks they faced, and only now has the inevitable end result been made painfully apparent.
Computer Weekly has been banging the drum for full-fibre broadband for several years. We’ve been critical of BT for its reticence and reluctance to embrace fibre to the premises (FTTP) as the future for the UK’s digital infrastructure.
BT would often tell us that FTTP is not needed. That the demand simply isn’t there. Other technologies based on existing copper cabling are more than adequate for years to come. Rival providers like Sky and TalkTalk are simply playing PR games when they call for BT to be forced to build a fully fibred broadband Britain.
We also supported calls for Openreach – BT’s local infrastructure arm – to be separated from the mothership to encourage competition and create a regulatory environment focused on building FTTP. But BT told us that Openreach simply wouldn’t be able to make the necessary investment without BT Retail as its core in-house partner to drive demand. Those pesky rivals couldn’t be relied upon.
So we’ll try not to be churlish this week, and instead congratulate Openreach, newly separated from its parent company, in announcing a consultation with the industry on rolling out full-fibre broadband.
This is the new regulatory environment and the newly structured Openreach working the way everyone said it should. It’s BT bowing, finally, to the inevitable and starting its way towards FTTP for all. It’s several years too late, but hey, better now than later.
Of course, it’s taken a change of rhetoric from the government, which now promotes the idea of full-fibre after years of supporting the BT line that fibre to the cabinet (FTTC) is all that matters. And it’s taken the market to send out strong signals that everyone else sees FTTP as the way forward – witness BT rival Gigaclear securing £111m in equity funding earlier this month to support its fibre roll-out that includes many of the rural areas BT deemed uneconomic even for FTTC.
We wouldn’t want to suggest either, that BT’s plunging share price, £528m accounting scandal at its Italian subsidiary, £300m restructuring, 4,000 job losses, £42m fine from Ofcom over Ethernet installations, or the associated £300m in compensation payments, had anything to do with the need for some positive news.
No – the important thing here is simply that we’re getting there, at last. If the UK digital economy wants to be competitive as we leave the EU, we need world-class, world-leading infrastructure as a key incentive to attract companies to invest in this country. For all our sakes, as well as theirs, let’s hope BT gets us there in time.
For a long time, people working in IT laboured under the knowledge that nobody from outside IT was interested in what they do because it’s all too technical – a bit boring and geeky. It’s been impossible to have a conversation about tackling the long-term skills shortages in IT without someone mentioning that the profession has an image problem.
The digital revolution seems to be changing attitudes, however. According to this year’s technology skills survey by recruitment firm Mortimer Spinks and Computer Weekly – one of the largest of its kind in the UK – 76% of non-IT/digital workers would consider a career in IT.
We should rejoice on any number of levels about this – but it raises a very important question: what’s stopping them?
If we’ve succeeded in convincing the technically unconverted that IT is an interesting, rewarding, motivating – and fun – place to work, we need to do more to get them over the line and into a job.
It’s expected that by 2020 the UK will have 800,000 fewer IT professionals than it needs – and that’s before you even consider the potential impact of Brexit given that 18% of the 1.6 million digital and tech workers in this country come from overseas.
For many years there has been a roll-call of initiatives to try to encourage more people into IT – from school computer clubs to women in tech programmes; from changes to academic curricula and closer ties between universities and industry. None of them have bridged the skills gap – and it’s a terrible indictment of IT employers that the proportion of women in IT has actually fallen over the last 10 years, now at a low of 16%.
The lack of tech skills in the UK is the biggest challenge faced by our digital economy as we seek to become a global technology leader post-Brexit. If we don’t have the people, we won’t have the growth.
It’s often been said that people outside IT think you need coding skills or technical expertise – our survey suggests even those attitudes have changed. Only about a third of non-technical workers think a key requirement for a tech role is coding ability, just 26% think candidates must have a tech-related degree, while only 33% think candidates have to be good at maths. They’re right – creativity, communication skills, and other soft skills are just as important.
The biggest problem over the last 10 years is the steep decline in training budgets. Employers looking to fill IT skills gaps must invest in cross-training for those 76% of eager non-tech workers – we need a concerted effort to convince them to play their part in our digital future.
In the run-up to the last UK general election in 2015, the Labour Party’s then shadow employment minister Stephen Timms pointed out that the target completion date for the Universal Credit welfare reform programme had “slipped four years in four years”.
In July last year, the secretary of state for work and pensions, Damian Green, moved the completion date back to 2022 – five years later than the original 2017 target set at project launch in 2011. That makes about seven timescale slippages in all.
So perhaps it’s not surprising that the Department for Work and Pensions (DWP) is still cautious when talking about future deadlines for the controversial benefits scheme – as shown by a recent freedom of information (FOI) request.
Independent IT programme manager and FOI campaigner John Slater has been a dogged thorn in the side of DWP for over five years, pushing the department through the courts to reveal unpublished documents in an effort to bring greater transparency to one of the highest-profile IT failures of the Coalition government.
Currently, Universal Credit seems to be going well – at least, compared to its troubled early stages. The “full service” version – formerly referred to as the “digital service” – is at last being rolled out country-wide. The previous version – the remnants of the system that was “reset” in 2013 at a cost of £130m – handled only the simplest of claims, whereas the full service covers the entire complexity of the scheme to replace six different in-work welfare benefits with a single payment.
Full-service roll-out is due to be completed by September 2018 – meaning that all new benefit claims will be handled through Universal Credit. A bigger challenge lies ahead – migrating about seven million claimants for the existing benefit schemes onto Universal Credit. The UK government – perhaps no government anywhere – has ever attempted such a large-scale data migration.
Slater’s latest FOI request asked DWP for further information on the planned completion date – at the time of his request, this was still set to be 2021.
DWP, however, claims that it no longer works with deadlines or targets, citing its use of agile development as the justification.
“The Universal Credit Programme deploys ‘agile’ techniques to ensure the system develops incrementally and this is how it is managed through its governance route. We work in short phases and, as explained before, ‘target dates’ are not features of agile programme management and are not how we run Universal Credit. We articulate the scale and structure of our delivery plans for Universal Credit in terms of phases of roll-out, to specific jobcentres and local authority areas,” said the DWP response to Slater’s FOI request.
Slater points out that this is perhaps stretching the definition of “agile” somewhat.
“The DWP is hiding behind this argument that agile means you don’t have a plan and this isn’t true,” he told Computer Weekly.
“At the programme level there should be some kind of high-level plan that sets expectations of when things need to be completed. Where agile has been applied to programmes rather than projects there is still a map/programme portfolio/goals/plan or whatever people want to call it that covers each of the projects or work-streams (depending on how the programme is structured) and when it needs to be completed.”
Given that the secretary of state has already told Parliament that Universal Credit has a 2022 target completion date, you can have some sympathy with Slater when he adds: “The response seems to confirm to me that the DWP is making it up as it goes along and doesn’t have any kind of credible plan showing how long it will take.”
DWP acknowledged to Slater that the 2021 target has been mentioned in documents supplied to the Universal Credit Programme Board, but stated the date has “yet to be confirmed”. It said:
“In line with agile methodology, the sooner the activity, the more detail there is. These activity streams are called:
“Governance and project management, which gives details of reviews and assessments that take place to review progress. This activity stream refers to a 2021 closure date, which is yet to be confirmed.
Transformation and planning, which looks at the interfaces and frameworks that need to be in place for Universal Credit to roll out. This looks at migration and refers to ESA/tax Credit claimant migration completed by 2021.
“UC product development, which describes the digital features Universal Credit will make use of. There is a reference to decommissioning legacy IT in 2021, which is yet to be confirmed.
We have not yet started to plan any activity around project closure or legacy decommissioning; nor have we started any significant planning for the ESA/tax credit stage of migration, which, as you may know, is now planned to complete in 2022.”
MPs have repeatedly criticised DWP for a “veil of secrecy” and lack of transparency over Universal Credit, and Slater’s experience suggests the department continues to take a highly cautious approach to what it reveals about project development and timescales.
Amazingly, given the programme has been going since 2011, the full business case for Universal Credit has still not been submitted or signed off by the Treasury – that’s due to take place in September this year.
At that time, perhaps DWP will finally reveal more detail about how it will avoid further delays during a three-year migration period that will present significant risks to Universal Credit roll-out.
Like it or not, necessary or not, we have another General Election, and while nobody will decide their vote based on a party’s digital policies, the imminent poll will raise important questions that affect the tech community.
It’s unlikely we will see many digital surprises in the Conservative manifesto. Only this year, we’ve seen publication of the industrial strategy – which outlines policy on the IT industry, digital skills and telecoms infrastructure – and the transformation strategy, which covers digital issues within government. They will most likely continue as the core of Tory plans.
In 2015, Labour was the most vocal party on technology and had the most thought-through digital strategy. Under then policy chief Jon Cruddas and shadow digital minister Chi Onwurah, they reached out to the tech community and ran an extensive consultation process to produce some comprehensive proposals.
Sadly, the upheavals in the Labour party since have seen digital on something of a backburner. Onwurah has been somewhat sidelined, although remains the spokesperson for industrial strategy. Louise Haigh has proved a capable and knowledgeable shadow to digital economy minister Matt Hancock. But Labour’s digital interventions have seemed mostly reactive, with little overarching strategy other than an acknowledgement that digital is a critical economic issue.
The Liberal Democrats were equally keen to talk digital in 2015, but since their spokesman at the time, Julian Huppert, lost his seat the party has barely had the resources to extend their reach into tech.
Computer Weekly published a detailed guide to the digital manifestos of the main political parties in 2015, which you can read here.
The new context of Brexit will be a factor, of course – steering a path that allows the success story of the UK digital economy to continue, when much of the growth has been down to our membership of the European Union.
But Theresa May has effectively signalled that the details of Brexit are not on the table for this election – regardless of how many people in the UK tech community might like to see the vote as an opportunity to rethink our departure from the EU.
The timing of the election could be good for the Government Digital Service (GDS). As it stands, GDS had three years to prove itself and deliver the targets in the transformation strategy for 2020. A Tory victory in June will probably secure GDS’s future for the duration of the next parliamentary cycle – but it won’t ease the scrutiny as digital government will be expected to deliver significant and measurable improvements for citizens.
We await the parties’ digital plans with interest.
The NAO “found widespread views across government that GDS has struggled to adapt to its changing role”. This, presumably, was a big part of the rationale that led to Kevin Cunnington being brought in as the new GDS director-general last summer.
Quietly, Cunnington has already effected major change at the top of GDS, the extent of which has been revealed by a recent Freedom of Information request.
The requester asked for the make-up of the GDS leadership team now, compared with 12 months before. This was the response from the Cabinet Office:
GDS leadership team as of 8 March 2017
- Kevin Cunnington, director-general
- Nic Harrison, director of service design and assurance
- Emily Ackroyd, director of strategy and engagement (jobshare)
- Hazel Hobbs, director of strategy and engagement (jobshare)
- Chris Ferguson, director of national, international and research
- Arif Harbott, director of digital, data, and technology profession (interim)
- David Lewis, director for delivery and support (interim)
- Alex Segrove, deputy director, head of business operations
- Amy Longdon, head of private office
- Director of digital, data and technology profession – A candidate has been appointed for this permanent role, announcement expected in due course
- Director of delivery and exchange – to be recruited and filled in due course.
GDS leadership team as of 31 March 2016
- Stephen Foreshew-Cain, executive director
- Liam Maxwell, chief technology officer
- Iain Patterson, director of common technology services
- Paul Maltby, director for data
- Chris Ferguson, director for digital
- Felicity Singleton, deputy director, head of strategy
- Wendy Coello, deputy director, head of communication and engagement team
- Alex Holmes, deputy director, chief operating officer
With the departure from GDS of Alex Holmes, who recently moved to become deputy director for cyber security at the Department for Culture, Media and Sport, only one of the previous top team remains in place – career civil servant Chris Ferguson.
Add to that list former CTO Andy Beale and strategy director Janet Hughes, who became part of Stephen Foreshew-Cain’s leadership group before their (and his) departures, and the overhaul is significant.
Iain Patterson, Felicity Singleton and Wendy Coello are (to the best of my knowledge) still at GDS, but apparently no longer part of Cunnington’s top team.
It’s clear GDS is becoming a very different beast.
(As an aside, it’s also interesting that the role of chief data officer, currently being recruited, was not listed as one of the GDS vacancies – does that mean the new CDO won’t report into GDS?)
Cunnington recently wrote a blog post on Gov.uk reporting on the recent GDS roadshow that visited government locations around the UK. He concluded by saying: “We’ve learned a lot about ourselves as an organisation – not all of it has been easy to hear – but we’re committed to iterating and improving”.
There has been no shortage of people in Whitehall criticising or undermining GDS, for some time now –not all of which GDS wanted to hear, nor did it always listen to.
The NAO concluded that “GDS needs to be clear about its role”. Let’s hope the changes at the top are the start of addressing the challenges it faces – and quickly. GDS has £450m and three years until the next election to prove its critics wrong.
Prior to this week’s publication of the latest National Audit Office (NAO) report on the Government Digital Service (GDS), rumour had it the Whitehall watchdog had pulled back from serious criticism and tempered its observations. A first draft, so it was said, was subsequently toned down.
However, for anyone familiar with NAO-speak – an accountants’ version of Whitehall-speak that couches disapproval in Sir Humphrey’s vague shades of grey – the report is scathing in its analysis of the problems facing GDS.
On the positive side, the NAO reaffirms the importance of GDS’s role as a central authority for digital government, and acknowledges the progress it has made.
“GDS has successfully reshaped government’s approach to technology and transformation,” said the report.
“We have found that methods promoted by GDS, such as agile development, are used widely across government, and that digital leaders are perceived as breaking down traditional barriers between IT and other functions.”
But then the question marks over GDS today and in future take over – and the NAO poses a lot of them. The most fundamental is that the NAO “found widespread views across government that GDS has struggled to adapt to its changing role”.
Of course, GDS supporters will respond – with justification – that the whole point of the organisation is to counter “widespread views” in Whitehall departments; that such comments only exemplify the institutional inertia and silo mentality that successive GDS leaders have fought against. But it’s hard to ignore many of the facts presented for the first time in the NAO report.
The report is 57 pages long, you can read the whole thing here, but I’ll pick out a selection of the most pertinent observations and statistics – I can assure you none of these quotes are taken out of context – with my observations added.
Strategy and transformation
“Although [GDS’s] budget increased to £150m in 2016-17, GDS expects to underspend against this by £45m, largely because of lower than expected take-up of centrally provided services.”
That underspend, according to sources, is almost entirely down to low take-up of Gov.uk Verify, the common identity assurance service developed by GDS, which continues to miss adoption targets. That unspent cash was allocated for payments to the third-party identity providers who verify users are who they say they are – because of low take-up, those providers are not completing enough transactions, and hence don’t get the money they hoped to receive.
The NAO report also reveals that in 2015/16. Verify accounted for 21% of GDS expenditure – think about that, one-fifth of the entire spend on that one project.
“GDS’s new approach is still emerging. It is not yet clear how GDS will prioritise its activities over the next few years, or how it will develop a plan to support its new approach. GDS told us that, in January 2017, it started to work with digital leaders across government to understand the current position and where it needs to get to by 2020. At the time of our assessment, there were no outputs from this process available for review.”
GDS was awarded £455m in November 2015 to cover the 2016 to 2020 spending review period – yet as of March 2017, it could not tell the NAO how it would prioritise its work, and had only just started work to understand what’s needed by 2020.
“GDS’s role in supporting transformation is not set out clearly in the new Government Transformation Strategy… It is not clear who is responsible for driving business transformation in government to address issues such as culture and process change, which were highlighted in the Government Transformation Strategy. It is also unclear how they will do this.”
The Government Transformation Strategy – what was previously the digital transformation strategy – was written by GDS, and morphed into a “transformation” plan under the leadership of GDS director general Kevin Cunnington, who was started the role in September 2016 with a specific remit for transformation. The strategy was launched in February by Cabinet Office minister Ben Gummer. But the NAO is still “unclear” how it will actually happen.
“GDS publishes data on 802 government services on an online Performance Platform. But only 118 services publish data on costs per transaction and not all services publish required data on digital take-up, the completion rate for online transactions or user satisfaction. In an internal review in 2015, GDS found that there was a lack of clarity about the purpose of the Performance Platform. Some data have not been updated since March 2016.”
When it was introduced by former GDS chief Mike Bracken, the Performance Platform was rightly presented as a critical tool for monitoring the wave of digital services that would appear across government. In particular, it would show ministers how much transactions were costing, as a way to focus spending on priority areas and build a business case for change. As such, it was a sensible and important initiative. Now, GDS has allowed it to have a “lack of clarity”, when that purpose seemed clear when it was first launched in 2012. Of course, GDS’s biggest challenge here – as has so often been the case – is the lack of buy-in from departments.
“The Executive Management Committee within GDS is responsible for overseeing performance and setting strategic direction. We reviewed board minutes and performance dashboards from each of four business groups (operations, digital, data and technology). We found that objectives and results presented to the board were sometimes vague and did not always include baselines or targets. This made it hard to assess progress.”
GDS has been frequently criticised for publishing strategies and plans without measurable targets – the NAO suggests this is not only a problem with its external pronouncements. In mitigation, the NAO noted that, “GDS has recognised this issue. In August 2016, board minutes noted that there was still work to be done to ensure that objectives and results aligned with the organisation’s objectives and could be measured against hard progress measures.”
“Our review of minutes from the Executive Management Committee found mixed evidence about the level of guidance that GDS is providing on priorities for specific programmes. The minutes for four months from September 2016 noted that the Digital Group (which covers Verify and other common services) had to ask the Board to clarify current priorities, to ensure it assigned staff to the right areas.”
To be fair, Kevin Cunnington only started as GDS chief on 1 September 2016 -but at that time, the NAO suggests that even GDS’s own teams were unclear on what their priorities were meant to be.
As a reminder, the exemplars were 25 high-volume transactions targeted for transformation into modern digital services, to demonstrate the benefits and opportunities of GDS’s approach. The programme started in 2012 and was due to deliver the 25 new services by March 2015. In the end, 15 of the 25 exemplars were available as live services and a further five were available to the public in trial form.
GDS reviewed the success of the exemplar programme in 2015, and Computer Weekly has in the past requested a copy of that review under Freedom of Information laws, but the Cabinet Office declined to release it. The NAO report reveals for the first time some of the findings of that review.
“GDS’s analysis indicates that only six of the live exemplars and two of the publicly available trials had provided an integrated service by March 2015. Full transformation and digitisation was not achieved, either for the citizen or for government.”
It’s been an open secret that some of the exemplars did little more than redevelop the web front-end to make it more user-friendly – the so-called “lipstick on a pig” approach. In some cases, departmental staff still retyped data collected by the new digital services into their legacy back-end databases. This is the first time we’ve learned how many of the exemplars were simply better websites – of course, having a better website that’s easier to use is welcome, and the right place to start. But it makes clear the challenges of genuine end-to-end transformation of services – an objective that is one of the central planks of the new transformation strategy.
“GDS analysed whether the value of expected benefits for those exemplars over a 10-year period exceeded the costs of development. In 12 cases the benefits exceeded the costs, but in 10 cases the costs outweighed the benefits.”
GDS is not to blame here – it’s the department’s responsibility to ensure they deliver the return on investment expected. But the fact that 10 of the 25 exemplars actually cost more than the benefits they achieved must raise huge questions about the business case for some digital services – or at least, departments’ ability to deliver the benefits.
“With such a broad remit, GDS faces a significant challenge in meeting possible needs for technical support in areas demanding a deeper technical knowledge and understanding of the existing government landscape. There is limited guidance on replacing or reconfiguring legacy systems to support transformation programmes. GDS has only recently published guidance on using application programming interfaces (APIs) to link administrative systems, despite an emphasis on APIs when GDS was first set up.”
A frequent criticism of GDS from digital teams in departments is that GDS lacks the technical know-how required for migrating off legacy systems – that the expertise in GDS has been focused mostly around web development. However, part of GDS’s remit was always to support departments in moving away from legacy systems and the outsourcing contracts that locked them in to that legacy.
The observation about APIs is particularly pertinent – if you go back and read the original 2010 report by Martha Lane Fox that led to the creation of GDS, it was clear about the importance of GDS developing and promoting the use of APIs. The NAO suggests this priority had been somewhat overlooked.
“While GDS has concentrated on developing ‘registers’ (canonical lists, such as countries or local authority areas), there is little strategic overview of the data needs of departments and no common view of how best to assess privacy concerns, consent and security.”
The work on registers is an important part of GDS’s activity around data – there is a clear need and benefit for common standards around data that is re-used across departments. It’s absolutely right that GDS does this work. But the NAO suggests that, once more, engagement with departments is not all it should be.
The NAO goes on to note there is “no overall data strategy to provide clarity of overall purpose”; “Previous [data] mapping attempts failed because of fragmented landscape and burden of detail”; and “No overall view of future state for data for services, sharing, data security and privacy”. The Cabinet Office is recruiting a new chief data officer – clearly they will be kept busy.
GDS introduced cross-government controls on departmental IT spending at an early stage – the process is seen to be one of GDS’s success stories, with the NAO highlighting £1.3bn of savings (although it should be noted that these “savings” are more “not spending money we might otherwise have spent” rather than cuts in existing expenditure).
As a result, there has been some controversy recently after Cunnington revealed he intended to weaken the controls, and allow departments more independence over their spending. Here, the NAO report suggests such a move is justified – despite criticisms from some outsiders that diluting controls would simply bring a return to the bad old ways of poorly purchased projects from large systems integrators.
“GDS data shows that requests of up to £1m accounted for 47% of its spending controls team’s time on spending controls. At the same time, these requests produced only 1% of the financial savings claimed in 2015-16.”
In other words, the real savings from spend controls come from oversight of the bigger projects – not the many small ones that GDS has also been approving. However, here too there is a clear need for better engagement with departments, with the NAO noting that: “Departments regularly submit spending proposals for GDS approval at a late stage in the development of programmes and projects. Our examination of 2016-17 data found that 40% of programmes and projects relating to applications received at the full business case stage had not been reviewed previously by GDS.”
Cunnington is introducing a new controls process to address this issue, with departments being mandated to share an 18-month pipeline of forthcoming digital projects.
“While new digital and procurement frameworks targeting SMEs have had some impact, most government procurement with digital and technology suppliers continues to be with large organisations. In 2015-16, 94% of such spending was with large enterprises, a fall of less than one percentage point since 2012-13.”
GDS has made much of its attempts to introduce more SME suppliers, and to reduce dependence on the “oligopoly” of large systems integrators that became associated with government IT overspending and waste over the previous decade. Much has been made of G-Cloud and the Digital Marketplace, the online catalogues that see 64% of sales go to SMEs.
But here, yet again, departments are simply not buying into the plan. It’s not entirely a GDS problem though – last week, MPs on the Public Accounts Committee criticised the Crown Commercial Service – the Cabinet Office’s central procurement agency – saying it had not won departments’ confidence, and had only been able to manage £2.5bn of spend on behalf of seven departments, rather than the £13bn and 17 departments that had been predicted in 2014.
Gov.uk Verify and Government as a Platform
“In 2014, the Civil Service Corporate Management Board asked GDS and HM Treasury to work with departments on the case for adopting a cross-government approach. They stated that ‘a first principle for delivering any of the building blocks of Government as a Platform would be to reuse previous work done by departments’. But so far the main working components are newly built platforms.
“In principle, development effort is reduced when new services can make use of existing common components. GDS’s new platforms are attempting to aggregate demand. The underlying applications (such as text message notification) are already commercially available and used in existing services. It is not clear how new platforms are meeting the greatest need and the direct benefits of aggregation are small.”
External critics of GDS have often questioned why the organisation feels it needs to develop so many of its services in-house, rather than using off-the-shelf software purchased commercially. Gov.uk, the single government website, is considered GDS’s biggest success story, but uses a series of content management systems (CMS) that were all developed internally, instead of using one of the many CMS platforms that are commercially available.
The NAO reserves some of its heaviest criticism for Verify, the troubled identity assurance programme – which, if you’ll remember, accounts for 21% of all GDS spending. It’s worth reading the NAO comments in full:
“To achieve the target of 25 million [Verify] users by April 2020, GDS needs the profile of users to increase at a much sharper rate from April 2019. The September 2015 business case predicted 4.4 million users by the end of March 2017. This projection was reduced to 1.8 million in the October 2016 business case. As of February 2017, Verify had 1.1 million user accounts.
“Verify has not achieved the volume of users in the central forecast of the business cases, in part due to slower development of digital services across government, and fewer than expected services being ready to adopt Verify as the primary access route. In 2014, GDS expected over 100 departmental services to be using Verify by 2016. In October 2016, GDS predicted that 43 services would be using Verify by April 2018. In February 2017, 12 services were using Verify.
“Even services that do use Verify are continuing to use alternative methods to access services online. Of the 12 departmental services connected to Verify as of February 2017, nine also allow access by other means including, for one department, an enhanced version of the existing Government Gateway.
“Reduced take-up means that Verify will need to be centrally funded for longer, and reduces the incentive for the identity providers to lower their prices over time. It is not clear how or when GDS will determine whether continuing with Verify will achieve projected benefits.
“The use of multiple routes to accessing services online undermines the business case for Verify. In October 2016, GDS modelled the scenario of no additional HMRC users and found that this would reduce benefits by £78m over four years leading to a net cost of £40m. It also modelled that failure to achieve sufficient volumes to reduce the commercial costs of the service in 2018-19 could lead to a net cost of £70m in present value terms over four years. Although GDS has estimated a large positive net present value once indirect benefits and a longer time frame are included, the business case is highly reliant on assumptions about savings in departments, and it is not clear whether these are reasonable.”
The report goes on to document some of the well-publicised issues with Verify functionality, usability and performance, concluding that: “Combined with performance problems, this means that departments face weak incentives to adopt Verify.”
The Cabinet Office says that Verify has been mandated to departments as the one and only system to be used for identifying individual citizens using digital services. As we know from HM Revenue & Customs (HMRC), some of those departments are less than keen.
It’s true to say that GDS has a dilemma here. On one hand, it’s criticised for slow adoption of common platforms and told it should work with departments and mandate their use. On the other hand, it’s told departments don’t like services to be mandated and it needs to do a better job persuading them to buy in. There’s no easy answer. But Verify still teeters on the precipice between being the “gold standard” for identity that its original vision hoped for, or becoming an over-complicated, over-specified, over-ambitious and hugely costly failure.
The NAO adds:
“There was no full analysis of how existing services identified customers or analysis of the way in which customer data is held in existing services or how this might affect the user journey from Verify to completion of the service transaction. Such analysis may have provided more understanding about likely rate of take-up and the type of incentives required for departments to use Verify.”
Former GDS staffers say that Verify has been developed in too much of a cocoon, with the team focused too much on their goal of creating a universal identity assurance service that could become a standard across the UK, even in the private sector. As a result, say these sources, Verify has lost its grasp on what is really needed – a means to quickly, effectively and securely allow citizens access to the online services they want to use. HMRC will no doubt be delighted to see this observation from the NAO:
“The Verify business case ruled out development of Government Gateway as an alternative to Verify, based on strategic, technical and contractual grounds saying that to change this service would involve ‘disproportionate and duplicative investment’. Government Gateway currently hosts 138 live public sector services, and the Gateway is being improved. GDS has not reassessed the cost and security implications of an improved Gateway service.”
On Verify, NAO concludes:
“It is not yet clear whether Verify will be able to overcome the limitations that have prevented its widespread adoption across government, or whether attempts to expand in other ways will be successful in encouraging departments to adopt it. Take-up and cost projections remain optimistic.”
One paragraph of the NAO report neatly summarises the challenges for GDS:
“Digital transformation has a mixed track record across government. It has not yet provided a level of change that will allow government to further reduce costs while still meeting people’s needs. GDS has also struggled to demonstrate the value of its own flagship initiatives such as Verify, or to set out clear priorities between departmental and cross-government objectives.”
Things are changing – that’s why Kevin Cunnington was brought in. The transformation strategy is intended to provide the framework within which GDS and departments can finally engage productively and collaboratively, without the in-fighting that has dogged them in the past.
But the NAO paints a picture of an organisation that is struggling to adapt as it moves away from being a startup-style digital disrupter, without becoming another example of the Whitehall silos it was created to destroy.
As the NAO concludes:
“GDS’s renewed approach aims to address many of these concerns as it expands and develops into a more established part of government. But there continues to be a risk that GDS is trying to cover too broad a remit with unclear accountabilities. To achieve value for money and support transformation across government, GDS needs to be clear about its role and strike a balance between robust assurance and a more consultative approach.”
Let’s start with the disclosure. I voted for the UK to remain in the European Union (EU). My reasoning at the time was that the EU is an over-bureaucratic, dysfunctional organisation that ought to celebrate the difference between European nations not attempt to homogenise them; its leaders are unaccountable and driven by a federalist ideology, not by what’s best for EU citizens. But the UK would be bonkers not to be a part of it – to be leading a process of change to make the EU everything it could and should be; that it would be economic suicide to leave.
Computer Weekly, reflecting the majority of our readers, came out in favour of remaining as well – a choice driven by the team here and feedback from our audience, not by my personal perspective.
But we’re leaving, and that’s that.
Brexiteers tell us to look on today’s invoking of Article 50 as an opportunity – and they might be right. The problem is that we just don’t know – until we see the outcome of the divorce negotiations, it’s impossible to say one way or the other.
The difference in opinion right now lies in whether you have faith in Theresa May and her government to finalise a relationship with the EU that is as good – or at least nearly as good – as we have now.
For the tech sector, that means easy access to skilled workers, open data flows, no tariffs, minimum red tape, common technical and data standards, access to the Digital Single Market, shared research and development, agreements on data protection, copyright and patents – and more. Basically, what we have now.
If you believe the prime minister can deliver all that – then Brexit is an opportunity, not to be feared. If she can’t – we have a problem. We can but hope the pro-Brexit crowd are justified in their faith.
Everything I hear from government insiders suggests that it genuinely wants to deliver what is needed to put the UK at the forefront of the digital revolution – which means delivering on what’s needed with the EU. We can but hope.
But there is little doubt in my mind that few of those leading the Brexit charge understand the context of the digital revolution and it what it means long-term for the UK socially, culturally and economically.
The last 20 years have given us a glimpse of how digital breaks down borders, ignores nation states, creates new global relationships and collaboration, empowers and enables education, generates innovation, delivers transparency and brings people of different cultures together around the world.
The process of societal change introduced by the digital revolution is in its very early days; it is unstoppable and inevitable, just as it was in the industrial revolution. Importantly, it is bigger than politics, and as such it will be resisted – ferociously at times – by the vested interests it threatens.
Those vested interests are largely the beneficiaries of the 19th century hierarchies that were created by the industrial revolution. The internet generation is networked; it rejects hierarchies and will eventually reform societies – well, most of them – on that principle. Tomorrow’s leaders will be part of the network, not apart from the network.
Digital law specialist and blogger Heather Burns wrote an excellent article outlining the complexities and challenges for the tech community from Brexit, but I disagreed with her on one important point. She says Brexit is “anti-digital” and calls it “an attack on digital culture”.
I can’t see that Brexit is a conscious and knowing attempt to prevent the digital revolution, as I think Heather implies. Instead, I see it as a symptom of the wider attempt by those vested interests to prevent or delay the implications of the digital revolution – an attempt that is mostly an instinctive, unconscious reaction to the changes they see taking place in the world around them; changes that threaten their worldview.
Donald Trump and his supporters are another symptom of the same backlash.
Decades from now, historians will explain the tumultuous changes in Europe and the US in the early 21st century in the same way history books now characterise textile riots in the industrial revolution. We use a 19th century word – Luddites – to describe people who resist the tide of digital change. Luddites were the textile workers who revolted against the effects of the industrial revolution. Today, the Luddites are the ones making decisions.
Then, the Luddites could not see or understand the wider changes going on around them, and the inevitability of that process. Today, our modern Luddites are not so different, even if they have greater power to try to delay it.
Brexit’s impact on the UK could last 10, 20 years or more – a generation. The impact of the digital revolution will last far longer and be more profound – a century, perhaps more. For all the amazing and life-changing innovations technology has delivered across the last generation, we are still at a point equivalent to walking in front of a new-fangled motor car waving a red flag to warn passers-by.
Artificial intelligence, the internet of things, bioengineering, genetics – these are in their infancy. Only yesterday we learned that a man paralysed from the neck down moved his hand by the power of thought after scientists bypassed his severed nerves and connected his brain to his muscles electronically. This is only the beginning.
The UK faces two years of uncertainty and division. At its end, we will know whether Brexit is an opportunity or a disaster. If negotiations are successful, its architects will be in power for years to come. If not, they will be consigned to the political scrapheap and the uncertainty and division will continue. It is not going to be easy.
But there is a bigger, longer game at play here, driven by the digital revolution – and it is unstoppable. At worst, Brexit will delay the inevitable. At best, it could accelerate it. We can but hope.
With the UK’s formal Brexit notification due on 29 March, heralding two years of uncertainty, the tech sector’s lobbying for consideration in negotiations with the EU is likely to intensify.
Two high-profile surveys unveiled this week document the challenges ahead, the risks and opportunities, as the government begins a process that will determine UK IT’s future role on the digital world stage.
The TechNation 2017 report, from startup support organisation Tech City UK, gave a positive, cheerleader’s perspective. It determined that the digital sector is worth £170bn per year to the UK, and is growing 50% faster than the wider economy.
The UK remains comfortably the favoured European destination for investment in startups, attracting £6.8bn in cash during 2016, more than twice the amount of the nearest competitor, France.
There is little doubt that tech has been one of the bright spots for the UK during the generally downbeat economic mood since the crash of 2008. The prominence of the digital sector in the government’s industrial strategy shows the recognition – long overdue – that technology is central to the UK’s future success.
But there was a more downbeat note from the Confederation of British Industry (CBI). The business support organisation noted that the UK’s research and development (R&D) spending, at 1.7% of GDP, is “well below the spending of many international rivals”.
The CBI called for R&D spend to be raised to 3% of GDP by 2025, with contributions needed from government and business, to secure the UK’s position as one of the world’s leading science and technology innovators.
The report set out a series of areas where improvement is needed, including public funding and incentives, culture and skills, collaboration, regulation and public services procurement.
The reason for a renewed focus on R&D was highlighted in the TechNation report, which noted a YouGov survey of 1,000 academics where over 44% said they know colleagues who have lost access to research funding as a result of Brexit worries.
UK IT is not along in its uncertainty over what the Brexit process will lead to. You can bet that our European friends and rivals will be eyeing the opportunity to move their digital sectors into any gaps left by the UK. Our industry will be looking for early agreement on EU nationals currently in the UK – who make up a sizeable group of IT employees – and for guarantees around data transfers between UK and EU organisations.
Everyone with a vested interest in the UK’s digital economy needs to make sure the government hears their voices, to secure the future of the great British tech success story