There’s a new UK government, one with a comfortable majority, and it’s clear it wants to use that advantage for radical change.
The new prime minister says the government has “a mission to modernise” in order to “renew our country”.
“The old arguments about government are now outdated,” he says, adding that: “We are modernising our schools, our hospitals, our economy and our criminal justice system. We are modernising our democratic framework”.
To do this, there will be “a new drive to remove unnecessary regulation”. Within Whitehall there will be “a new focus on delivery – asking every Permanent Secretary to ensure that their department has the capacity to drive through achievement of the key government targets and to take a personal responsibility for ensuring that this happens. Bringing more people in from outside and bringing able, younger people up the ladder more quickly”.
Furthermore, “We will deliver public services to meet the needs of citizens,” says the new plan, which aims to “develop an IT strategy for government which will establish cross-government co-ordination”.
It’s what we all expect now in 2020 from the new Conservative government. Except… All this came from Tony Blair’s Modernising government strategy, published in March 1999.
Yeah, sorry – you probably saw that coming. OK, let’s bring things more up to date.
There’s a new government, one with a comfortable majority, and it’s clear it wants to use that advantage for radical change.
“Revolution not evolution” is the buzzword. Departments are told to look for cuts and to eliminate unnecessary projects. “Government needs to move to a ‘service culture’, putting the needs of citizens ahead of those of departments,” we are told. Recommendations are presented to Number 10 that have “radical implications”.
There will be “a new central team in the Cabinet Office in absolute control of the overall user experience across all digital channels”. Note the phrase, “absolute control”.
There must be a new culture, to “challenge any policy and practice that undermines good service design”.
Soon after, the call goes out to recruit some of the very best and most talented individuals, with the encouragement that they will be helping to change the way that government works.
Yeah, I know. That was 2010, quoted from Martha Lane Fox’s report commissioned by then Cabinet Office minister Francis Maude, which heralded the creation of the Government Digital Service (GDS) and the drive for digital transformation across Whitehall.
So, here we are with a new government, one with a comfortable majority, and it’s clear it wants to use that advantage for radical change.
We’re told there are “profound problems at the core of how the British state makes decisions”. Government needs more skills in “data science, AI and cognitive technologies”. Number 10 is looking for “great software developers” to “work on these ideas, build tools and work with some great people”. Government wants to “to hire some very clever young people either straight out of university or recently out with extreme curiosity and capacity for hard work”.
Furthermore, “With no election for years and huge changes in the digital world, there is a chance and a need to do things very differently,” we hear.
You may have recognised these observations from Dominic Cummings’ rapidly infamous “weirdos and misfits” blog post that has been widely critiqued over the first week of the new year.
For all the Svengali-like commentary around Boris Johnson’s often controversial chief special advisor, is there really much that we haven’t heard before, in one form or another, in what he is saying?
Hey, he says – there’s a load of interesting new technologies that have come out in the last few years that we really ought to be making better use of.
The machinery of government is sclerotic and we need to make it easier to do things around here.
Let’s bring in a whole new load of engaged, enthused, talented young people with the promise that they will be able to really change the way the public sector works.
Sounds great – and very familiar – doesn’t it?
There is much to be cynical about in Cummings’ post, but no more than we were – and are – cynical about Blair’s ambitions, and Maude’s. We watched with fascination and sometimes with eyes half-closed from behind the sofa as GDS, especially during its early years led by Mike Bracken, attempted to break the mould (and indeed, the mold) of the Whitehall mandarin culture.
Someone once described the civil service as like a rubber ball. Press it hard enough and it will bend and change at will. As soon as you remove the pressure, it springs back into its original shape.
Nevertheless, we start what will perhaps prove to be another new 10-year cycle. Some of it sounds good and will work. Some of it sounds a little bonkers but is probably needed. And some of it won’t happen. But there is not much that’s really new.
One way or another, it’s going to be quite a ride – yet again – for those of us watching it.
There are not enough words to fully express the depth of scandal and outrage that should accompany the conclusion of the High Court case that finally and completely found that the Post Office Horizon IT system was to blame for accounting errors that destroyed the lives of hundreds of innocent people.
The judge, Justice Fraser, used just 177,211 words in his final ruling, every one devastating to the Post Office, which now stands revealed as an aggressive, arrogant corporate bully with few parallels. Despite Computer Weekly having been on the receiving end of a few of the organisation’s threats throughout our 10-year campaign, it gives me no pleasure to be able to write those words.
Innocent people were fined, sacked, made bankrupt or even imprisoned as a result of a decision made somewhere in the Post Office hierarchy to double-down again and again on its ridiculous assertion that Horizon was infallible.
Even in the statement from chairman Tim Parker after the final court ruling, the Post Office still went out of its way to point out that the judge found “our current Horizon system is robust relative to comparable systems” despite the criticism of its previous versions.
The suggestion that Horizon was flawed – much as every major, complex IT system contains flaws – was seen as an “existential” threat by the Post Office, fearing that control over its entire branch network would be undermined if postmasters believed they could not trust the system that ran their businesses.
Self-protection by an organisation owned by the public, took greater precedence than the wellbeing of, and duty of care towards, those members of the public who had chosen to become part of the Post Office family.
You don’t need to be an IT expert to know that it was always nigh-on impossible to substantiate the claim of bug-free perfection that lay behind the Post Office’s denials – described as “the 21st century equivalent of maintaining that the Earth is flat” by Judge Fraser. And yet, that’s what the Post Office insisted, again and again, for nearly 20 years, with no care or consideration for the people whose lives were damaged.
The judge has also now pointed a finger at Fujitsu, the supplier and developer of Horizon, raising questions over the evidence provided by Fujitsu staff that are sufficient to justify involving the director of public prosecutions.
But for all its culpability, Fujitsu should not be made the scapegoat. Someone, somewhere in the Post Office decided on this course of action, and many others supported and implemented it.
Computer Weekly agrees with the calls for a full judicial inquiry to reveal the whole, unadulterated truth of how the Horizon scandal unfolded. The executives who made those decisions should be exposed, and face whatever the appropriate consequences should be.
Perhaps I’m a cynic, but I felt it was unlikely to have been a coincidence that the £58m settlement between the Post Office and the subpostmasters was announced the day before the General Election, guaranteeing it would receive minimal coverage from national press and broadcasters the following day.
Successive governments have turned a blind eye to the Post Office’s vilification of its own subpostmasters, and the multimillion-pound costs run up in its pointless defence – this is a publicly owned organisation, let’s not forget. We now have a new government that remains distracted by other political priorities.
But we would join the campaigners and their longstanding supporter, Conservative peer James Arbuthnot, in calling for an official response from the new Boris Johnson administration, and the announcement of a formal, judge-led inquiry into a 20-year scandal created entirely by the Post Office’s own mistakes, arrogance and executive decisions.
Vilified then vindicated – victory for subpostmasters in Post Office trial shows risk of tech hubris
In 2004, Computer Weekly received a letter from Alan Bates, a former subpostmaster in Craig-y-Don, a coastal suburb of Llandudno in north Wales. It’s that long ago that the letter arrived typewritten on paper in the post – which was somewhat ironic in the circumstances.
The letter came four years after Bates wrote to his bosses at the Post Office to raise concerns about the Horizon IT system that he and other subpostmasters around the UK had to use to keep their accounts and manage the retail operations of their branches.
For four years he had been rebuffed, and his frustration was evident in his letter to Computer Weekly. “We have lost our investment and livelihood by daring to raise questions over a computer system we had thrust upon us,” he wrote.
“The core of our problem stems from our refusal to blindly accept liability for figures derived from the system without having full access to the system to check the data we have entered.”
He concluded with one of those statements that, with hindsight, seemed like the worst of premonitions: “I fully expect it to take a number of years to bring Post Office Ltd to account for what they have done to us, but we are determined to do it.”
That number of years proved to be 15. “Determined” was an understatement.
When Computer Weekly subsequently investigated, we found a long list of fellow subpostmasters whose lives had been turned upside down after being fined, sacked, made bankrupt or even imprisoned because of unexplained accounting shortfalls recorded by Horizon.
At every stage, the Post Office insisted its software was practically perfect, and could not possibly be responsible for the accounting errors. Victims – and journalists – were bullied and shouted down. Subpostmasters were branded as criminals. It took until 2009 before Computer Weekly had gathered enough information – and felt legally secure enough – to reveal the first stories of the affected subpostmasters.
“Horizon is an extremely robust system which operates over our entire Post Office network and successfully records millions of transactions each day. There is no evidence that points to any fault with the technology,” the Post Office told us at that time.
Fifteen years after writing to Computer Weekly – 19 years after raising the issue with the Post Office – Bates has finally been vindicated. After years of vilification, the 500 or so subpostmasters he has led and campaigned for have been awarded almost £60m in damages in a settlement with the Post Office. That’s as much trading profit as the organisation made in its last financial year.
Subpostmaster Noel Thomas from Gaerwen in Anglesey worked for the Post Office for 42 years. His problems started in 2003, when he discovered a deficit of £6,000. Further problems occurred in 2005, when the Post Office told him he owed £50,000. He was later convicted of false accounting, and spent his 60th birthday in jail.
Forty-year-old Lee Castleton was declared bankrupt in 2007 after he refused to pay the Post Office £27,000 caused by unexplained errors he blamed on Horizon.
Jo Hamilton, then 51, was only spared a prison sentence after local villagers organised a collection to pay her debt of £36,000. The Post Office had prosecuted her for theft and 14 counts of false accounting, but later dropped the theft charge.
Bates fought back after unexplained shortfalls in his accounts, and claimed in 2009 that the only reason the Post Office didn’t take him to court was because it knew there were faults with his Horizon system.
So, eventually, he took the Post Office to court.
Last month, the Court of Appeal rejected the Post Office’s application to overturn the judges’ verdict in the first part of a High Court case, that found the Post Office engaged in “oppressive behaviour” when demanding sums of money that could not be accounted for by subpostmasters. The verdict was damning. The Court of Appeal rejection was conclusive.
“There can be no excuse, in my judgment, for an entity such as the Post Office to mis-state, in such clearly expressed terms, in letters that threaten legal action, the extent of the contractual obligation upon a [subpostmaster] for losses. The only reason for doing so, in my judgment, must have been to lead the recipients to believe that they had absolutely no option but to pay the sums demanded. It is oppressive behaviour,” said the ruling.
The second stage of the trial, which examined in detail the functionality and robustness of Horizon, is due to receive the judge’s verdict on Monday 16 December. One can only assume that the Post Office has seen the writing on the wall and settled before its multimillion-pound bill for costs becomes untenable.
A new CEO at the Post Office, Nick Read, finally decided to accept the organisation’s responsibilities. The irony that drips from the statement from his boss, chairman Tim Parker, accompanying the settlement, echoes back over the two decades of Bates’ efforts:
“We accept that, in the past, we got things wrong in our dealings with a number of postmasters and we look forward to moving ahead now, with our new CEO currently leading a major overhaul of our engagement and relationship with postmasters,” said Parker.
Surely there must also be some reckoning for the previous Post Office executives who doggedly and ferociously pursed the subpostmasters and persistently denied their claims. “We got things wrong.” Indeed they did.
The subpostmasters have been vindicated, but not yet fully exonerated. The Criminal Courts Review Commission has been examining around 30 cases, and was waiting for the result of the group litigation that has now been settled. Justice must, finally, be served.
For anyone with any knowledge of large-scale, complex software development programmes, the Post Office’s insistence that because Horizon worked in the vast majority of cases, it must therefore be infallible, was always absurd.
All it takes is an undetected, unrepeatable problem – user error, a power spike, a momentary hardware glitch, coffee spilled on a keyboard – and something can go wrong. The entire software industry operates on the assumption there are always undetected errors and puts in place comprehensive bug programmes and regular software updates. It was never possible that Horizon was so perfect as to be correct every single time in the many millions of transactions it recorded – especially when hundreds of its users were small business owners with little IT knowledge and, in many cases, insufficient training or support.
On such technical hubris has the Post Office now, at last, been conclusively damned. Computer Weekly sends our congratulations to Alan Bates and his many colleagues for their victory.
When Computer Weekly set out to compare and analyse the tech and digital policies in the major political parties’ manifestos for the 2019 General Election, the article extended comfortably to nearly 5000 words, and could easily have been a lot longer.
Even as recently as the 2017 election, we would have struggled to find as many as 5000 words about technology in all the manifestos put together. This year, when the Labour Party announced its proposals for free full-fibre broadband and nationalising of BT’s network, it dominated the national news cycle for an entire weekend.
Nobody is going to decide who to vote for based on digital policies alone, but there’s no doubt that tech has finally become fundamental to the plans of whoever forms the new government. “At last,” we should all say.
One outstanding question remains, though: do the parties actually understand what their tech commitments mean?
For example, it’s easy to say, as the Conservatives have, that they will roll out full-fibre broadband for everyone by 2025. Talk to the industry and they say it’s almost impossible – there simply aren’t enough telecoms engineers in the country to complete installation in that timescale.
Every party talks about introducing new measures to tackle online harms, but we’ve been talking about that for years already, teasing the big internet firms with threats of regulation, but nobody has worked out what to do yet. Making a manifesto commitment doesn’t come with a Damascene revelation about how to make online regulation work.
Similarly, skills shortages and the problems in IT education have been discussed for more than a decade. Another manifesto promise isn’t going to solve them overnight.
Still, we shouldn’t grumble too much. Better the proposals are there, than not.
But what this does mean, is that the digital and tech community will need to step up and guide, assist, cajole, encourage, berate and educate the next government about what to prioritise and how to go about it.
The first test should be to gauge how serious the political promises are – let’s see some concrete plans, some leadership, and the resources needed. And then the UK’s tech leaders need to put aside their competitive differences and come together to hold the government to account – suppliers, CIOs, small businesses, investors, startups, IT professionals, and all their representative bodies share the responsibility for ensuring the government delivers. We at Computer Weekly will do what we can to help.
The challenge for all of us is to cut through the politics and deliver the growing digital economy upon which the whole of the UK will rely in the years to come.
Every year when Computer Weekly announces its UKtech50 list of the most influential people in UK technology, it’s an opportunity to look at what the names that feature tell us about the latest trends in the UK tech scene. This year, as the tenth outing for UKtech50, it’s also a chance to reflect on the changes across a decade of influential individuals.
For 2019, two aspects stood out. First, 46% of the leaders on the list were women – the highest proportion ever. In 2010, there were just seven women – 14%. Computer Weekly has campaigned long and hard for greater diversity in UK IT and it’s both rewarding and extremely pleasing to see that so many great female leaders are finally breaking through the long-established glass ceiling in IT.
What’s more – half of the top 10 this year were women. When we started, the top 10 was all male. Let’s hope we can get above 50% next year.
Second, the 2019 list shows the dramatic rise of artificial intelligence (AI) as a cornerstone of the UK tech sector. Ten of the top 50 are directly or indirectly involved in AI, and many others are working with AI technologies in their organisations. The winner, Demis Hassabis, CEO and co-founder of Google-owned DeepMind, is a true pioneer in AI and his company is recognised as a global leader. Perhaps 10 years from now we’ll be using an AI to help select the top 50.
Looking back 10 years, it’s not only the gender and technologies that have changed. Only one person featured in the first and tenth list – Google’s Matt Brittin, then as the company’s UK CEO, now as its European president. Many job titles continue to feature even if their incumbents have changed – CIOs at Unilever and Transport for London, for example, as well as leaders in government IT. Also CEOs of BT and other major UK tech suppliers.
The first ever winner of UKtech50 was Philip Clarke, who had just been promoted from CIO at Tesco to become its CEO. At the time he was seen as a breakthrough appointment – the first time an IT leader at a top UK company had made it to the chief executive’s seat. That didn’t work out so well. It’s still all too rare to see IT leaders following such a career path – but equally, it’s true that CEOs are more aware of the strategic importance of technology than ever before.
Ten years ago, cloud was in its infancy, AI was a distant dream, and we all still thought smartphones were amazing, just two years after the launch of the iPhone. What will we think in 2029 for the 20th UKtech50? Hopefully, for one of our young readers today, we’ll be recognising them as a new winner who embodies the biggest technologies of the decade ahead.
So, the Labour Party wants free full-fibre broadband for all, and to nationalise Openreach. Cue bedlam on social media as the telecoms industry slams the proposals and the Conservatives scream, “Marxism! State aid! Fantasy economics!”
There was more debate on Twitter alone about the UK’s national telecoms infrastructure in the 12 hours after Labour’s plan was announced, than there has been across the country for the last 12 years. Excellent – that can only be a good thing.
It’s incredibly unlikely Labour’s promise will be fulfilled, but they should be credited for sparking a discussion that should have taken place long time ago, about how to build a digital infrastructure for the 21st century. That doesn’t mean asking, how do we get better at what we already do? That’s the dull, repetitive conversation going on for the past 20 years. It means having a radical rethink of how to support a digital economy for the next 50 years.
But let’s just take a step back and look at some context. First, where we are now.
The UK could and, arguably, should already have a national full-fibre broadband network. That we don’t is down to a mix of Tory ideology, free-market capitalism and – counter-intuitively – a lack of competition in that free-market economy.
BT wanted to start building a fibre-optic network in the 1980s, but prime minister Margaret Thatcher wouldn’t let it happen, fearing that the investment required would prevent a competitive telecoms market developing after BT was privatised. As a result of that decision, a competitive telecoms market failed to develop for 20 years.
When genuine competition did come, it was only around consumer broadband and telephone services. If you didn’t want either from BT, you could go to Talk Talk, Sky or one of several smaller providers. Of course, you were still buying from BT, since most of those ISPs simply resold the BT network.
There was, briefly, a competitive market in cable telecoms, but that quickly consolidated into what is now Virgin Media.
BT was eventually dragged, kicking and screaming, into easing its near-monopoly through what was known as local loop unbundling – basically allowing other ISPs to install their own network equipment in BT telephone exchanges so they could control the “last mile” connectivity to individual premises. It was a big thing at the time, but it hasn’t really changed much.
The benefit from a consumer perspective was that you had lots of ISPs to buy your broadband from, depending on price and customer service (which remains highly variable).
But there remained zero competition at the heart of the telecoms industry – the bit that really matters for building a 21st century digital infrastructure – and that’s in the core network, known in the industry as the wholesale market. If you wanted to buy access to a national broadband network to sell services to consumers, you still had to go to BT. Virgin Media has resolutely avoided entering the wholesale market.
The UK limped along for years, with a structure that allowed for a constructed and heavily regulated form of competition at the consumer level, but an effective monopoly when it came to long-term investment in core infrastructure. It was simply too easy for BT to sweat its copper assets for as long as it could, and so that’s what it did.
Eventually, BT was dragged kicking and screaming (sound familiar?) into upgrading the local loop to deliver fibre to the street cabinet, without touching the copper last mile to the premises. This move only came about after years of regulatory pressure from Ofcom and the promise of government seed-funding for the hard to reach areas where BT said it wouldn’t be able to make a profit.
Today, we talk about moving to full-fibre broadband only because BT has been dragged kicking and screaming (anyone spot a pattern?) into installing fibre to the premises, thanks to pressure from Ofcom, government funding, and the growing influence of ISPs. All the while, BT shareholders have generally done very nicely thank you.
The only reason Labour can talk about nationalising Openreach, is because BT was dragged kicking and screaming (no!) into separating its local loop business into a standalone subsidiary, tasked with creating a level playing field for consumer services between all ISPs including BT.
So, with the exception of the Virgin Media network, we already have a monopoly local network infrastructure provider, that is owned by BT ultimately for the benefit of BT shareholders.
In the last five years, we’ve seen for the first time the emergence of alternative network providers, such as City Fibre and Hyperoptic, largely funded by private capital, which are targeting areas where BT has so far declined to invest in fibre.
So what does this all mean for Labour’s proposals?
For a start, Labour has massively underestimated the cost of nationalisation combined with offering free broadband for all. The National Infrastructure Commission has estimated a cost of about £33bn to build a nationwide full fibre network by the current target of 2033, which Openreach is largely funding itself. Of course, that funding assumes Openreach is still charging for broadband too – with no consumer broadband income, the overall costs would increase significantly.
Free broadband makes for good retail politics, so it’s likely to be popular on the doorstep, and ideologically pleasing to Labour’s base. But it’s very unlikely the proposals will happen. It would need Labour to win a significant majority in Parliament, for a start – which the polls suggest is unlikely. And it’s too controversial and costly to get through for a minority government.
But let’s not ignore it. Already the Labour plan has stimulated some fresh thinking – this blog post by the chief engineer at fibre installer Gigaclear, for example, which discusses an alternative model based around franchising that could deliver a basic free broadband service, a national infrastructure provider, and without having to nationalise Openreach. And here’s another, from former BCS policy director David Evans. There are other possibilities too, that are worth serious discussion without constant heckling from the “we can’t do that” brigade.
What about a minority public stake in Openreach, to use that investment to fund some form of basic free offering?
What are the economic opportunities and the potential for foreign investment in a country where every home and business has access to free internet?
What are the social benefits of such a move? More people working from home; better work/life balance; less commuting (thereby freeing up public funds otherwise needed for road and rail upgrades); less climate-harming long-distance travel thanks to video conferencing and online collaboration; more money going to the local high street because more people work at home; brownfield sites freed up for affordable housing because businesses don’t need so much office space. Maybe we could even scrap HS2 and use those funds to deliver free gigabit broadband to everyone?
If you put aside the current structure of the UK broadband sector, doesn’t the idea of a basic free broadband, from a national utility provider, seem like a sensible consideration if we want to be a global digital leader? It’s easy to say it can’t happen, but if we were starting from scratch, might that be seen as the right answer? Just because the UK has ended up with a messy and complicated broadband market doesn’t mean we have to stick with it to please vested interests, if we can yet build something better.
Labour’s broad and unspecific proposals also won’t work because they raise too many tricky questions, such as:
- What happens to Virgin Media and other ISPs, as well as the startup fibre builders? Most could be put out of business. Third-party investment in telecoms infrastructure would dry up.
- What about telephony? Currently, you can’t have BT broadband without a BT landline and phone service, when more and more people don’t use a landline. Would Labour nationalise the fixed-line phone service too?
- Where does the nationalised network begin and end? Openreach only looks after the last mile – the entire broadband network runs across BT’s core backbone network, which is also used as backhaul by mobile operators as well as thousands of corporates. Does that mean Labour’s British Broadband operator has to buy all its backhaul from the un-nationalised remnant of BT? Surely that’s a private sector monopoly?
- What about BT’s pension fund, which has been a huge financial drain on the telecoms giant for years? Would a Labour government have to take that on for all Openreach staff?
- Feel free to add your own.
In summary, Labour’s proposals won’t be implemented. But they do highlight the opportunity for a radical rethink of the UK’s telecoms infrastructure, and that’s a debate we should be having.
After all, when you think about it, and try to put politics aside, free basic fibre broadband for everyone is actually a pretty good idea. Let’s not dismiss it just because it doesn’t suit the way the industry works today.
IT employers must recognise benefits of flexible workforce and not hit contractors over IR35 reforms
For any IT professional who has managed to make a living as a contractor for the past 20 years, the acronym IR35 must be like a crucifix held up to a vampire. The tax reforms were considered controversial when first introduced in 2000, and now – just when you thought you’d got used to how it works – the taxman is nailing two pieces of wood into a cross once more.
Let’s recap: IR35 is designed to prevent individuals who work in much the same way as a regular employee from unfairly reducing their tax burden. It’s common practice for contractors to set up a company with one employee – themselves – and charge clients for their time through that company. As a result, they avoid PAYE by paying themselves a nominal wage and earn an income by taking dividends as a director of the company, which accrues tax at a much lower rate. But they miss out on benefits such as National Insurance and pension contributions, holiday and sick pay.
Generally, this is seen as a fair exchange – the contractor takes extra risk and so earns more money, while the organisation that procures their services pays more than they would to a salaried employee but without the added costs and can terminate their services at short notice if needed.
IR35 effectively says, this is fine as long as you are not working exclusively for one company, long term, in a job that would otherwise be done by a regular full-time employee, in which case you should be taxed on PAYE and receive employment benefits. Contractors that work for multiple clients are considered outside IR35.
Now, the administrative burden of IR35 is shifting from contractors to the organisations that hire them. HM Revenue & Customs (HMRC) reckons that too many contractors are claiming to be outside IR35, when in truth they are “inside” IR35, and as such are avoiding tax to the tune of £1bn-plus every year.
The reforms have already hit the public sector, and affected thousands of IT contractors, as well as delaying important digital government projects. In April 2020, it hits the private sector too, and employers will have to certify whether or not any contractor they use is IR35 compliant.
For big firms, such as banks, which use thousands of contractors, this will be too much of a burden, and already those companies are reviewing policies to avoid that administrative overhead. Contractors face a choice of becoming employees, with a consequent drop in income, or working for umbrella companies such as recruitment agencies, which will take a cut of their fees.
Contracting is potentially a rewarding move, but it’s also high risk. Contractors are first out the door when budgets are cut. But they also bring great flexibility for IT departments, and especially now when skills shortages threaten to derail digital transformation initiatives.
Contractors claim that HMRC is being heavy handed and unfair, saying it is inevitable that employers will take the easy route to the detriment of freelance workers. Some claim the reforms will backfire, as contractors’ reduced income means the overall tax take will be less anyway.
In uncertain economic times, employers value a flexible workforce, and the agility to respond quickly to business change. Contractors willing to risk the job insecurity offer that – and as such this protects the full-time workforce from the vicissitudes of business. As the private sector reviews how to manage its contractors, they must keep the benefits of that flexibility in mind and not punish contractors for the added complexity demanded by HMRC.
As Computer Weekly readers will know, there are many great reasons for working in tech – it’s fast-moving and creative, it’s changing the way we live and work, and mostly it’s well remunerated. Feel free to add your own.
But IT can also be a highly pressured environment – running critical systems that support huge flows of cash, govern the movement of goods we all rely on in our daily lives, and sometimes even help to make life or death decisions.
And all too often in these strange and troubled times, IT professionals are expected to do all this while under-resourced, over-worked, and to the detriment of their work-life balance.
Mental health is increasingly talked about as a societal issue, but it’s not one that’s had much focus in IT. It’s unsurprising, therefore, to learn that as many as one in five IT professionals have expressed mental health concerns as a result of their work.
A Harvey Nash survey of more than 2000 UK IT workers highlighted problems around excessive working hours as a result of skills shortages, as well as lack of flexibility, and job insecurity.
IT staff are no longer hiding away in a dingy back office staring at screens trying to keep the lights on. They’re on the frontline of business and government, running websites and payment systems and monitoring the security of applications and data that can be under constant attack.
It’s too easy to dismiss all this as part of a stressful but well-paid career. More than four in five IT professionals are male, often more on the introverted end of the personality spectrum, and perhaps less inclined to talk about their feelings and worries in the workplace.
IT still has a worrying lack of diversity, so if you don’t fit the white, male stereotype, then a lot of women and minorities that work in the sector have to deal with their own unique stresses until the sector tackles this problem and becomes more genuinely inclusive.
Nobody in a leadership position in tech should take for granted the mental health of their workforce. Any decent employer will know they have a duty of care to their staff, but how often do IT leaders discuss mental health issues with their teams? Probably not that often.
IT is playing an ever more crucial role in business and society, and it’s time that we all took more consideration of what that means for the health, wellbeing and productivity of the people who work there.
Mental health is a very real issue in technology, and IT leaders must actively seek ways to address the concerns of their teams and to create an environment that allows everyone to achieve their full potential and capability.
Prime minister Boris Johnson and his controversial special advisor, Dominic Cummings, are “secretly” working on a plan to gather citizen data from across Whitehall to be used for targeting communications to people in the run-up to Brexit, according to a report from Buzzfeed News.
Computer Weekly sources have confirmed that Cummings and Number 10 have taken a particular interest in how Gov.uk Verify – the government’s troubled digital identity scheme – could be used to facilitate such a move.
Rumour has it that the Government Digital Service (GDS), which develops Verify, has not been unenthusiastic about an idea that could help to establish Verify, even as its support dwindles elsewhere.
Could such a plan work? If so, how? And is it legal? Below is an entirely speculative theory, but could it potentially happen? If anyone reading has further insights that add to or contradict any of this, I’d be happy to hear from you.
Let’s put aside the legal issues for a moment, and examine the technical infrastructure.
So, you visit a Gov.uk page, and a cookie is dropped that can identify to GDS the device / browser you used, and also to the department that runs the service you accessed, such as tax accounts or Universal Credit.
That cookie doesn’t know who you are – only that this browser has been here before. GDS uses Google Analytics to understand how people are using the website – pretty standard practice for any website (ComputerWeekly.com does this too).
This can tell No.10 what pages, and therefore what topics, are being read the most. Cookies are also used by commercial websites to target online advertising to returning browsers / users. Gov.uk does not run ads, but in theory it would be possible to pop up an advert for a government service, or for the “Get ready for Brexit” promotional campaign already underway.
Then there’s Verify. For all its problems, Verify now has nearly five million registered accounts. The system was designed with privacy in mind – part of its core rationale was to avoid the creation of a central identity database. Verify was created partly in response to the scrapping of Labour’s ID Cards programme – it has, since then, been politically unacceptable to create a citizen identity database, whether by stealth or virtually.
When you create a Verify account, all the data you provide is retained by a third-party identity provider (IDP), and not by the government service you wish to access.
However, when you access that service, the IDP provides a unique identifier to the relevant Whitehall department – which cannot be used to derive any personal information. But it also sends across a set of basic attributes – name, address, date of birth as a minimum – solely for the purpose of matching the user to data already held by the department.
For example, if you’re checking your tax records, HM Revenue & Customs will use those attributes to make sure you are the correct John or Jane Doe for which it already holds a record, so you don’t end up looking at someone else’s financial details.
The Verify data policy states that “You must not use the user attributes for anything other than matching. If you do, you may be in violation of the General Data Protection Regulation.”
Note, “may” not “will”.
It’s therefore technically possible to match a Verify user with the Gov.uk cookies on their device – which means No.10 could derive who is reading which web pages, for up to five million citizens who use Verify.
Once more putting aside the legalities, it would be technically possible to further match the information on who you are and what you’re interested in, with social media data to allow targeting of adverts on Facebook, for example.
That’s still “only” five million people.
GDS has a stated objective to achieve 25 million Verify users by 2020 – a figure that’s been recognised as over-ambitious. There have been attempts in the past to mandate use of Verify for digital identity across government, but these have been resisted. Could a more aggressive approach from No.10 overcome that resistance?
There are rumours that GDS wants to overcome negativity towards Verify by instead mandating that any Whitehall identity schemes conform to a standard called GPG45, upon which Verify is based. Presumably, the hope is that most departments would find that the only GPG45-compliant system available to them in the short term happens to be Verify.
That’s not going to change much between now and 31st October when the UK is currently due to leave the EU, but the Buzzfeed report refers to “a digital identity accelerated implementation plan”, and the prime minister has told departments to “to engage in that work urgently”.
Could Brexit, Boris Johnson and Dominic Cummings yet save Verify?
There are, of course, legal restrictions over data sharing, even between government departments. GDPR is relevant, but more pertinent is the Digital Economy Act (DEA) of 2017, which governs the circumstances under which public bodies can share data.
There are valid reasons for inter-departmental data sharing, which are set out in the Code of Practice for public authorities disclosing information, which is part of the DEA.
“Public service delivery is changing, due to increasing acknowledgement that services are more efficient and effective when they are joined up. Joining up services requires the sharing of information,” says section 55 of the code.
“The Digital Economy Act 2017 creates a mechanism for establishing clear and robust legal gateways which will enable public authorities to share relevant information on the individuals and families they are working with in compliance with the data protection legislation. The primary purpose of this power is to support the well-being of individuals and households.”
A number of situations are included in the code, relating to areas such as fuel and water poverty, debt recovery and fraud.
But the Act sets out the principles and processes for establishing new areas where data sharing can be justified – these are tightly controlled and require approval from Parliament, publication of a privacy impact assessment, and must be listed on the public register of information sharing agreements. There are currently 38 records in the register, mostly involving local authorities seeking data to help reduce council tax debt.
In theory, therefore, there is a mechanism to establish legal data sharing of internet activity data between departments – but it’s onerous, time consuming, and needs scrutiny and approval.
“The public service delivery power gives you the ability to gain access to the data you need to respond more efficiently and effectively to current and emerging social and economic problems. The power allows ministers in the UK government to set objectives in regulations,” says the code of practice.
If you can make the argument that Brexit is an “emerging social and economic problem,” it may just be possible (although proroguing Parliament doesn’t help).
What other sources of data might exist?
Let’s say you were one of the six million people who signed the online petition to revoke Article 50 and remain in the EU, or one of the 1.7 million who similarly petitioned against Johnson proroguing Parliament.
The e-petitions system collects and retains for up to 12 months your name, email address, postcode, the country you live in, and the IP address you use when starting or signing a petition.
Presumably, if you petitioned to revoke Article 50, then government policy on Brexit will be “relevant” to you – and this time they have your email address too.
Of course, it’s not as simple as that. Online petitions are run by Parliament expressly to demonstrate that the data is not being collected by or for the government. This is governed by a cross-party committee that has in the past pushed back hard on any attempts to use the data for any other purpose.
Given the current state of UK politics, it must be unlikely the committee would accede to requests from the government to access that data for Brexit-related purposes.
But nonetheless, it’s technically feasible. The only question is how far any prime minister or their government is willing to push the boundaries of political convention and legality to get access to all that data.
The Government Digital Service (GDS) has published details of the planned pilot project for opening up passport data to companies that wish to offer digital identity services.
GDS recently held a briefing for organisations that wish to participate in the forthcoming private sector trial of the Document Checking Service (DCS) that was first developed to support Gov.uk Verify, the government’s troubled digital identity scheme.
The briefing was attended by a variety of identity providers, standards bodies and suppliers, along with private sector firms – including IAG, the parent company of British Airways, according to sources.
The details of the pilot have caused a degree of consternation among some of those present, although GDS has asked for feedback on its proposals, so the plans may yet be revised.
The stated objectives for the pilot are:
- To test the industry demand for checking information given by a user against government data sources;
- To understand the different ways that organisations could use digital passport checks;
- To test the technical design that would make these checks possible;
- To capture consumer interest and experience of these checks, and perception of this use of passport data;
- To understand if this is commercially viable, for the government and the organisations taking part.
The pilot is intended to operate as follows:
The service offered is for a simple yes/no digital check as to whether a passport is valid, through an API request. Participants are told that they “must only check passport data to prevent or detect crime” and must obtain explicit consent from users for their passport data to be processed in this way.
The passport data check can only be used as part of a wider service – participants are not allowed to develop a service solely for checking passport validity.
That lack of service flexibility will be a concern for some interested parties.
The pilot will begin in April 2020 – after the time when GDS hands over Gov.uk Verify to the dwindling number of identity providers (IDPs) still supporting the service – and will last for up to 12 months.
The trial will be limited to a maximum of six million passport data checks, and the number of simultaneous checks will be throttled, presumably to prevent overloading ageing IT systems at the Passport Office. Companies must submit applications to take part, and specify the minimum and maximum number of passport checks they will make during the pilot.
The six million checks threshold may be too limiting for some. In Australia, a country of about 25 million people, a similar passport checking service attracts over 80 million checks per year.
Participants must conform to a series of legal, technical, security, data protection, records management and personnel checks by GDS, accept audits and demonstrate compliance to GDS’s satisfaction.
Perhaps controversially, participants will have to pay £15,000 up front as a one-off fee for access to the DCS. Each passport check will cost 50p.
It’s worth remembering that GDS has been told by HM Treasury it cannot spend any further money on Verify after March 2020, so it seems that, effectively, the pilot will be funded by the companies that take part.
I’m told there are mixed feelings about the up-front cost – some think it will deter smaller companies or startups, others think it’s not unreasonable but it would be a problem if it became an annual fee for DCS access after the pilot.
One source described the pilot details as a “starter for 10” at best – not awful, but not great. Others feel the limits on volume and data use are too restrictive – hardly an example of opening up a digital identity market that would grow the UK’s digital economy.
There is also no guarantee that the pilot will be taken forward into a live service – which makes developing a business case difficult.
There are also grumblings about the fact that existing Verify IDPs that already have access to DCS for online public services, had their development costs funded by GDS – but everyone else has to stump up £15,000 just to be in the game.
The pilot will only offer passport data checks – and not driving licence checks which are available through DCS for Verify IDPs. DVLA is believed to have refused to take part in the pilot.
Perhaps the most telling observation though, is that the information pack about the pilot that is being sent to interested parties – a detailed 15-page document that outlines the requirements for taking part – does not mention Verify even once.