Da Vinci Does Data

Standing before the Virgin of the Rock (well, actually, facing one with another behind), I was quite struck by how much data Leonardo left behind. We have his finished projects (in varying states of repair), prototypes, cartoons, unfinished work and numerous clones/copies or homages by students and followers. We have enough that when we see another painting that might be Leonardo, the experts can debate for ages whether it is or isn’t, claiming various “facts” by reference to the existing body of data.

Two things flow from that for me.


Someone should write the Da Vinci guide to IT with chapters to include: practice lots first, prototype everything, freely licence your work, break projects into sensible chunks, reuse what others have done, careful with plaster, train youngsters in your work, don’t be afraid of new methodologies … And more


How much data will we leave behind, individually, for discovery 500 years from now? Much of my electronic data is already lost – on countless 5 1/4″ and 3 1/2″ discs, or on zipdrives or on machines long since destroyed at companies I’ve long since left.

But in the last few years, increasing amounts of data are stored in “free” repositories such as Facebook and Gmail. How long will they keep my data? Not so much as “on the Internet no one knows you’re a dog” but “on the Internet no one knows you’re dead”?

As data grows following an inexorable rise from petabytes through exabytes to zettabytes and whatever comes after that, what will these companies do with the data? Prune it every 20 years? Every 50? Every 100? Surely they have to at some point? Assuming they’re still around anyway.

I was toying with the idea of writing a script that would activate when I’m gone (note to self … On the Internet ….) and write a random weekly post to my blog, which is kindly hosted by google. Would they prune my data then?

Already I see the ghosts of friends who died tragically young follow me around the ‘net – “people you used to know” perhaps. As I get older and assuming I stay sane, this will doubtless become more common.

In 200 years or more, the data we all leave behind will be an interesting archaeological source for how we lived our lives, our passions and fashions, our moods, tolerances and intolerances. If it’s still there.

Apple and Pears

Several meetings in the last month have talked about how the new IT that will result from recently launched strategies will delete the need for training.

The conversation usually starts with someone saying that they didn’t need to read the manual for their new digital camera, or someone pulls their iPhone out of their pocket and says “my 5 year old figured out how to use this with no manual”. Inevitably someone says “we should do it the Apple way.”

This is potentially dangerous. At one level it’s right – “how” a system or, dare I say, App works should be obvious to anyone looking at the screen.

But what it does and why it does it will still need training or guidance. Taking a picture or making a call isn’t nearly the same as assessing eligibility for benefits or figuring out the right dose of medicine to give a patient or evaluating the risk of an offender and probation viability.

The App can hide the complexity of much of what needs to be done but the App alone cannot remove the need for the user needing to know what happens when they press “commit.”

Mind you, I had to read the manual for my new camera. And yet, still, for every 500 pictures I took, perhaps one or two were worth keeping. I need some training.

Disintermediating the Monopoly

… The Government Gateway is dead … long live the distributed hub, the attribute providers and the identity providers … 

Monday’s “Ensuring Trusted Services with the new Identity Assurance Programme” or #ETSIAP as it became on Twitter was a useful catch up on where things have got to.  Disappointingly, for me at least, it didn’t really say precisely where they were going – though there was a clear direction of travel – or, more importantly, when exactly.

HMRC’s Joan Wood said that the business case for a “new hub” to be procured and to replace the GG in HMRC would go forward in April 2012 (Joan, who I worked with at the Inland Revenue and who was a key customer of the Gateway in its early days, is only 3 weeks into a new job, yet still had plenty of insight into the challenges ahead); and DWP’s Steve Dover was firmly of the view that Universal Credits would be delivering in April 2013, complete with authentication provided by the IAP (or possibly by their own procurement that would operate in line with IAP). The Gateway’s support contract has just, I gather, been extended through 2014 – something that may provide a useful contingency plan given that the original concept and design around the Gateway was to provide exactly this distributed capability.

The direction of travel, then, is that Government will now buy its identity verification (and perhaps  its mapping of that identity to the various government services) from (potentially) many providers. Francis Maude, Cabinet Office Minister, announced that £10m had been earmarked to staff the IAP (and Mike Bracken went on to say later that this would cover 5 workstreams through to 2012/13 which I took to mean March 2013).

This is a change from current practice, though not actually new thinking. Professor Brian Collins, who chaired the event, said that he had worked on such thinking in 1992. I. in turn, ran the Government Gateway team from 2000 to 2004 when this thinking was at the centre of what we were trying to do.  We even got at least a little bit towards that with the digital certificates issued by 3rd parties, though that was an idea ahead of its time and its ability to be implemented.

The current practice is largely that government has a monopoly on both your identity and how you match your identity to a government service.  Whilst it’s a monopoly, it isn’t actually done through a single route – the Government Gateway certainly handles a lot of transactions but it doesn’t, for instance, handle tax disc renewals, much of what DWP offers online or the bulk of local authority transactions.  The change, then, is that private sector entities will be able to offer an identity service (and perhaps a hub that will match identity to service) and offer that to government.

Right now there isn’t a commercial model defined that would allow anyone to assess the value of that market.  That is, there isn’t a known pipeline of transactions that will require authentication (or a commitment that only this route will be used in the future) or an assessment of the price that government would be willing to pay for such identity mapping (which would, somewhere along the line, have to address the risk of a false identity being guaranteed).

Mike Bracken went on to talk about a network of trust – using a series of low value transactions to build up a trusted identity.  He used the example of the fishing licence – something that doubtless still raises the hackles of those who were around for the first iteration of online services.  This is another transaction that has its own identity engine – especially if you set up an account so that you can easily renew your licence each season.

When we first floated the network of trust concept, we called it the “Green Shield Stamps” theory of identity – you carry out progressively more significant transactions by working up a pyramid of trust; over time your online persona is highly trusted. We had two theories on this – one was that there was a pyramid of trust between relying parties, and two that there was a pyramid of transactions that themselves generated trust (so to use Mike’s example, if you have bought a fishing licence and sent your self assessment return in, then maybe you can claim some benefits, and if that works, you claim tax credits)  There was much resistance then, in 2003, but no reason why that resistance should still be there (there wasn’t really good reason for it to be there in the first place).

With the Cabinet Office getting behind the IAP – and, by the sounds of it, resourcing it for the first time in its current incarnation – there is great potential, provided things move fast.  One of the first deliverables, then, should be the timetable for the completion of the standards, the required design and, very importantly, the proposed commercial model.

The important thing about the timetable is that if HMRC and DWP are going ahead with implementation as soon as 2013, IAP needs to have provided all of the framework and information long before that date  – perhaps a year ahead of it – so that providers have time to put together the necessary capability/platform.  The alternative is that DWP or HMRC do what they need to do and the result is either a solution where the first one or two solutions are subsidised by the two largest departments or, worse, a solution that works for those departments but not for anyone else.

The thinking behind the Cabinet Office approach is that private sector companies – perhaps the banks, the credit agencies, maybe BSkyB, Tesco or the Post Office will provide these identity services not just for government transactions but for any and all transactions – whether that be Facebook login, checking your Tesco ClubCard points or seeing if your pay check has hit your account.  Francis Maude, to wry laughter, noted at the event that he had two dongles for accessing his two bank accounts within the same bank (HSBC if you’re interested).  I wasn’t sure if he was suggesting a future where we might have a single dongle for everything (he was certainly not suggesting that was the only route – the slides from Dave Rennie were clear that it would be an individual choice regarding how much joining up was allowed, with the ultimate sanction being to use multiple identity agents for multiple services).

Whilst plenty of hard work has doubtless been done, the real hard work is in the next few months.  There were many people in the room who were around when I was running the Gateway – the denizens of the Liberty Alliance, BT URU and so on were all there – and, whilst their thinking will be important, new thinking will also be needed to get this off the ground, get it widely used and get it delivered at a price point that makes sense for all of the players.  Again, the commercial model by which this will work is a critical early deliverable.

I am looking forward to seeing how this plays out and to playing a role, again, in the development of the route to secure identity within UK government and perhaps more widely.