It is secret because it is EVIL

August 4th, 2007

ID cards – some of the main corporate beneficiaries so far

Some in the IT industry are concerned about facets of the ID cards programme: the costs, the lack of a robust business case, and uncertainties over how well the technologies will work when applied to millions of people.

But not everyone is complaining. Indeed a by-product of the government’s decision to award a plethora of contracts under the ID Card scheme is that parts of the IT industry have signed up to non-disclosure terms, which has reduced significantly the number of cognoscente who could speak openly about the scheme even if they wanted to.

These are some of the organisations and individuals that have won contracts so far under the Identity Cards scheme …

PA Consulting (in part including Electronic Commerce Associates Ltd.) Approx £29.5m to £33.5m
Capita Resourcing – up to £5m
Field Fisher Waterhouse Appox £1.1m
Atos Origin IT Services UK Ltd – £1m+
Parity Resources – up to £1m
Glotel Technology – up to £1m
Sirius consortium (Fujitsu Services Ltd and Global Crossing Ltd and PWC) – £184,000
CESG Communications Electronic Security Group – £140,000+
Veredus London — £135,000+
Ernst and Young – £111,000
Partnerships UK – £93,000+
KPMG – £90,000+
Cornwell Management Consultants – £48,000
Shreeveport Management Consultancy – £43,000+
Sigma – £37,000+
The Metropolitan Police – £35,000
Axon Group Plc – £29,000
Excel Recruitment – £20,000
Whitehead Mann Ltd – £17,000
Alan Hughes – £16,000+
Office of Government Commerce – £12,000
Abbey Consulting – £4,000
Interleader Ltd – £2,000

Contracts worth up to £500,000

Adecco UK Ltd
Allen Lane
ASE Consulting Ltd
Capita Interim Management
Chamberlain Beaumont
Computer People
Crystal UK Ltd
Elan Computing Ltd
Electronic Computer Associates (novated from PA Consulting contract)
Hays Accounting
Hedra Ltd
Hudson Global Resources Ltd
Kelly Services
Logica CMC
Methods Consulting
Montpelier Contracting and Consulting
Northern Recruitment Group plc
OGC Accounting Service
Pendragon Information Systems
Real-Time Consultants plc
Ruillion Computer
Sand Resources
Search Total Recruitment Solutions
Security Printing Systems Ltd
Spring Technology
TAG TPS Ltd
The Nesco Group

Contracts under £50,000:

Angela Mortimer plc
Anite Public Sector
Beamans Ltd
British Print Industries Federation
Brook Street
Buchanan and Darby Associates
Business in the Community
Callcredit plc
CE Williams
Central Office of Information
Centre for Accessibility
Diane Bailey Associates
Donaldson’s
Drivers Jonas
ER Consultants
Equifax Ltd
Excel Recruitment
Home Office Cashiers
Ian Farrand HR Management Consultants
Ideas UK
Identix Ltd
Insight Consulting
Josephine Sammons Ltd
Kingston Communications plc.
Lambert Smith Hampton
Manpower
Michael Page UK Ltd
Minority Matters Recruitment
McCrindle Associates Ltd
OCS
Officeforce Ltd
Parity Training Ltd
Partnerships UK
Plain English Campaign
PicnicBox
Procurement Services Ltd
QDOS Computer Consultants
Q1 Consulting
Reed Accounting Personnel
Resource Analysts Ltd
RNA Ltd
Robert Walters
Security Services Group
SGS UK Ltd
Siemens Business Services
St. John’s Ambulance Services
Step Ahead
Streamline Financial Solutions
Telelogic UK Ltd
TK Cobley
The Whelan Partnership
The Whitehall and Industry Group
Turner and Townsend Project Management Ltd
White Young
Yale Data Management Consultant Ltd

[…]

http://www.computerweekly.com/

It doesn’t matter how many people they corrupt and who have signed NDAs. It is the people who are going to suffer at the hands of these companies who matter. It is their rights that are central to this, and despite what anyone says, the answer to all of this is ‘NO’ and HMG is wasting your money because in the end, this scheme will be dismantled if it ever goes into production.

There are some other interesting aspects of this list; the potential points for leaks are high in number. It cannot be possible that every one of the thousands of people who are going to be working on this will keep quiet. We can expect some leaks, if anyone decent works in any of these companies.

And finally, all the talk about open government (not that anyone with a single brain cell believed it) is further put to rest by everyone in this list being held under an NDA.

If this ID card scheme is so secure, then, like peer reviewed crypto (GPG etc) it should be possible for everyone to know how it works without compromising security. Security through obscurity is no security at all.

But you know this…

And now you can read about why this scheme is doomed to failure:

BBC’s File on 4 reveals defects in ID Cards scheme – with wide implications for government IT

Analysis/comment

A BBC Radio Four “File on 4” programme on 31 July 2007 on ID cards gave a useful insight into how ministers approve a major new IT-based project, then leave the rest to committed civil servants who have no clear what they’re supposed to be doing.

The broadcast included an interview with Computer Weekly’s news editor and several experts from the identity and IT community. It was apparent from the interviews that co-ordination and genuine accountability were lacking, or even absent, from the ID cards scheme, and that civil servants were trying to implement something indefinable that their leaders had decided to implement, nobody having a clear idea of the task that lay ahead.

This was the government machine at its worst: working in secret, having meetings whose minutes were secret, keeping secret “gateway” reviews of the scheme, and nobody having to account to ministers, stakeholders, the public, Parliament or the public over any decisions taken or not taken.

Carl Jung said that in all disorder there’s a secret order. Not in the case of the ID cards scheme, I suspect. Listening to the experts interviewed by the BBC I began to visualise the ID cards scheme as clusters of arms convulsing on an empty floor, none of them attached to a torso.

Peter Tomlinson an IT consultant and specialist in smart card technology told File on 4 he had attended government meetings where the ID card programme was discussed.

He was puzzled when officials from the Home Office, which was the department in charge of ID cards, didn’t appear to be present. “The meetings were called by people in the Cabinet Office. There were topics on the agenda that were set by people in the Cabinet Office and we kept on thinking: why are we not seeing people from the Home Office. Why are we not seeing technical people from the Home Office, or people involved in technical management? Eventually they began to come along but they never produced anyone who had any technical understanding of large-scale systems. We were just completely puzzled.”

File on 4’s researcher asked Tomlinson what questions had been asked at the government meetings he’d attended.

“Other government departments were asking the basic question: how will we use this system, and never getting an answer. No answer at all. ..It was my first real introduction to silo government. Individual government departments were completely independent of each other and now they were going to have to start working together. But they just did not start to do it.”

One of the government’s business justifications for the ID card scheme is that departments will be able to link into the National Identity Register to verify that citizens are who they say they are. But File on 4 found that departments have not assessed the costs of providing systems or software upgrades that integrate with the register.

Neil Fisher, vice president of identity management at Unisys, was also interviewed for the broadcast. Unisys is one of the companies that hope to join consortia bidding for ID scheme contracts.

Fisher had been talking to the Home Office about other computer projects he was involved in. He believed that work on these projects should have fed into the identity scheme. He, too, criticised a lack of co-ordination. He said it was difficult to find out who was in charge.

“I think there has been a realisation, as they have gone through this, that there are a lot of projects, even within the Home Office, being run by awful lots of different and smaller divisions in perhaps immigration, in law enforcement, in passport, and in ID cards, all of whom have a sort of relationship which was ill-defined.

“So [when I went] into a meeting invariably the wrong person from the wrong department would be there who could not speak for their colleagues in some other silo.”

He added that suppliers liked to talk to those who work within a well-organised chain of command. “But it just isn’t like that. I am not giving away any secrets here. The Home Office is quite a difficult department to run. It is like a herd of cats and it’s very difficult to herd cats as you know.”

Tomlinson said that as he sat listening to officials discussing the ID project at Cabinet Office meetings, he began to wonder whether it had really been thought through.

“We were asking questions like: how does one government department that is not the Home Office connect up to the identity card system? Where are the specifications for the communications protocols? How does the equipment get to be security certified? There was no work going on any of these technical topics…

“If you are going to design a large-scale system like this you first go and look at the volumes of transactions that are going to take place, how often are they going to take place and then we would see roughly how big it was going to be. You can’t specify a system unless you have these figures. There were about four of us who used to go to those meetings and we were all very puzzled. We said that this project is empty. It has no content.”

None of this can be blamed on James Hall, the affable, experienced, open and business-minded Chief Executive of the Identity and Passport Service. James Hall did not join the ID cards scheme until last October – three years after its inception; and in any case no individual civil servant, however deft his skills, can resolve the deep-rooted problems on the ID cards scheme which are arguably more to do with the anachronistic, cosy, closed-door culture of government than the action or inaction of any one person.

Several times during the File on 4 programme, Hall ably defended the scheme saying that it would continue to evolve. But some of those listening to him could be forgiven for thinking that he was saying in essence: things are not clearly defined at the moment and we’re at least partially reliant on suppliers defining things for us.

It’s the salesmen and consultants from suppliers that have pushed for ID cards; and so it will be, it seems, the technical people from some of the same companies that will be largely responsible for setting the specifications they will contracted to deliver against.

Very odd.

James Hall told the BBC’s researchers: “We have published a plan laying out our approach to the national identity scheme last December. Since January we have been in continuous dialogue with the technology industry and we have taken on board some of their thinking about the shape of the scheme and that’ll be reflected in procurement activity. And I have no doubt that once we into the procurement process we will continue to get innovation and good ideas from the market which will continue to refine our thinking about the precise details of how we deliver this.”

Martyn Thomas, a Fellow of the Royal Academy of Engineering and visiting professor of software engineering at Oxford University Computing Laboratory, said the requirements for the ID cards scheme “are still not being articulated”.

He added: “Without a very clear statement of what the requirements are it won’t be possible to build a system that meets those requirements cost effectively.”

File on 4’s programme was specific to ID cards, so it’s easy to forget that there are much wider implications of the disclosures made in the broadcast. The civil servants we have met have been bright and committed. But it’s not their fault if they work without clear tasks, without leadership and in secret – so mistakes and inefficiency are hidden.

If the machinery of government is in such poor condition – and some parts of it seem to be – how can it be exploited for the purposes of huge, complex, risky, costly and ambitious IT-projects such as ID cards?

[…]

http://www.computerweekly.com/

Tony Collins is really on the ball. Astonishing stuff.

Leave a Reply

You must be logged in to post a comment.