Wednesday, January 19, 2011

ID cards were EVEN WORSE than we thought - and the Home Office hid the evidence

ID card johnson In a story covered very well in a witty post by our friends over at TechEye, it has emerged that the Home Office hid the parlous state of its Identity Card Scheme from the public - it withheld publication of a report by the project's oversight board in the run up to the 2010 general election (when, you'll remember, some sort of card remained Labour policy).

Disgracefully, the Home Office only slipped out the final report of the Independent Scheme Advisory Panel (ISAP) this week, more than a year after it was written, after the scheme had finally bitten the dust under the Coalition.

The ostensibly "independent" report, which reveals how the ID system had been compromised by poor design and management, was submitted to the Home Office in December 2009, modified on 4 January this year (by a person or persons unknown), before finally being published on the Home Office web site.

The report repeated the same warnings ISAP had given the Home Office every year since the system blueprint was published in December 2006 by Liam Byrne and Joan Ryan, then Home Office Ministers, and James Hall, then head of the Identity and Passport Service (IPS).

The key elements of the ID scheme's feasibility were still being clarified, nearly four years after it was approved by an Act of Parliament. Foremost among them were inadequate data security precautions and the threat posed by the systems' complexity.

ID system specifications had not been completed, said the report; doubts remained about what benefit the government aimed to get from ID cards; clarifying what ID cards were for might mean yet further specification changes... and on the litany of failure went.
But the project was already troubled by too many variables. As per the write-up at Computer Weekly:

Alan Hughes, ISAP chair and non-executive IPS director, said, "The combination of multiple suppliers, multiple government departments and agencies ... together with the sheer volume of change planned could make the schedule ... unmanageable; particularly so as more detail of requirements is understood.

"The panel considers this complexity is a threat to the success of the programme, of cost escalation and delivery of the full capability."

The scheme's suppliers had been inundated with change requests, the infamous contractual adjustments that derive from poorly specified systems and widely blamed for the financial, organisational and technical failure of large computer systems.
The contractual arrangements were also insecure, suppliers were using different development methodologies and the IPS was restructuring.

The suppression of this report is absolutely disgraceful. It follows a pattern of recent behaviour from government agencies, who withhold information harmful to their reputation despite the clear obligation on them to be open with public data – after all, we pay for their activities and for these reports, and such reports are about aspects of the way we all live and will be governed in the future.

This not only reveals a dishonest approach to information – it also reveals typical administrative incompetence with large, intrusive databases. Government departments constantly want more power over us, but are constantly too incompetent to use it.
By Alex Deane