The Winter of our Missing Disc Content

The UK government, ten years ago, launched several reforms of the public sector, pinning their faith in radical IT initiatives to create a powerful, efficient, welfare state. Only now is the full extent of the failure of this dream becoming apparent. Our square-jawed reporter investigates remorselessly, 'in the interests of greater transparency'

‘a passionate commitment to sharing data and systems’
quote from Sir David Varney, a former chairman of HM Revenue and Customs

It was surely the British Government’s winter of missing disc content.

First in October 2007 came the Revenue and Custom’s missing discs fiasco: then, on 17 December, in a marvelous piece of theatre, the Secretary of State for Transport Ruth Kelly (the only person to have a makeover in British politics and to look better for it) let the country know that ‘in the interests of greater transparency I would like to draw the House’s [House of Commons] attention to a breach, which affects a significant number of people.’

‘in the interests of greater transparency I would like
to draw the House’s [House of Commons] attention
to a breach, which affects a significant number of people.’

It was a sentence to savour. What she meant is that a hard drive containing the names, addresses and phone numbers of more than three million British learner drivers have gone missing from the Pearson Driving Assessment’s ‘secure facility’ in Iowa – back in May. Ms Kelly’s predecessor, Stephen Ladyman, said he had known of the breach when it happened but didn’t think to tell his colleague.

“I assumed the new minister would’ve been told about it. It doesn’t look like a cover up to me – it looks like one of those things”, he said.

Recently the NHS IT agency Connecting for Health warned hospitals not to post discs containing unencrypted personal data to the central NHS Tracing Service, run by a private contractor in the Midlands. If data was posted in this way, it would immediately be destroyed, a spokesman said.

Yet while people fretted about government departments sharing personal data, another piece of news in late 2007 demonstrated that if this sharing was done correctly it might actually save lives.

Anthony Joseph was jailed for the killing of Richard Whelan, a bus passenger. Joseph had just been released from youth custody in Manchester, but should have been retained because he had an outstanding arrest warrant in Liverpool.

But the prisons computer had no link up with the Police National Computer on which the arrest warrants were held. Data sharing between departments about individuals can have direct benefits.

It is clear that there needs to be a culture within government where both the power and the responsibility for implementing those benefits is understood throughout.

But there is an alternative, more worrying analysis of the situation: that the child benefit data fiasco and others like it, was the result of a government overwhelmed by the scale of what it is trying to do with IT.

Using legislation to prevent disaster

Soon after the Revenue incident, Britain’s Chancellor Alistair Darling, who is responsible for Revenue & Customs, said that Richard Thomas, the Information Commissioner, the independent regulator for data protection law would have his powers increased and soon legislation is likely to be pushed through Parliament to toughen penalties for anyone who fails to follow data security guidelines.

Already, staff have been banned from storing sensitive data on discs unless it is encrypted and computers have been disabled to stop them from being used to download data; – all at a tremendous cost to the Government’s IT budget which had already been trimmed by the then Chancellor Gordon Brown, currently Britain’s Prime Minister. .

‘This is all indicative of a lack of expertise,’ says Helen Margetts, professor of society and the internet at Oxford Internet Institute and the co-author of a study that is devastatingly critical of the government’s IT programme.

‘This is all indicative
of a lack of expertise,’

Published last year by Margetts and her colleague, Patrick Dunleavy of the London School of Economics, the study of IT projects in seven leading countries discovered that governments that place big IT contracts in the hands of a few big contractors are the ones most likely to experience failures.

The Outsourcing and PFI armlock

The report highlights that Britain was unique in the extent to which it outsourced projects so that large IT companies had the government over the proverbial barrel.

The study found that Britain had

  1. ‘the most concentrated government IT market in the world, with a near-monopolistic lead supplier (EDS)
  2. huge contract sizes,
  3. poorly understood use of private finance initiative (PFI) contracts for inappropriate IT projects
  4. virtually no in-house capacity to manage (let alone develop) IT systems

IT contractors ‘drove a coach and horses’ through budgets, the report alleges.

That HMRC is charged so much
extra for elementary tweaks
shows how weak the government’s
grasp of its own IT has become

Dunleavy says it has become became expected practice to pitch prices for initially completed tranches of work relatively low, in the confident expectation that later revisions and extensions would create negotiated contracts of between ‘four and six times the initial competed contract price.’. It’s only a short step from there to demanding £5,000 to ‘strip’ sensitive personal information from the child benefit data – a task that, with a properly designed database, would take approximately 30 minutes of a DBA’s time and very little effort.

That HMRC is charged so much extra for elementary tweaks shows how weak the government’s grasp of its own IT has become, Margetts adds.

the process just
wasn’t considered important.

The subsequent loss of the discs then exposes a culture – not just a one-off error – where unencrypted personal data is regularly sent back and forth between public bodies on physical media, rather than via secure networks because, as Margetts says, ‘the process just wasn’t considered important.’

In theory, the government has been trying to raise its game for more than two years.

One of the three central aims of the Transformational Government Strategy, published in November 2005, was to create a new ‘IT profession in government’.

Part of this process is to hire people with IT qualifications for the civil service fast stream, where they can expect to rise to the top. Six fast-streamers were hired last year; 15 will shortly be selected for entry this year.

The other two strands of Transformational Government create a radically new IT infrastructure, based on public bodies sharing systems, and those systems sharing data on every individual in the country.

Last December, the ambition was raised when Sir David Varney, a former chairman of HM Revenue and Customs who is now Gordon Brown’s adviser on transforming public services, published further radical plans.

They are based on ‘a passionate commitment to sharing data and systems’.

He maintains that each citizen has at least five widely used identity numbers. ‘In future, one accurate and robust registration should underpin all services. I see absolutely no objection to public services sharing basic administrative information like names, numbers, addresses and dates of birth.’

This vision of transformed government engages with a barrage of IT-based initiatives aimed at tackling specific political priorities. These include:

  • the ID card, which will be enabled by linking at least three existing identity databases;
  • ContactPoint, the newly renamed index of information relating to every child in the country – now delayed for five months;
  • e-Borders, the immigration system which is designed to give immigration officers and airline check-in staff overseas the ability to check passengers’ credentials against government records;
  • the NHS care records service, creating a shared electronic health record for every individual in England (Scotland and Wales have parallel schemes.

But there have been repeated warnings that the schemes are unfeasible. Professor Ross Anderson, a security expert at Cambridge University, suggested that the proposed children’s database was intrusive and possibly illegal but as ever government brushed it off – as it did with warnings about internet security and the centralisation of personal health records. Now, the two lost discs have put those dismissals under fresh scrutiny.

Over the past decade, the public sector’s ability to manage big IT projects has repeatedly been called into question. The usual response is that the government’s record is no worse than private industry’s, or its counterparts in the rest of the world.

However, repeated examples – and the LSE study – suggest there is simply too little IT expertise within the government. And yet far from scaling up efforts to meet the challenge of a new IT infrastructure, the government is scaling back IT.

‘One symptom is the changing of the name of the old e-government unit. It’s deprioritising the issue just when it should be prioritising it, ‘Margetts adds.

The big question now for the government is whether it will be able to reverse its internal culture, where IT expertise is not treated as a ‘core activity’, and yet sweeping policies embracing the population which rely on huge IT projects are.

But surely the biggest task it faces is convincing the public that the estimated £2 billion wasted on abandoned IT projects since 2000 can be justified.

It has to be an estimated figure as the National Audit Office (NAO), set up to scrutinise public spending on behalf of parliament, does not keep a complete list of which schemes are cancelled so no ‘real’ amounts exist.

Move along there now, there’s nothing to see

A quick inclusion of the latest failed schemes makes difficult reading.

The Police Portal when launched in 2003 allowed the public, should they wish, to report minor crimes and distribute video and pictures of crime over the web. The collated information was then distributed to the correct force area.

a range of serious defects and delays

Though the site suffered from a chronic lack of marketing, figures show that the portal was being used to report nearly 30,000 crimes a year, but that’s before it began to stutter in 2005 when a contract to build a replacement portal was won by technology firm QinetiQ.

The service was suspended in the spring of 2007 and then dropped altogether in December because the site was found to have ‘a range of serious defects and delays.’

Over the last twelve months, the unoperational scheme cost the taxpayer an extraordinary £5.2 million. The deal is now subject to a legal dispute.

A Catalogue of IT disasters

Other mismanaged schemes have included the £1.6 billion frittered away by the Department for Work and Pensions on a new benefit card which was based on out-moded technology; the much derided £486 million upgrade to the Child Support Agency’s computer which could not handle the number of new and existing claims and the £140 million on a more efficient benefit payment system that proved less smooth-running than the one it was supposed to replace.

Other major blunders included a £273 million adult learning programme that enabled thousands of people to gain extra qualifications. It was found that ‘corner cutting’ by two ministers to rush the scheme into operation led to the police advising the Government to close it down after finding evidence of extensive fraud.

As well as not keeping complete costs for all scuppered scehemes the NAO does not have figures for modifications which are necessary to repair new systems that have failed to perform as required.

30 percent of government IT
projects and programmes are successful

An example of this is experimental work on the £12bn plus NHS computer system where outdated technology was installed at a hospital in London and a short time later had to replaced when it was discovered to be ‘unfit for purpose’.

The 14 bn spend

Speaking at the Government UK IT Summit last year Joe Harley, CIO at the Department for Work and Pensions, one of Whitehall’s biggest central departments, bravely confessed that only ’30 percent of government IT projects and programmes are successful’.

‘We want 90 percent by 2010/11. We want to achieve a 20 percent overall reduction on IT spend in government… the government spends £14bn per year on IT in Britain. It’s not sustainable as a government to continue to spend at these levels. We need to up the quality while reducing the spend. There are some big improvements to be made.’

You said it Joe.