Monday, June 30, 2003

It's all a distraction from getting things done

Make it, RSS, easier to use. Stop faffing around says looselycoupled.com

For services to eDemocracy or something like that

James@VoxP picks up that Accenture have bought election.com ... it's true ... big consultancy company buys small innovative thinker. Doubtless at fire sale price. I hope that they can merge big and innovative. It's always proved challenging before.

Sunday, June 29, 2003

Blog politics gone mad

Can't believe this but it seems to be true. The web world has gone mad in the last few days with everyone shouting at each other about RSS and whether it's ok as a standard, who should be in control of it, what should happen next. As is often the case with "standards", different people want different interpretations (we need only look at browsers and how they all work differently and randomly to see that in action). The latest fight is between RSS and something called Echo, which is going to be/is/wants to be/will be/whatever a new version (and, as we also know, a new new thing is not necessarily better than the old thing). Government has only just started to swing its weight into syndication, content feeds and so on - and what government always wants to work on is a stable, mature, well supported set of tools and standards. I was pretty sure RSS was that until all this blew up. I hope it sorts itself out and dies down real soon. In the meantime, in protest at the noise, Dave Winer has shut his site down. Jon Udell summarises the mumbojumbo war best. John Gotze says that "RSS is a melting pot of innovative thinking". Pretty soon it could be just a melted pot. Why do people always need to fight over something? Liberty versus Passport; Java in phones versus Windows Mobile in phones? I can understand those ... money and monopoly depend on them. But RSS?

Metaversing the status quo

Whilst away I got through a few good books, one of which I'd recommend: Snow Crash. It's a book about the future ... or, funnily enough, a future that we might have had if the Internet had gone that way. The author, Neal Stephenson, projected his idea of what the online community might develop into based on where it was at the time he was writing. I'm guessing that was sometime in the late 80s (the paperback I have is dated 1992) which would mean that Compuserve was probably the way online for the few people that were online or perhaps a few other bulletin boards, notably The Well. The online experience then was all about community chat rooms, text based and low bandwidth. So Stephenson imagines a world where those restrictions are gone - where you can don an avatar of your own design (provided you've got the processing power) - but he placed inside a world not dissimlar to the offline one, a world where you still have to walk around, where you interact with people in bars, where trains run to get you between places that are far away and so on. So the online world wasn't much different from the online world (assuming you miss out the occasional sword fight and the fact that you can walk right through people while online). His online world is called the "Metaverse". Stephenson's extension of so many offline concepts into the online world made me wonder if we have our kind of metaverse model in developing online government. We have taken many of the things we do offline and delivered online equivalents. In the offline world, government is ubiquitous (there are hundreds of tax offices, benefits offices, job centres), designed differently at every iteration (brands, colours, experiences); government is staffed by people who both speak and do government - it has its own lanaguage - but these people are, for the vast part, efficient at helping you navigate the system so that you get what you want; government makes you wait for things, sometimes a few days, sometimes a few weeks and, finally, government is principally reactive - you tell me who you are and what you want and I will get it for you, you visit another part of government and go through the same experience. My sense is that the move offline to online probably has to go through this kind of a replicative stage - a place where there's relatively little imagination or innovation. Introducing radical new concepts or services without an appropriate way of signposting them, managing them and handling the followups would be unlikely to deliver any great benefits and would lead to confusion on the part of the citizen as well as government staff. Suppose, for instance, that the first online service a government delivered was a one stop website where you could type in your profile and it would list every benefit that you could apply for, fill in the forms based on your profile, send them off, tell you what was coming, set up the bank deposits and so on. Technologically, that's a big step but doable (given money, staffing, messaging standards and so on). But what would happen when one payment didn't make it - who would you phone? Who would you write to? What about if more information was required later? Who would ask for that? How would they contact you? So the online government metaverse must, initially, look a lot like the offline one - because otherwise, too many processes change in parallel, too many upheavals are made, too many systems need to be changed. What that means to me though is that we must never lose sight of the fact that this is what we are doing. We must never take that as the end point. Every change we make, every new system, every new process must be designed so that it can be manipulated into a more holistic, cleverer process at the next iteration - because if we have to throw it away or dismantle it to put in place the next one, we will constantly be in a state of change, confusion, risk and overspend. That means that things take a bit longer now because they have to be designed with the future in mind. I'm not sure enough people are doing that now. It also means that the vision of the next generation metaverse must be held - both the technical architecture of it and the business design (the organisational setup, the processes, the check points and so on). For us not to think through the implications of those redesigns means endless tinkering with the status quo with few of the breakthrough changes that need to be made being feasible - because they are simply too big to do in one go.

Saturday, June 28, 2003

Speed demon? Feed demon!

If you're tracking ever more blogs ... get this tool, it works fine and makes life easier. It's a beta release but seems stable to me.

Monday, June 23, 2003

Mission to the moon / Getting it all online (by 2005)

"We choose to go to the moon! We choose to go to the moon in this decade and do the other things, not because they are easy, but because they are hard", so said JFK.

Timestamps

Blogger's done some changes whilst I was away and I've noticed two things just now ... the timestamp has me in the pacific (I'm not, sadly) and the RSS feed has been turned off. Correcting them both when I post this.

CPIs and PPIs

Another thing I pondered whilst away, driven by my obsessive watching of CNBC and its little stock ticker, was the CPI and PPI. In the mainland USA, these are economic indicators (consumer price index and producer price index) relating to inflation - ie. expansion, growth and what not. I think we need two such indicators in UK government content. So, today I am creating: - The CPI, or Content Proliferation Index, which will measure the total count of certain key words across the entire ".gov.uk" domain. I'll pick the words over the next few days and then run the counts and publish the starting count along with a baseline that sets the start as 100. Over the coming months, we can see how much we're duplicating. To give the numbers a bit more basis, I'll declare an owner for each term (i.e. a site on which the term should legitimately appear) and discount that from the total (so, DWP would own Disability Living Allowance, there are more than 9,000 occurrences of that and only 900 odd on DWP's site). - The PPI, or Page Proliferation Index, which will measure the total count of pages in the ".gov.uk" domain. A bit harder to do this as it means I need to be aware of every domain name registered in this space (I don't track them all the time). Last year when I first put this number up after a bit of digging from my team, it was a total of 1,600 domain names and around 1.5 million pages (although I think that included some NHS and MOD sites and didn't include some others that should have been there). Today, we're at 2643 (again, before I went away so probably moved by now) and around 2.8 million pages. We'll call those each "100" now ... and measure how they move up. Be fascinating to see how these grow .... what's a good (or bad) growth rate? How should they trend (up or down)? How will we know we're getting somewhere just from these? Clearly these both steer people's perceptions of the US economy to some extent, so can we make a similar leap?

Never mind the quality ... feel the weight

Whilst I was away, I was idly doing some sums on how much it costs to take a page from a static HTML website and move it to a content managed website. I did it a couple of ways, (1) assuming that you don't have any system in place at all today and you are going to build one using a package, (2) assuming you don't have a system and you are going to do a cheap and cheerful one using open source components as far as possible. I have about 7 sources for the data, which is reasonable benchmark suite, but not fully reliable perhaps. I'd be fascinated if there are other people out there who have worked out this cost. Anyway, assume your website has developed over a few years and is pretty sprawling. Not uncommon I imagine (and based on my content graphs from a few weeks ago, pretty likely). First up, you do a content audit (what you have), then a content design (what you want - or an IA, i.e. an information architecture), you're probably building your system in parallel with this (hopefully not too far ahead, else you'll have to make too many changes for your IA), then you're going to need to suck the content out of your static site (in some kind of XML format) using a tool like Marcat's Vamosa (a play on the Spanish for 'let's go' I think), and then you're going to have to splurge it into your new system (maybe using another tool, or perhaps manually). At several stages in this process, you're going to have to QA it (the suck process might take 6 or 7 iterations to get right, with QA at each stage). You're also going to have to do clever stuff to maintain the integrity of your links and any digital assets (documents, pictures etc) - some tools do some of this for you, but you will need to pay attention, especially to links). Anyway, the lowest cost I came up with for doing that was £500/page, and the highest was up to £3,000 - the range is not all technology driven, but also complexity of the pages (whether you are splitting pages up internally in the migration, how many changes you are making and how much QA they need). To get the bottom number, you really need to be at the cheap and cheerful website end, meaning you probably don't have full security, don't have workflow fully implemented or you have cut a few corners on accessibility. I intend to do some more robust work on these numbers as part of a wider project on government content. The more data I can get the better, so please feel free to ship me stuff at the office mail address. With 2,800,000 pages of content in government (that was a month ago, so it must be more now) ... a cost of even £500/page quickly gets very scary ... £3,000 become especially horrifying!

Curses

Lovely add from Novell in BusinessWeek in front of me now ... "Cursor: CIO who discovers this his expensive new integration system needs yet another expensive system." Oh, how true.

More on authentication

I didn't get the chance on Sunday to complete the set of authentication ideas that I'd kicked around, so here are some others: - Cross checks with other entities. I spent a lot of time with a well-known credit checking agency (who put in an equally large amount of time and enthusiasm) to see if we could come up with something where they would provide the "challenge questions" to ascertain identity. Answering the questions online would give a probability that the person was who they said they were - beat x% (80? 90?) and you'd be allowed in. This could have given instant access to an application, provided we were sure the questions didn't cover too many publicly available data points (but they'd certainly have beaten "what's your mother's maiden name?" and "what's your date of birth?" which is all I ever seem to get asked offline. Of course, it would only work for those with credit records or who are on the electoral roll. - Dynamic government questions. Similar to the last one, but using government databases to come up with random questions - how much did you pay in your last tax bill, what was your salary in June 2002, etc. Very feasible, but probably difficult for the user (after all, do you know how much you paid in tax? And if you don't, how long would it take you to find the bit of paper where it's written?). Bound to be painful. - Mobile phone. For a while, sometime in early 2002, I floated the idea of using the mobile phone as a portable identification token. This was driven by a long held view that certificates wouldn't make it (they don't, for instance, work on digital TVs) and that the only widely available thing that had some kind of link to who you are was the phone. The idea was that when you transacted online, we'd send a text to your mobile saying "was that you who did this?", and you'd reply with a confirmation PIN. This idea went back and forth with all the mobile operators, many of whom were keen to work something out, but it was harpooned by the understanding that 70% of mobile phones are pay as you go - so they don't link to who you really are (we couldn't check, say, your address with the mobile company). To establish that link, we'd have to get people to go back to the mobile store and register their phones - something that I figured people with pay as you go wouldn't want to do. The debate came alive again when one of the operators hinted about the idea of a SIM card refresh to provide digital certificates in the phone ... but that's gone away too now. In reality we're going to need something pretty soon. I'm not convinced that Liberty or Passport hold the keys to where we need to be - they're not yet focused on the same thing as we are in government. Some people ask why we need one token for many services - and where the services are all point to point (e.g. you send your tax return to the Inland Revenue) there's some validity in questioning it. Once you move to joined up services (and we WILL), though, the need for a single ID that links multiple departmental services is going to be essential - if earning more money (or less for that matter) affects your tax credits, say, then it makes sense to handle this as a single update. And, without a single interlinked database of all government identifiers, the only practical way to do this is through a joined up system like the government gateway. Not everyone in government buys that yet, but over time I'm confident it will become more obvious, as soon as people stop trying to find reasons why not to use it and start looking for how to exploit what it already does.

Sunday, June 22, 2003

Authentication Hoops

David Hewson, writing in this week's Sunday Times, is understandably frustrated about how hard it is to use online services - both government and private sector. Today's targets are the online VAT service and the Royal Bank of Scotland's own online service. It's a shame that three years on we are all still struggling to get this right. There's nothing inherently wrong with the VAT service - it works fine, but you do need a digital certificate. They cost money though, because, something like four years ago, government (rightly probably) opted to let the market establish digital certificates, expecting that banks and other online services would issue them to their clients and that government would ride someone else's wave. It hasn't worked out that way - as noted by RBS' apparent inability to accept one of their own certificates as a login token. I've written (and been quoted) about my views on certificates before - they are cumbersome and technically difficult to get working. It might have worked, but only if more services needed them (and not just government services but banks, stock traders and so on) and if greater usage had encouraged the suppliers to sort the technical issues (they just barely work on Netscape and IE, as long as you have Windows, and not at all on Mac or Linux-based systems). They were on life support nearly a year ago (see my comments to The Register) and won't make it in their current incarnation. Still, it was a good try - and out of a failure ought to come a replacement that addresses the issues and gets it right. What David is hinting at though in this article is some kind of cross trust process. That is, your bank trusts you and I (government) trust your bank, so you should be able to access both services easily. This is kind of the Liberty model (or maybe even MS Passport), although that's not how it is all working now. There is no offline cross trust equivalent today. I am talking to a mortgage company right now, trying to set up a private pension and opening a new bank account (and a trading account) for the same pension. All of them want to see my passport (the original), proof of address (another original bill) and prior bank statements. If there was a network of trust here, then I could get one of them (probably my own bank) to vouch for me and everyone else would be ok. But that's not there today. And if it's not there in the offline world, getting it in the online world is going to be even harder. That's one of the reasons why we set up the government gateway - so that there'd be only one login token needed in government. So, if David does get his digital certificate, it will work fine for sending in PAYE or filing IACS grants to DEFRA (not that he's a farmer, I'm sure). But, from little acorns and all that. Over the last three years or so I've proposed (and seen rejected, usually for pretty good reasons) several ways of getting the trust side of the deal sorted: - Trust network. I wanted to strike some deals with the online banks where there implicit trust of someone who had an account with them would allow us, as government, to in turn trust the account holder. So the userid you had for the bank would allow you access to, say, Self Assessment. The flaw is that you'd still need to know your government userid/password because not all services would be available via the bank, you might not want your bank to know what you're up to and there'd certainly be some complicated session management - all capable of being solved but the time was not right. - Green shield stamps reborn. I thought this might have worked. The idea was that you'd have a "trust score" based on the source of your original authentication and augmented by the services you used. So, sending in a Self Assessment online would increment the score. Paying money to government is obviously less risky than the other way round, so it takes a higher trust score to get benefit payments online. Once you start getting benefits, the score probably has to be decremented (to reduce the fraud risk) - so you have to maintain it by continuing to send in other transactions. The flaw, of course, is that someone due benefit can't claim right away (if they have no known history of online transactions) although this could have been circumvented with a higher degree of upfront validation.

Tuesday, June 17, 2003

Just to rub it in

I'll be back in the UK tomorrow and posting here (with real work stuff) by Friday latest. I know I said last time that I hadn't got much new to say but, actually, I think I might have. It's been a great couple of weeks off, much needed. Here's another photo, probably one of the top three or four that I took - good colour throughout (those of you who know how underwater photography works will know that getting the colour right is hard and, as a rank amatuer, I find it really really hard).

Monday, June 16, 2003

There is [a] life out there

I've been away ... still am away in fact. Trying to prove to myself that there is life outside work. And, to help prove my point, I thought I'd show you this snap, taken at about 75' down. I think that proves it. Back in a few days. Can't promise any new thoughts - it's not like I've given work much time over the last couple of weeks.