Wednesday, December 31, 2003

Sleepless in Southwark

After a no sleep night, this, from B3TA gave me a good laugh this morning.

More on browsers

Meanwhile, by the by, I installed SlimBrowser this morning - tabbed browsing inside IE (you get to keep your bookmarks and not fiddle around importing them back and forth, you get a neat search toolbar and it blocks popups too). Can't find any quirks so far. I'm running it on my PC of course - I played with 5 different browsers on the Mac and none worked on all sites all of the time - talk about browser inconsistency. In the end, I settled on Firebird which seemed to do best (but not great).

Browser Stuff

Again prompted by David Fletcher, I've been looking this morning at a posting on the Apple website that focuses on web design and mostly about CSS. One of the biggest frustrations in developing online apps for government has been the need to support a vast range of browsers. Many commercial entities can just say "works best in IE 6 or Netscape 6.x" and go from there, living with the inconsistencies between browsers ... as Apple says Although the standards are not yet fully supported by all browsers in all circumstances, creating standards-compatible pages is the best way to ensure good rendering. As always, learning to use new technologies will take some time and will give you some incompatibility headaches. Nonetheless the results will be well worth the investment. The public sector though faces the need to support many browser versions across many operating systems, despite relatively low usage for everything other than IE. For instance, looking at December traffic on one key government website: Over 96% of traffic was from Windows PCs, but: 41% was XP, 20% was Win 98, 20% was Win 2000, 7% was Win ME, 6% was Win NT, 2% was Win 95 and .2% was Win CE (that won't add up to 100%, there were some others in there, including something called Windows 32 and I have no idea what that is). The total count of different browsers that accessed the site breaks down like this: Linux: 3 browsers, 0.01% to 0.13% of total Mac: 3 browsers, 0.02% to 0.71% Motorola: 1, 0.01% (someone using wap to access the site!) Windows: 5 browsers, 0.16% to 89.9% And then there's Nokia, Siemens, OS2 (does that still exist?), SonyEricsson, Unix and a small amount of unknowns. And, in version terms, a small number of IE 3 users, quite a few IE 4, 26% IE 5 and 65% IE 6; likewise, Netscape 3,4,5 and 6 are all in use; and 3 versions of the AOL browser. In the "other" category - what I usually call my "n squared" problem (a big, ugly, complicated matrix) are things like: blackberry, knowqueror, lotus notes, icab (?), opera, lynx and even webtv. The site has to work well for all of those browsers ... text has to position correctly, fonts must render exactly, accessibility features must work and so on. That's a tough challenge - how many commercial sites do you think work well for such a variety? The ROI falls off very, very steeply once you go past IE 5 and 6 / Netscape 5 and 6 ... but if it doesn't work [well] on one browser and that impacts someone's ability to access government information, I don't think we'd get very far if we suggested that they upgrade to a more current version. The browser inconsistencies are also one of the reasons that digital certificates didn't work well. The Apple article talks a lot about CSS and how hard it can be to get right, but how worthwhile it is. I agree with that - we use it on our platform and by doing it once (at the centre of government), anyone that uses our platform gets to take advantage of all of that work that we've already done. So they can forget about the technology and the testing and compatibility issues and get on with publishing high quality, focused content. Much smarter and, to use a current word, efficient.

Kartoo

Prompted by a post on David Fletcher's blog, I tried out Kartoo just now. Typing "government" gives an interesting result that I have a picture of, but can't upload to blogger for some reason. I'll come back later and try again (ah fixed it, new browser blocks popups, but you can recover them and put them on a whitelist). So here's the screenshot: It's an intriguing mini-map of government sites and not at all what I'd expect. Vertex get an entry, apparently because they're a sponsor - at least they don't appear at the centre. Both No10's site and ukonline appear, but so does an Irish government site and MSN. And then two sites that are both retired - open.gov.uk (which was last seen in mid-2001 I think) and dtlr.gov.uk which I think went around the same time (following the election?). That's the harsh stuff out of the way. What I really like is the categories on the left hand side. I can't always figure out why some sites come up in the picture, but it's interesting to see the variety none the less. I'm sure I could waste hours here discovering new sites, both from the UK and outside (even though I restricted to the UK, for instance, there's a site called seattleccd.com. Clicking on the site can take you to the home page, not necessarily to anywhere that your search phrase occurs, but hovering on the site shows you the link text on the left hand side. You can also increase or reduce the number of sites that come back in the map (on the options button), or change the search engines used to aggregate the results. What Kartoo really tries to get to though is the relationship between sites - it's kind of a technorati for the mainstream web. Who is linking to who, and what are the associations that they create. Fascinating, and as David says, a sign that the be all and end all of search is not google (although I've been using all the web and teoma a lot recently). A serious bit of work has gone into this, that's clear. While you're looking at Kartoo - type your own name in and see what comes back.

Open source? Or not? Or Not in Newham anyway

Intriguing piece in Kable that says Newham have pulled out of a PoC to evaluate open source on the desktop, because the scale of the project was too big for them to handle (and that appears to be a direct quote from the IT head there). Making a move to a new desktop across the organisation would be a big deal and involve a lot of effort from the team so I can understand the reluctance, but the absence of data on how such a move could be achieved is hurting the public sector generally I think. There are still another 8 PoCs in the OGC list, so there is still time to get data. One of the things I've wanted to do for a while is run three desktops in parallel - SunRay (thin client), Open Source and Windows - perhaps on 3 floors in one building or in three teams handling the same functions in three departments and see how it worked out. Keeping the numbers down to maybe 20-30 people would reduce the support overhead and probably allow a relatively quick implementation. I think it would be fascinating to compare not just the cost dynamics but also how people felt about each platform and how they used them differently (for instance, would productivity be up? Would people spend more time surfing on a browser-based platform like a thin client, or less time?)

ID Cards that verify, not identify

Interesting article in this month's Wired magazine on ID cards and a caveat: An ID card might do little to prevent another terrorist attack. Bruce Schneier, one of the world's leading computer security experts, says that any identification system that relies on background checks creates three categories of people: trusted, untrusted, and trusted-but-malicious - people who aren't on watch lists but turn out to be terrorists anyway.

The Year Ahead

I started working in this space – e-government – in early 2000. Nearly four years on I am, in many ways, disappointed with how far we’ve come. It’s not that we haven’t done a lot collectively. It’s just that the expectations were so high then and it’s hard to look back and know about all of the hard work that has gone at so many different levels of government and see the outcome achieved without wondering where the rest of it all went. When I started I figured that three years on the idea of e-government would be absurd. Business would revert to the norm and it would just be business. Whenever any new service was launched there would be an orchestrated launch across all channels with a significant reduction by now in the number of services with any kind of paper channel. Patently we’re some distance from achieving that in the UK and probably in many other countries too. The web is still something separate. Paper is still paper and everything done has to be done there too. Well, I think that finally there’s some change there. New services were launched this year that mean that paper isn’t the only way in and, even, where there is no paper equivalent. How would you deal with real time updates via SMS about where you’re supposed to be when you’re a witness in a court case in a paper world? How would you get total access to the 1901 Census data without wandering down to Kew and poring over endless amounts of microfiche? How would you see emerging trends in your neighbourhood as offered by Neighbourhood Statistics in a world of paper correspondence? The power is being harnesses and the pace at which it’s being done is quickening. That makes 2004 a pivotal year to me. In July, I talked about a 50 year storm emerging … “the 50 year storm that looms is the set of events that will take place this year and early next that will warrant the catalyst. Some senior figures are moving on (perm secs in at least three departments), one or two cross-government figures too. Issues like we have seen over tax credits where technology and business issues conspired to cause enormous pain mean that we will have to rethink delivery controls. Spending will tighten as we enter another financial review round. The potential for central infrastructure, like our own Government Gateway, will be fully realised and people will commit resource to exploiting it rather than exploiting ways to get out of it” Well, for sure the spending is tightening – that’s become pretty much daily news for FT readers. The figureheads are indeed moving on – witness the recent announcement of a transition from Office of the e-Envoy to Office of e-government and the appointment of someone analogous to a CIO. The potential for central infrastructure is, at least, being talked about as are ways to further exploit it and other products from a variety of departments. Once the debate moves on from why it should be used to how it should be used, then joining up can really start – because it will be happening from a consistent base. That’s not to make light of all of the other work that will have to be done to join up – there’s an enormous amount around business process, data administration, regulation and co-operation too. Given today is the eve of another year, I’ve been thinking about what emerging trends we’ll see, in e-government, over the next 12 months and how they might impact what people on the outside looking in see. The storm is, I think, upon us and the next few months will make clear what comes next. There are 5 topics on my mind (there are a few more within my day to day job, but I’m thinking here about emerging trends only). 1. Citizen at the centre Since the beginning, e-government has been about putting the citizen at the focal point for service delivery. I don’t for a second think that people go out and deliver things without that maxim in sharp focus, but they have been constrained by a variety of things – natural inertia, lack of system capability, old style business process and so on. This year, things change and the citizen will be squarely in the middle. That will mean: - Dramatically fewer websites (maybe not fewer in number, but certainly fewer that have to be visited to get the task done) - More focused content that is written in people speak, not government speak - More transactions grouped together in logical ways (so Child Benefit and Child Tax Credit will next to each other, ditto Council Tax Benefit and Housing Benefit) - Central and local services will start to be aggregated – with the local government people probably leading the way (many already see themselves as a kind of one stop shop for government), but probably not until close to year end 2004 - Consistent navigation and controls so that there is no relearning necessary. People know how traffic lights work – and we don’t change that from town to town, so why on earth would we keep changing look and feel? - Consistent multi-channel delivery will show up, again near the end of the year, where trying to get at something via the ‘phone will feel similar to the web. The folks at the call centre will be using the same interface as you would use if you were online, so consistency will increase … and the website will be updated if your question isn’t fully covered by what is already online. In many ways, government is some way behind the private sector in doing this (just check www.vodafone.co.uk, Vodafone.ie and Vodafone.de for instance), but is also grappling with the fact that, historically, every section of government is a separate organisation, indivisibility of the crown notwithstanding. So the second trend is a sort of coming to Jesus. 2. The Rationalisation of Brands This won’t fully happen in 2004 but during the year we’ll see, I think, a shift to service delivery from a relatively generic thing. It won’t be about the department of this or the department of that, it will be about “you’re the citizen, what do you need”. Departments will still exist – maybe a couple fewer – but there’ll be aligning themselves much more closely, to back up the trend identified in (1) above. Once you start rationalising the brand, all kinds of interesting things probably happen. Who owns the end to end service? Where do you go when it goes wrong? How do you track something that is being dealt with through multiple back office units, all with different processes? These issues and others like them will force more co-location of resource, more interworking of systems and a greater ability to join up in the future (after all, once the wave hits, why get in the way of the next one?). This will mean things like syndication going mainstream – to the point that any content will be available anywhere and so you won’t necessarily even know the source brand. Once you start doing this – you can get definitive information about, say, child care from three government entities, Mothercare and Boots – you probably spend less time looking and more time using the information, and you probably get it from brands that you trust on an every day basis rather than having to think about where the definitive source would be. If you’re shopping on Waitrose.com (Ocado) and you happen to buy nappies for the first time, it’s probably logical that they pop up some screens about what government services you’re eligible for as a recent parent. Maybe you even save money on your shopping because they can process the claim in real time, using services and data sourced from government but presented in a non-government branded way. 3. A Shift From Silo To Enterprise Allied to (1) and (2) then is a change in the way that things are designed and constructed – to remove the issues about end to end ownership, support and delivery. As long as things are built inside fortresses, bashing down the walls and linking a couple will be hard (impossible?) and relatively pointless. I’m guessing our would-be CIO will focus first on how we shift from the silo to the enterprise or, at least, from talking about the enterprise to doing it. Central infrastructure is part of this (but I would say that, wouldn’t I), but it’s not all of it. A base of solid standards for, say, web services security and interoperability would be fundamental – after all, usage of MMS (whilst still low) was pretty non-existent until you could guarantee that sending from Vodafone to O2 would work. A decision on, say, what a trusted government mobile phone number for SMS messages would be is important. Then some components are built a few times, in a sufficiently generic way, and deployed many times (adhering to the standards identified) and plugged (through a set of bespoke adapters) into the multitude of systems in place. Once we’re through that battle, maybe we can attack the multitude of systems and see what can be rationalised and componentised there – reducing the amount of infrastructure and the complexity of delivery. Ideally, this speeds up introduction of new services and reduces the risk of failure – if it doesn’t do that, we shouldn’t do it. 4. Business Leadership to the Fore For (3) to happen though, technology needs to be seen as the servant to the business and the business owners have to take ownership of the widest possible agenda. I’m guessing that, today, most governments commissioning a new service build a new IT system to support it. That might have made sense before (it certainly made things simpler through reducing interdependence in projects and delivery), but it doesn’t make any sense now. If (1) – (3) are to happen then, increasingly, business processes will be designed from the citizen into government rather than government outwards. That will mean a greater degree of cross-business alignment and rationalisation. Perhaps certain departments will own key processes for all of government, perhaps a department will not only own how it works but also actually run it for everyone else (one way for money to get in to government, say). This is the hardest thing to see how it works. It requires fundamental changes at a base organisational level in any government that undertakes it. That will mean new structures, new incentives, new controls and disciplines. I didn’t say it would be easy, but the emergence of a trend like this will show a true appetite in a government for tackling the very hardest problems. For a long time (since almost the first week I got involved in e-government), I’ve said that the web allows us to put a veneer over the complexity of government, hiding it from our citizens and buying time to allow us to engineer the really complicated changes beneath. That’s still true and we’ve all bought some time – but it’s time to start tackling the hard stuff for real now. 5. Success stories will be common, and will become a non-event By the end of 2004 a handful of services will be mainstream, i.e. they will have significant usage when compared with, say, buying books online or banking online. Perhaps 40-50% of people will use an online channel for just a few services, finding that it’s quicker, easier and a richer experience than trying to use the ‘phone. Incidentally, as more private sector businesses outsource their call centres abroad, I wonder whether web usage of things like banking will increase – if you can do self service, why make the call? If that’s right, then government benefits too – the more people who are online and who are comfortable transacting online, the more people will feel comfortable using the services available from government. What are these services? Some are already there – the congestion charge claims 70% of payments are made online or through SMS. I think they got there by making the offline (in this case telephone) process so ridiculously painful that pretty much everyone found the path of least resistance (the absolute path of least resistance is, of course, not to drive into London and many people it seems chose that one). The online driving test service is already doing well, so the papers say and is a natural start point (kind of a “my first government transaction online”) for a generation that already expects the Internet to do pretty much everything that they need. This will be closely followed, I imagine, by Student Loans (I notice that this site is one of the first to put the legal terms and conditions for use in as the default page when you first visit – which I guess is compliance with the recent EU law on opt-in, although I hadn’t expected it to be that way. It’s also “strictly copyright 2002” which is a bit of a shame. Is it up to date or not? And then there’s this line “You agree to indemnify and to keep SLC indemnified for and against any costs, claims, demands, expenses and liabilities suffered by SLC arising from or which is directly or indirectly related to your access to and/or use of the website” which would worry me if I was about to use a website.) Today, the site offers only pilot access to student loan applications (and my postcode isn’t in the pilot area so I couldn’t test how easy the process is). Once you’re booking your driving test, applying for a university place (which isn’t strictly government I think) and getting a loan then your interactions with government as a student may be few for a while (unless you are applying for benefits, such as reduced price spectacles) So, fast forwarding a few years on in your life cycle, the next place where usage ought to be significant this year is in the area of benefits and tax credits. The latter already had a banner year in more ways than one and with renewals due in April, online has surely to be the way to go. On top of those, I think there will likely be another sleeper hit or two. Something that will catch most of us by surprise, like the 1901 Census or the Flood Warning site – perhaps something like Diana’s Inquest, or the publication of the Hutton report or maybe news that London will host the 2012 Olympics (followed by publication of the plans for development to meet that need). Events like these will drive traffic to the web from both existing and new users who can then move on to other government services. Beyond that, I think the services that really catch on will be invisible government services – the things that government does that aren’t really associated with government. The 1901 Census was one such thing – I wonder how many people really connected that with government? Booking a squash court at your local leisure centre might be another – after all, many such centres are run by local authorities. But what really interests me are the spontaneous things that we might get people to sign up for as a lead in to other things. Let’s say that when you send in your (paper) tax return, we take your mobile phone number – and text you when the processing is complete and ask you to visit a website to confirm payment details for the refund; or perhaps we arrange to text you when the cheque for your child support money is in your bank; or we make a deal where we’ll email you when we have something to send you, rather than adding to your mail pile at home and you can visit a secure area to check what it is and decide whether you want a hard copy (printed right where you are or sent via snail mail, but your choice). These services won’t be obvious “tick in the box” services – i.e. they don’t exist offline and so when they go online it’s hard to know how to count them (after all, 100% online makes sense at a certain point in time, but at some point, the baseline has moved and you might be putting 50% online of what you had then and another 25% of services that didn’t exist before). 2004 is going to be lots of fun, one way or another. There’s a huge amount to do and, from tomorrow, only 24 months before the deadline in the UK to have 100% online and high usage of the key services. That means 12 months from now we better be at least ½ of the way between where we are now and 100%/high usage!

Tom Peters - Successful Businesses’ Dozen Truths: 30-Year Perspective

1. Insanely Great & Quirky Talent. 2. Disrespect for Tradition. 3. Totally Passionate (to the Point of Irrationality) Belief in What We Are Here to Do. 4. Utter Disbelief at the Bullshit that Marks “Normal Industry Behavior.” 5. A Maniacal Bias for Execution … and Utter Contempt for Those Who Don’t “Get It.” 6. Speed Demons. 7. Up or Out. (Meritocracy Is Thy Name. Sycophancy Is Thy Scourge.) 8. Passionate Hatred of Bureaucracy. 9. Willingness to Lead the Customer … and Take the Heat AssociatedTherewith. (Mantra: Satan Invented Focus Groups to Derail True Believers.) 10. “Reward Excellent Failures. Punish Mediocre Successes.” 11. Courage to Stand Alone on One’s Record of Accomplishment Against All the Forces of Conventional Wisdom. 12. A Crystal Clear Understanding of Brand Power. From one of his recent slide decks.

Knight Knight Internet

Delighted to see Tim Berners-Lee in the honours list today, receiving a knighthood for services to the global development of the 'net. There are a few other people I know in the list today and my congratulations go to them all. The honours list has come in for a storm of press in the last couple of weeks but, as Roy Hudd said ... someone's got to accept these things otherwise there'd be shelves full of them.

Monday, December 29, 2003

Dancing Queen

Having spent many a late night doing Karaoke in Japanese bars, the sight of these dancing robots seems surreal. I'm assuming it's real though - who knows what level of prep went into this. Balance, they say, is the hardest thing and these guys seem to have got the hardest thing right. This is, as you'll see, nothing to do with e-government but, think about it this way, if the Japanese could bring this level of sophistication and innovation to online services, they'd be leading the world. You can try several versions of this URL ... sony_05, sony_04 etc. Going to the home page, unless you're a native, won't help you much though. Can you just imagine if you can play any tune to them and, like the iTunes effects engine, it generates a dance track to it?

The Year Behind

Last year, I looked at the lessons learnt, the ones that we’d learnt again and the ones that we would learn for the first time. The main things I thought would come about in 2003 were: - Not as much innovation as we’d like. A little too much of business as usual –online is the new offline - Some continued negativity in the press about efforts to drive services online and secure takeup, but a plea for when it does go right for there to be favourable PR - Some key services would drive demand and prove that it might all come together - Digital certificates would stay on life support - Some pretty scary, bleeding edge-type technology that would be high risk and difficult to implement - Some first time use of multi-channel delivery, including mobile phone/text messaging - We’d see that, after a pretty dark 2002, there would be light at the end of the tunnel (and it wouldn’t be a train rushing towards us) I’ll give myself a B, maybe even a B-, for guessing the outcome of 2003. Here’s why: - I don’t think that there was much in the way of innovation. The focus was still on content and website creation. We nearly doubled the website count during the year. More transactions were, however, put online but they were mostly same old, same old. There were some notable exceptions – Neighbourhood Statistics, from ONS, for instance – that show there is a willingness to go online with things that were never offline. - The press didn’t have much to go on this year. Stories from previous years failed to repeat. Apart from the Flood Warnings problems on day one of the new year, there was little to cover on the negative side (at least at an individual service level; there was no shortage of macro-coverage). I think this year we, in fact, gained some champions. Chief amongst those would be Mike Cross at the Guardian, who made it his business to seek out the nuggets – the good stories both locally and nationally and talk them up. That's not to say that Mike lost his edge, only that he gave credit where it was due across a range of local and central government entities and for a wide variety of services. Others who had been more vocal in prior years were quiet this year – I hope that 2004 brings them out in full force. If anything, stories of the NHS IT procurement filled more column inches than anything else; the doomsayers were out in force for Richard Granger’s work. May they be proved fully and wholeheartedly wrong every day. - Digital certificates, well, er, they kind of stayed where they were. Not up, not down. This year will be the end though, at least in this incarnation. The end of one phase can, and should, spur a rethinking of them and if I get the chance I’ll spend some time on that later in the week. - There wasn’t a whole lot of new technology to be seen although large numbers of departments did rush into the content management space. Many are still feeling the pain and wondering where the odd few million that they used to have in their bank account went. CRM kept a low profile although a few local authorities went for it – some very successfully. - Mobile phones count as “toe in the water” territory only. We ran some pilots but nothing full scale. It’s been two years since I talked about this as being the thing to do and I’m disappointed that we didn’t do more, but it’s time to double down and see what comes. - 2003 was a better year than most expected I think. Fully half of the online population used government services online, take-up of some services rose as high as 25% (and, if you count congestion charging, 70%); disasters were few and far between. 2004 is starting from a base more than double the penetration of year end 2002. That means the light was there to be seen and we’re perhaps emerging from the tunnel now.

Friday, December 26, 2003

Funding Shortfall?

Repeat after me, "there is no funding shortfall". So says Karen Evans, the USA e-government czarina (ugh). And you have to agree with her ... "There is no funding shortfall. We have nearly $60 billion in information technology spending among the Federal agencies. The goal is to spend this money more wisely both within and across agencies. Certainly, the E-Gov fund would allow us to quickly bring agencies together around citizen-centered technology solutions and is an important Administration initiative to which we remain committed. However, given that Congress has thus far funded the E-Gov fund at a lower amount we have the opportunity to focus more on cross-agency collaboration through existing investments." I absolutely can't argue with that. It's about wiser spending of existing money - reducing duplication, trailblazers delivering solutions that can be adopted by others, eliminating waste through cancelling projects, scoping requirements correctly so that the return on investment starts sooner and, finally, eliminating the usual reasons for failure so that every pound spent results in more than a pound of value delivered. Now the real question, for Karen and many others, is what are the levers that will allow the focus on cross-agency collaboration to come to the fore? Can funding be constrained in some places and elevated in others? Can performance rewards be distributed as readily as penalty punishments are today? Can the standards necessary to allow full interoperability be identified, ratified and distributed fast enough? Can the accent on co-operation be made clearer? Difficult stuff.

Challenge Everything

Sitting in the cinema on Christmas Eve, waiting for Return of the King to start, endless ads, one after the other. After an epic trailer for Troy – a sort of Gladiator like film – comes a segment that’s obviously from the main event that we’re all waiting for. That’s funny, they don’t usually trailer the main item. The edit segued from film to computer graphics. It was an ad for Electronic Arts’ game of the film. The switch from film to computer blurred reality beautifully. Obvious if you knew, less than obvious if you were only partially paying attention. Challenge Everything came the tag at the end. EA aren’t the first to use this tag – they’re not in the Top 5 on Google. But the message is clear. Everything is up for grabs, nothing is sacred. For me, and many like me, the challenge is everything.

Battle of the Bulge

At about this time of the year, many people will be thinking about getting back into shape after a Christmas overdose of turkey, potatoes and wine (in fact, wine, wine and more wine I imagine). You know how it goes, you stare at yourself in the mirror and start to see a few extra acres of flesh. You’re sure it wasn’t there last time you looked, but there it is, bulging out at you. It’s no good if it’s you staring in the mirror – you need an independent view, otherwise you’ll be too kind to yourself. You’ll justify every extra pound of fat, falsely remembering that, actually, it was there before and, really, you don’t look too bad at all. You’ll think about how hard the last year has been and how it’s pretty normal to have gained a few pounds. You can run it off in no time and be back in shape, just the way you were 10 years ago. It’s a short step to beach fitness you’ll say. Your thoughts turn to renewing the membership at the gym - the one that lapsed about 11 months ago; or maybe you'll look for a new gym, one that will hold your interest more than the last one. After the last year of online government development, we may well eaten a little too much turkey. With 2,643 websites (as of July, perhaps as many as 2,900 now) and more than 5,000,000 pages of content, perhaps it’s time for our own Battle of the Bulge programme. Surely every government is in the same position? Our own mirror of online government, viewed from an independent stance (that of the customer of course) may show that we, too, have a few extra pounds – maybe even a stone or two. Things don’t quite seem as lean and focused as perhaps they should. We might imagine that we’re not quite in beach shape. We have a few flabby websites. There are ways to address that of course. A programme of exercise … some long distance running perhaps. It takes time to shed pounds; it certainly doesn’t take just a few days or a couple of weeks of effort. So a long term programme to audit what’s on the website and eliminate what’s no longer relevant – shed the weight to the archive. There will also have to be some weightlifting though, else what remains will be loose and uncomfortable and will fit poorly in the overall context. That means focusing the mind on the content the customer really wants and shaping it so that it fits who visits your site. You’ll likely need a trainer to get this done, someone who will keep you on the path lest you decide that it’s all too hard and you give up before you reach the goal. The goal? Of course, you must set some goals – you must decide how much you want to lose, what the picture of success would look like. Do you want to end up half the size or perhaps twice as fit? Do you want to run the online equivalent of a four minute mile, where every customer shows up, gets what they want and is so impressed that they come back once a month or more to see what else is there? Do you want to run the 100m sprint where you want everyone in the country to visit just one time so that they see what you have to offer and then bookmark the site for future reference? Do you want to run the 110m hurdles in record time – where you remove every barrier that might be in the customer’s way so that they can quickly and easily find the information that they want? You’ll also want to change your diet. Eat a bit less, drink fewer glasses of that fine wine you’ve been savouring. You know that’s as hard as it gets, particularly the wine. But you also know that if you don’t apply the discipline then, pretty soon, you’ll end up just where you were before. You need to think about every article, every document, every statement you put on your website to see whether it really fits with the goal. Does it make a positive difference to the customer? Will people look at it? Will they find it valuable? Will it be useful? You know that none of this is easy. For years, the New Year has started with a rush to the gym – the streets fill with joggers, you can’t get a place on a treadmill, your workouts take twice as long because you have to wait for exercise machines all the time. The sense of enthusiasm and commitment is palpable. For a month at least. By February, things are back to normal. You don’t have to stand in line to bench press, you don’t have to dodge joggers every ten yards along the river. Everything has gone away: the enthusiasm, the commitment, the discipline. Everything? Not quite, the extra pounds stay. Fighting the website flab needs some serious long-term commitment. It can’t be done in a month. It might take you all year. It might even take longer. It might require a lifestyle changing adjustment to the way that you request, create and publish content. It might mean that everyone on the team needs to be trained in what’s really needed. It might require the appointment of a true customer champion who assesses everything from the point of view of the people using the website and makes sure that it fits the goal. If it doesn’t fit the goal, it’s not going live. Of course, if all else fails, there’s always the knife. Short and sharp with a bit of soreness afterwards. A quick vacuum of all the subcutaneous fat and you’ll have the beach body sooner than you think. The life expectancy of obese websites must surely be very limited.

Wednesday, December 17, 2003

Opening it all up

Dave Winer is talking up one of the key virtues of RSS - that it's an open API and can be implemented in an afternoon. Anyone, he says, who does an API however they please would be bonkers, unless they were a large org with a purely internal need. When we built the Government Gateway (the one that Kablenet notes may now get some local government usage but that is already being used in a couple of places elsewhere on the globe), one of the absolutely fundamental reasons for doing it centrally was that we wanted a single API for authenticated transactions coming into government. We didn't want a Sage or a Rutherford-Webb or an Egg or anyone else having to figure out multiple ways in or different dialects. In short we wanted an open API that anyone could use. It's been an interesting journey getting there - hard for digital certificates, much easier for userid/password - but there's now a lot of vendor community support, both at a system integrator and an application provider level. The first real fruits of that will come in the first quarter next year I hope. The reason that we thought it was important, even back in mid-2000 when we were designing it, was that we knew this curve existed: i.e. government is relatively low on the interaction frequency curve and needs to move up, through the use of intermediaries, before online government would become truly effective. The reason people bank online is that the efficiency save is great - 3-4 transactions a week can save you a couple of hours of standing in a line. 1 transaction a year with government might as well be on paper - people don't yet get the efficiency potential (and who can blame them?). I didn't put this curve up in slides until November 2001 (by which time the Gateway was long since built and was a viable route into government, maybe even the only viable route). A couple of months after first posting the curve, I added this slide to my deck to go with it: The point being that many transactions plus good information to navigate you around them PLUS multiple ways in through third parties (whether web or application) would drive takeup. There was not going to be a single thing that drove traffic to the government's online presence (although it's possible now that tax credits came very close and may do so again next year). Today, there's still a frightening amount of debate about whether this makes sense - both opening up to intermediaries and having an open API. Policies on a mixed economy ought to have laid the former argument to rest, but if the latter one isn't won too, then it doesn't matter much. Folks who want to develop synchronous inhouse communications between their portals and their backends fail to see the closed loop that puts them into - they fail to see that only through putting services online and joining them up, the way the customer sees them, will we make breakthroughs. Delivering silo services may be pretty for now - in fact, it would have been pretty in 2001 now it just looks dated and closed minded - but it won't get the kind of takeup needed. There are, as always, some exceptions to this - it's unlikely that someone will want to book a driving test and claim benefit at the same time, but it is very likely that someone will want to determine their eligibility for a variety of benefits and tax credits in a single go. Doing anything that prevents this latter service may forever delay joining up government services because, as we have now (everywhere in the world), the output is a monolithic, legacy piece of IT built for the sake of IT and not for the sake of customer. Time to stop spending all the money on the "T" in IT and spending it on the "C" in Customer.

Legacy dependencies

Back in September I was wondering whether our efforts to put governments online would result in a new legacy system problem. I've been thinking some more about that, wondering how it arises, whether it's true and what we do. First up, I define a legacy as a monolithic, backward facing system that is harnessed by fortress government to do its bidding. It likely has limited functionality that the customer can exploit and it is also performs a vast range of functions without any ability to split it up replacing the functions of any one bit with a new bit, without massively negatively impacting the wider system (either through breaking it or plainly increasing the migration risk). Just because they're monolithic and backward facing doesn't mean people won't deploy them forward facing and pretend that they're part of a new architecture - the other bits of the definition come into play then. What prompted this recently was the news that the Inland Revenue, in a bold decision judging by the press reports, have chosen not to renew their IT contract with EDS, but to award it to a new player. It almost doesn't matter who the new player is - the point is that it's not the same as before. This was followed by some worrying warnings about potential delays in handling the job, although it strikes me there's a "would say that, wouldn't they" angle to anything like that. What was more interesting today was a story that said the key 200 people who handle the IT might not move. I can't find that story right now, but it's somewhere. My guess is that any corporation or organisation, public or private, has far less than 200 people who understand the IT they have - especially in a legacy world where the systems have been around 20 years or more. It's probably nearer 20 or even, in some cases, 2 people. This may be one of the reasons that changes take so long to push through the system - the only people who "get" the impact are busy sorting through a bunch of other tasks. If we build more systems in our silos, whether that is country by country (for a multi-national), org by org (in a corp) or agency by agency (in a government), then surely the consequence is that we concentrate the knowledge in fewer numbers of people than we might otherwise. If we blast open our systems, fragmenting functionality into more discrete units, then we can spread knowledge of how they work across more people. The key people then become those who know how data flows between the systems. This is just as risky potentially - after all, few can hold the big picture in their head. There must I think be a tradeoff between fragmenting systems to reduce people dependency and fragmenting them so much that there is a new dependency on the big picture. Noone wants to be held hostage to a few people knowing a system - but there's a real risk that building systems in silo organisations rather than for cross-organisational need results in less flexibility, more transition risk and less business benefit. We've all done that once. Would we want to do it again?

Tuesday, December 16, 2003

John G's 2003 round up

I could have tried to do this, but I certainly wouldn't have done it as well as John has. Must reading for those figuring out what was big and what wasn't in 2003, and those eyeing up what next for 2004 - principally Ent Arch and the shift away from monolithic system delivery. My review of 2003 will come soon (I hope) but it won't be as comprehensive as John's.

Tuesday, December 09, 2003

Googlerace

John G pointed me at Googlerace ... where you get to use Google's API to rank the US candidates for 2004's election. For "e-government", George W Bush comes last, with no results. John says Howard Dean wins the race for "Denmark" - who knows why.

Federal Federated Identity

A couple of weeks ago I commented on the US' decision to abandon a centralised authentication system and wondered how a federated model would work. Given I was just musing on Joint and Several Liability (or perhaps, a federated family seeking authentication), I've also spent some time thinking about this fragmented or federated model. I guess some definition setup would help. I see "centralised" in this context as meaning a single authoritative source that confirms you are who you say you are - i.e. establishes your identity, or authenticates you There are purists who will say that we need to be separate out identity establishment, authentication, verification, rights management etc, but for now I think this will do. So, think of this like a big LDAP or directory that says not only who you are but how you relate to the organisation - what you can do, perhaps when and where too. You have to go, actually or logically, to this directory lookup service before you're allowed to progress. In a federated model, there's no single authoritative source. I guess it's possible to argue that actually there is no authoritative source. Instead, various sources are able to confirm your identity (authenticate you) and grant access to certain services, and yet more services then trust that initial source to allow entry. It's an attractive model - potentially multiple proof points, no single centralised source etc. The venemous treatment of anything centralised in some organisations, public and private, makes it even more attractive for those. Both models have their supporters - all the way to the top of the technology tree. Passport was Microsoft's attempt at a centralised service; Liberty was the (almost open source) response, initially from Sun and now from any vendors. Both can work, both can fail. For a while, they might even have been the same thing as the Passport folks talked about moving to a federated model by bringing in partners and storing data in a variety of places (I think of this as some kind of RAID type storage of authentication information - a potentially globall distributed SAN). Thinking about it purely in government terms, I see some issues to consider with a federated model. It's not that they're going to be impossible to solve, but I do think they're a challenge. - Government doesn't see any one individual the same way. Various numbers are attached to every one of us, whether it's social security, driving licence, passport, tax, benefit, whatever. There's still a need then to associate "me" to "me in government department a" and "b" and "c" and all the others. I'm not sure that this can be done anywhere else but in one place or, if it's done in a fragmented way, the customer experience is not much of an improvement on a silo-based model - It's hard to know who to trust. Let's say that I go to my bank. They know who I am, so why don't they tell government that I'm ok and let me do transactions with government without any further delay? Why not? Well: - First, the bank only knows who I am to the bank - not to government (so there's that whole process in the previous paragraph to go through); - Second, why should I, as government, trust the bank? After all, the bank has a duty to figure out who I am, but they also have pretty good controls on fraud - regular statements, transfer limits, a global network to use to track funds and, a reserve against which to charge losses. Government doesn't have all that - who would we send the statement to and what limits would we set? - Third, What happens if I do trust the bank and I let that person go on to use several more services. The more services they use, the more they get to do. Eventually, maybe you can get a passport because you have used enough services - but there's still only the original trusted relationship. How do I unwind that trust if it turns out to have been false? Think BCCI for those of you old enough. Or think about all of the phishing scams that are going on targetting banks right now. Who do we trust to be who they say they are in a purely online world? - Fourth, with identity comes liability. How much is your identity worth? And if someone takes it away, how much more is it worth to get it back? So, if we're going to federate trust and allow many people to vouch for identity ... ummmm ... we're going to need to understand where the risk has moved to at each stage, what controls we have and what measures we take to govern it. The only way out of this is, I think, to actually have no liability - because having it will shut out too many players, because the cost of insurance will be high; or to have a few very large players that allow access to "all" and smaller players who can grant access to only small (low risk) services. Similar debates about liability are going on in the security/spam world now ... a world where perhaps we only accept mail from authenticated sources. A federated model might make a lot of sense for email, but I don't see the same model making sense for distributing government money to people. We haven't even got into the whole space of "tokens" yet - whether the ID is assured in a mobile phone, a smart card or whatever, or whether it needs biometric assurance and so on. Those issues are there irrespective of federation or not, but with federation they come into a new space - standards for exchange. Without solid standards that allow the token contents to be passed around, it won't work. There are many folks out there still signing laws passing the use of digital signatures/certificates. All good stuff, but falling down because of standards and technology incompatibility (as well as horrible user experience). There are lots of smart people looking at digital identity, e.g. btw.net, here's Andre Durand (who has a commercial interest in being right), and Mark O'Neil who writes books and more. The hard thing I find is drawing all of these and more together to create a scenario where it will work for government. If anyone has the resource to do it, it's going to be the US government I guess, but that doesn't stop it being hard, nor does it make it a cert for success. The audit folks in the US gave a helpful hint for how they should progress there, "Establish policies for consistency and interoperability among different authentication systems and develop technical standards". Easy to say, but what to do about it? It does, however, suggest that the federated model in the US will be purely a public sector model initially - meaning that the challenge may be reduced (i.e. no need to figure out how to trust banks or other financial institutions at this stage). But, I'd lay very good money, that persuading government agencies to trust each other will be just as hard. Gotta wish them luck.

Joint and Severed

Every so often, the issue of "Joint and Several Liability" comes up in the world of e-government. It's usually thrown at me because I run the Government Gateway which "does" authentication and so, therefore, must handle JSL. It doesn't. And it's therefore an easy target, as in, "we'd love to make use of the government gateway, but it doesn't do ... yaddayaddaya". I doubt that there's anyone outside the legal profession or a few parts of government, mostly at the local level (but not entirely) that understands what JSL is, so here's some words from debtclinic.co.uk "If you have taken out a credit agreement, loan or have a bank account in joint names (with another person) then you are both liable for the full amount of any debt. This means that if you have a joint loan with a spouse or partner and one of you fails to repay the debt (this often happens following divorce or separation) then the lender could still ask you for payment of the full amount (not just half). The lender cannot recover the money twice but can pursue both of you, or just one of you for all amounts still outstanding until they have obtained full payment. Joint and several liability can also apply to rent arrears on joint tenancies, arrears on joint mortgages, council tax payments and water charges on properties that have been jointly occupied." In essence, when you sign up for certain financial transactions, it's quite common for everyone in the household or the family to sign the paper forms. Then, if there are problems later, any one of the signatories can be pursued for recovery of the debt (whether that is a hire purchase agreement, a fraudulent benefit claim or whatever). Nice and simple in the paper world. Or it appears to be. In the offline world, the problem is that a bunch of signatures on a page doesn't mean very much. Ask anyone who works in a bank what they verify signatures on checks against and you'll get a very surprised look. Signature verification happens rarely, only for large amounts and only in a very few places - but where they do, they'll have a big book with lots of signature samples in it. Ask someone in government what they verify signatures against and I very much doubt that there will be a big book. How would you do it? 60 million samples? Even split across 468 Local Authorities, that's a pretty big book. The signatures cannot be practically verified, so they're not. But if there's a dispute later, you go hunting for the people who purportedly signed the form - and I imagine (I don't have data on this) that there are very few cases where the signature is the pivotal evidence in the case (maybe 5 a year? 10? 100?). JSL is a collection of signatures in a box or two on a form. It's nothing more, nothing less. The signatures could come from anyone, there is no way to relate the signature to an individual or, more importantly, to relate the owners of each signature to each other. The relationship is on the page and nothing more than that. But, it is an important legal concept and one that is hard to throw away - after all, doing away with it would mean having less recourse than you had before. In the online world, conceiving a solution for JSL is hard. And I know I keep saying things are hard, even brutally hard, right now, but this one is genuinely hard. We'd need some way to identify several people, draw a relationship between them as regards, say, a benefit form and then have them all authenticate that form - imagine a screen with 4 userid and password boxes on it which have to be completed at one time, or passed between the respective PCs of each person for signoff. Or, much worse, 4 digital certificates that all needed to sign the XML and then be unwound at the opposite end to ascertain that the signatures were correct. But, even if I did that, I still wouldn't know how the people related to each other - I don't know of a system that stores a variable called "household" and then associates people into that variable. Just imagine the change control and updates on it even if it did exist? People move in and out of houses, students go away, lovers leave, boyfriends & girlfriends come and go - and because it's a system rather than a piece of paper on file, it would "NEED" to be more up to date than the paper, right? I spent a lot of time thinking about this around 2 years ago before the Gateway was built and did a lot of work with several departments trying to figure out if it was in any way practical to consider the implementation of some kind of JSL. None of us could come up with an idea, despite a lot of effort. In the end, therefore, it was dropped as impractical at a technology level and, very likely, impractical at a business level. The business didn't really know who was signing the paper forms and didn't draw links between them at any level of process, so why should the technology try and make up for a business issue? There are still people out there who throw this one out as an excuse. Rather than use it as an excuse, tell me how it should be done (please no pitches for products that I just need to install and everything will be ok). Just give me the outlines of how this problem should be cracked in the online world - I await with interest all ideas and input.

Monday, December 08, 2003

Much Spam from Trojan Horses

Today's NY times says that spam is increasingly circulating through a peer to peer network involving machines that have been taken over by illicit programs. As the MusicCo's found out, shutting down a network that has no owner is tough - it won't be any easier if the bad guys are using it to actually make money instead of circulating pirate music. Who says we don't need a Green Cross Code now?

Friday, December 05, 2003

One of those days

"It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light, it was the season of Darkness, it was the spring of hope, it was the winter of despair, we had everything before us, we had nothing before us, we were all going direct to Heaven, we were all going direct the other way."

Thursday, December 04, 2003

Tom Peters Live Rant

Tom Peters is in London next week. I've seen him a few times and I can't think of anyone I'd rather listen to right now. Sadly, I can't get there this time, but he's doing a webcast for people like me who won't be there. The topic is, as always, to the point ... "Beautiful, Fresh, Exciting, Spastic, Cool, Noisy, Nutty, Brilliant, Loud, Insightful, Big!" These are just a few words critics are using to describe Tom Peters' new book Re-imagine! Business Excellence in a Disruptive Age. Tom opens every chapter of Re-imagine! with a rant. For example, Chapter 1 opens with this vehement argument: "We act as if the dot-com crash signaled the end of the New Economy. But we are, in fact, on the verge of the biggest and most profound wave of economic change in a thousand years." The overall rant of the entire book is that "people...are thwarted at every step of the way by absurd organizational barriers and by the egos of petty tyrants (be they corporate middle managers, or army colonels, or school superintendents). The question is, "Do you agree?" How could anyone not agree with that last but one sentence? Be they public, private, voluntary or otherwise gainfully employed? Go sign up.

Monday, December 01, 2003

PKIneffective?

The week before last, I sat in on a session chaired by Tom Standage, Tech Editor at the Economist (and an old school friend, or a friend from my old school perhaps), where Bruce Schneier (type that fast) briefly featured (sadly he was delayed en route). The broad topic was security, but his being there prompted me to check his eponymous website. I came across an essay he co-wrote in 2000 on the risks of PKI .... you know, PKI - the technology that has taken 30 years to reach Gartner's trough of discontent and is struggling to emerge onto the plateau of utter disillusionment. I wish I'd read it back then because it might have saved a lot of pain. But it's still current and worth reading, as if you needed more to read. It's still hard to disagree with any of the issues that he raised all that time ago (well, nearly 4 years, seems like 4 lifetimes to me right now). Skip to the bit about Single Sign On at the end if you're familar with the issues generally, and then the conclusion: Our assessment is that security is very difficult, both to understand and to implement. Busy system administrators and IT managers don't have the time to really understand security. They read the trade press. The trade press, influenced by PKI vendors, sings the praises of PKIs. And PKI vendors know what busy people need: a minimal-impact solution. "Here, buy this one thing and it will make you secure." So that's what they offer. Reality falls far short of this promise, but then, this is a business and the prominent voices are those with something to sell. Caveat emptor. Buy this one thing and life gets easy. Isn't that so often the message? And talking of buying, you could do (far, far) worse than buy either or both of Bruce's books. I can vouch for the first, Secrets and Lies, the new one, "Beyond Fear" is on my list when I'm done reading Gerstner's book on IBM.

By IBM for Government

A while ago the folks in my team coined the phrase "By government for government" to symbolise the difference in our approach to developing central infrastructure solutions versus those of typical technology firms who would likely sell a pile of product accompanied by an even bigger pile of promises. Today, IBM has cottoned on to that message and proposed a "revolutionary approach" that will see a huge reorganisation of its selling, developing (R&D anyway) and partnering approach. The boss there, Sam Palmisano, even goes so far as to say, startlingly enough (and believe me, I wish I could emote outright sarcasm on these pages), "Technology in and of itself is not enough". Bonus points for getting there, negative 100x for being late to that phrase. The head of the Software Group, Steve Mills, adds "Companies don't want to buy technology, they want to buy business solutions built for their industry". So there's a clearer choice now: By government for government, or by IBM for government. Seems clear to me. I've been intrigued by Palmisano's previous pronouncements on the subject of e-business on demand. After all, along with Linux, the new CEO is putting a lot of chips on the table on what looks to be a very long term bet. Getting inside what "on demand" actually means is a challenge and, as other vendors have come up with their own versions, such as "the adaptive enterprise" or "utility computing", not only has the table become more crowded but the outcome of the bets less clear. I did, though, love IBM's ad comparing computing to the perennial essentials of fire, water, electricity etc. Just another thing you expect to be able to turn on when you want was the message. That single initiative took an awful lot of pushing from SP himself to make happen ... I'm not clear that a reorg alongside it, coupled with the Linux change (internally they're supposed to be making a move to put everyone in the company onto a linux desktop), provides a clear enough focus. Still, if you're going to make such a change, now is the time - just as Carly Fiorina went for Compaq at a time when the industry was in a downswing, freeing her to concentrate on the economies inherent in the merger, maybe this is the time for IBM to make their change too. Others are making their bets too: EMC is buying software companies and adding to its own software stack, recognising that hardware is a commodity - and where commodities arise, Dell sweeps in I guess; Sun has its Opteron link up, Java desktop and $100 a head licence fee (hard to see how it will work, but a fascinating strategy) and Microsoft? Longhorn maybe? Not clear that a different bet has been made there yet either.