Wednesday, November 28, 2007

Tick box to skip a year

aminny Much to my surprise my entry to the London Marathon in 2008 was accepted in the ballot.  The last time I got a place like that was for Paris in 1999.  Every other marathon I've always run under a charity's golden bond scheme.

The acceptance form has a useful box which allows me to defer my entry until 2009.  With my knee still not working properly after I tore the meniscus back in March, despite an apparently successful operation, this looks to be my only option.

I'm going to give it a couple of weeks before I send in my deferral but I'm not confident of getting from zero to marathon shape on a dodgy knee in the time available. In fact, I'm not sure I could pull off 200 yards right now.

Monday, November 26, 2007

A better version of the "data spiral" slide

Finally found the original of the slide I was looking for from the earlier post, The Data Spiral.  This should be more readable.

image

It paired up with this slide

image

Sunday, November 25, 2007

The Data Spiral

Here's an extract from my Government Enterprise Architecture paper from September 2003:

The principal now is that data can be exposed to many viewers – internal staff, third parties, intermediaries and the citizen/business themselves. The number of data sources has been dramatically reduced, perhaps not to one but to a few at least. This has been achieved principally through abstracting the original back end systems using clever technology known as web services and through creating a set of consistent and reusable components.

clip_image002[5]The journey to such an enterprise architecture is lengthy – even achieving such a vision in a single department is a huge challenge. It may be appropriate to think of progress being made along 4 axes, not necessarily with equivalent speed. The axes are business process, business application, business data and technology infrastructure - note that the focus is on business involvement and leadership, especially around such important areas as data.

The model might look like the figure at right. Progress is made by moving out along any of the axes, with the time to make progress and the potential for cost saves increasing the further out you move. Although, progress need not be equivalent against each axis at the same time, there will be points when the next level of change can only be achieved when enough, dramatic progress has been made across each axis.

That slide doesn't look too clear in the blog and I can't find the original to paste in.  I'll keep looking for it and then expand on this post.

But the recent HMRC (and everyone else's) data problems reminded me of some of this - I was trying to create a future model for government technology where the citizen would be put back in control of their data, there would be common (not consistent) processes in government and an integrated suite of technology built with re-useable components.

Governments were, and are for the most part, in the middle of the middle: individual processes custom built each time, data held within individual applications, multiple over-lapping business applications and multiple technology infrastructures even within single departments.  No wonder data exchange is hard.

Saturday, November 24, 2007

The essence of commitment

I had a strange conversation with a guy this week.  I needed him to sign up to do something.  He didn't want to do it.    His way of telling me this was to say that he "didn't want to commit in case he had to decommit later" - of course this was by email not an actual, whatchamacallit, a conversation.  I'm wondering if that should be de-commit.  Or, actually, I'm wondering if there's even such a word.  Surely "commit" means just that - to commit to do something means you'll do it, come what may. Much more than a maybe, somewhat more than a promise, as good as a guarantee from a reputable manufacturer?   We're talking about saying you're going to do something and then doing it.  His name, in case you're wondering, wasn't John Kerry.  Although you can imagine how he'd have explained it to me had he committed: "I committed to do it before I de-committed from doing it."

That narrowly beat a conversation earlier in the week that included two words I never thought I'd hear next to each other: "hardcore strategy."  I have no idea what that means. But I think I need to add it to my CV.  Along with the phrase "always committed unless I need to de-commit, in which case I promise to inform you in writing no later than 30 days after I've already de-committed."

Thursday, November 22, 2007

25 million green bottles

iStock_000003735726XSmall There are, as you'd expect, 1001 stories about the loss of 25 million records relating to children and their parents.  Child benefit is one of the most "taken up" government benefits - something like 98% of parents (umm, sorry, children) receive it (versus perhaps 80% for child tax credit). So there's certainly a large number of people affected - the figures of 7.5 million households and 25 million people total look about right.  I've seen this called "DataGate" by the Independent.  Perhaps "Shutting the DataGate after the horse has bolted" may be better.  The story definitely isn't over and I'm sure, barring any other major news developments, it will hold space in the first 2 or 3 pages of newspapers for several weeks and several more instances will doubtless come to light.

If you have a child under 16, your personal detail (name, address, bank account, date of birth and national insurance number).  It's unclear whether if you used to receive child benefit (i.e. your child is now older than 16), your data was still available on the system, but I suspect not.  Likewise, if you are one of those who are generally off-system (certain members of the military, the police and so on), I suspect that data was held elsewhere - so those who talk about the risk of protected identities being compromised are probably wrong.  It is, sadly, one of the hallmarks of IT the world over that data is held locally in each application for each purpose - so this kind of data exists in dozens of applications across every unit of government, whether central or local, state or national, metropolitan or federal.  When we built the Government Gateway, we looked hard at the data we needed - for instance, to post the PIN, we needed an address; but, once posted, we didn't need it anymore.  So we issued a query to the relevant government back end system, got the address, and then dispensed with it as soon as the envelopes were printed.  But that was relatively easy to do in designing a new system from scratch.  Most systems have been around a lot longer.

Let me state two things up front:

1)  Loss of sensitive data is not just a UK government problem or even just a UK problem.  It's prevalent all around the world, in corporates and govenrments, and made ever easier by the increasingly wide access to email and the Internet - and, of course, by the ever increasing number of systems that store all the data that they ever need right in their main database.  It's almost like we should be surprised if our data isn't out there in the wild world.  Never mind worries about putting some personal information on Facebook, your data is already on several other sites, for anyone malicious or maligned to access.  There's a reason that whenever you see people in a film going into a secure nuclear area, there are two of them and they each have a key that has to be turned simultaneously.  Putting control in the hands of one person can be a recipe for disaster. This latest issue comes on top of:

    • An event just a couple of months ago when a disc being sent to Standard Life and containing details of 15,000 people was lost (sadly also by HMRC)
    • 94 million Visa and Mastercard accounts exposed at TJ Maxx
    • Bank of America's loss of backup tapes containing credit card information for 1.2 million Americans
    • The exposure of the records of 800,000 people at UCLA
    • Reed Elsevier's loss of personal information on 300,000 Americans
    • Transaction data for 180,000 customers of Ralph Lauren
    • The use of unsecure email to send out classified nuclear secrets (that's a link to the story by the way, not to the actual secrets)
    • Choicepoints loss of 163,000 individuals records (and the accompanying ID fraud)
    • Hackers in Ohio Universities systems took 137,000 records of students and alumni
    • The loss of doctor's personal information on an NHS website
    • The loss of 26 million records for US veterans
    • and, golly, I've just found this extraordinarily comprehensive list of data breaches.

2) This isn't a problem about why weren't the CDs encrypted or why wasn't the data sent by some other, presumably safer means, it's about several lengthy failings in process: who can access the data, how easy is it to get a full database dump, what controls are there on writing data to CD, who needs to approve what and so on.  In the technical world that most of us operate in we're used to a window popping up and saying "hey, stupid, are you sure you want to delete that entire list of folders and files?".  There is no "are you sure you want to send this data by post dummy?" dialogue box, but there would have been checks and balances before it got to that stage.

It must have been a long chain of events to get to this point.  A full download of every data item in any of the government's big systems isn't the kind of thing that can be just asked for - I'd go as far as to say that it's a one time request requiring special work (although it's possible in this case that the extract had already been prepared for some other reason in the past - and, if that was the case, perhaps many of the usual controls would have been bypassed in this case.  Imagine the conversation "you need an extract? Well, normally that would take us 3 months but I just happen to have one over here, only one previous careful owner, that we took in April 2007"). 

I'd bet that there isn't a requirement in the specification of any government system anywhere in the world to be able to "hit f12 to dump database to two CDs", password protected or not.  So my assumption would be a change request is raised, the IT supplier (probably EDS as the Child Benefit process and accompanying systems used to belong to DWP but were transferred 4 or 5 years ago to HMRC but I don't think they were absorbed by the CapGemini contract) does a quick check to see how long it will take, the change request gets approved (not as quick to get done as it is to write - perhaps a month or more), the data gets offloaded at the next convenient point in processing and then copied to two CDs by someone technical.    Lots of people get involved in this process.  There would even have been a discussion about the cost of removing some fields, hashing out others, creating dummy data and so on.  In the end, it sounds like we've got a very big spreadsheet secured by a password when you try to open it.  I'm not even sure that old versions of Excel can handle that many rows so maybe it was just a word file.  That's a lot of pages.

My guess it that encryption wasn't asked for because the person doing the asking wouldn't have known much about that and the people receiving the data would have known even less, and the technical folks would have wondered about it but would have been busy and so moved on. PKI isn't part of the default desktop installation of any where in government outside spooksville.  I could get into this a lot more but it's a long time since I worked at the Inland Revenue and even then I wasn't that close to the systems involved here - and I'd be speculating.  Doubtless someone is already working on a report and it will come out under FoI or through the persuasive nature of various journalists and, I'm sure, a series of Internet message boards.

As far as I understand, no one ever actually asked for a "full copy of the entire child benefit database".  The NAO asked for a sample of de-sensitized data.  Typically that's a few tens of records with personal identification information removed - certainly the NI record hashed and probably the bank details removed.  When I did a stint in audit back in my banking days, a typical sample was 30 records - statistically, that's enough to give you a sense of whether everything is in order when you're doing a substantive test.  I'm not sure what NAO were trying to prove - maybe that only appropriate data was stored (perhaps that only parents with children under 16 were in the system?) or perhaps that the fields contained the right data and in the right format (post codes matched what they were supposed to) or maybe they were testing that the population claiming matched the expected population claiming.

Putting aside then the issues of should the data even have been floating around 0r what process breakdowns were there, here's a take on the technical aspects of how data should be shipped around:

Most people - as did one commenter on an earlier post - will be asking "why on earth is data being shipped on CD in this day and age?"  A perfectly reasonable question. And one that when you look at the other ways that were probably immediately available, you might briefly think "oh, I see why they'd do it that way" ... right before you clap your hand to your forehead.  Don't think that government (generally, not just the UK) are endowed with the latest hi-tech gear available to one and all.

Two CDs is a fair chunk of data.  At least 1.2GB based on standard format of 600MB a disc.  Not much compared with the capacity of the average ipod (even my iphone has 8gb, I think the entry level classic is now 80gb) or even the average memory stick (2gb is a common size for Vista ReadyBoost).  But a lot of data to ship around nonetheless.

Let's take email as one option - most people would consider that first:

  1. Email systems in government generally have very small mailbox sizes. A few tens of megabytes is very common, even as much (as little?) as 200mb would be uncommon.  This is not like google where you get a couple of gigabytes or more on signup.   Trying to send 600mb would bust both sender and receiver.
  2. Bandwidth between departments is relatively small.  More accurately, there's lots of bandwidth along the backbone  that links departments, but individual links to that backbone are typically small - 1.5MB/s, sometimes less (and are set as a function of the size of the department - I'd expect NAO to be one of the smallest (and I'm actually pretty sure, but not certain, that they're not on the GSI), HMRC to be one of the largest).  Network performance in offices is load dependent and likely to be slow making uploading an attachment of 600MB to the server interminable.
  3. Many government staff don't have access to email at all (if they are routinely processing citizen tax transactions, it's felt there's no need).  Likewise, even fewer have access to the Internet.
  4. Firewalls on the email systems limit attachments to 2mb, sometimes 4mb, rarely much more than that (there are exceptions but they are rare)

But had these all been overcome, the file would have moved between HMRC and NAO within the secure network of government departments known as the GSI.  Risk of interception would have been low (the GSI is regularly penetration tested and is built to a high standard).  But, realistically, this wasn't an option for anyone in HMRC. Government email systems are just not built for files of this size - and I believe that even those that the rest of us use day to day would fall over after trying to digest a file of 1.2gb.  My entire PST file in outlook is only about one gigabyte now (and it has 2 years of email in it, the rest is in archives). With all these issues - and the continuing sense that e-mail is somehow unsafe (like all things on the Internet) compared with "sending 2 CDs by post (!) - I would not be at all surprised to hear that CDs by post is the default choice for exchanging even relatively small amounts of data between departments, agencies and 3rd parties (such as pension companies and banks).

Sometime in 2002 the team I ran in the Cabinet Office built, on behalf of the Criminal Justice folks, a secure email system.  It was the brainchild of the same guy that thought up the Gateway as a pan-government authentication system and, I think, ukonline (which was known originally as me.gov).  It was designed to allow lawyers working on criminal cases to exchange, securely, documents between their offices and the courts (and each other).  Remote users could use a web-based email front end or their own outlook client and everything inbetween would have been encrypted and secured.  At the time we deployed it, the common way to send such data around was to fax it (you remember the way it used to be done - you'd phone them up, say "stand by the fax machine", then they'd put the phone down and go to their fax, nothing would happen because it was out of paper, or it was already receiving someone else's 100 page fax, all on that slightly fuzzy thermal-style paper).  It was a comedy and needed to be sorted, hence the requirement for the secure mail.  This solution was made available to the whole of government, but take up was low.  I'm not sure that this would have been any better - it would have had the same limitations of bandwidth, firewalls, and so on.

In our own team, and before the secure mail system, we also used various commercial products to exchange secure data (the systems we built and ran were at least restricted and were sometimes higher).  They were based on hosted servers.  But the same issues of bandwidth, firewalls and so on would have applied.  On top of that, both parties have to be connected to the  secure system - so there has to be a set up process: passwords, keyfobs and so on need to be exchanged in advance and kept current. All of those things complicate the issue enormously - especially when such exchanges are not routine and day to day.   What usually happens is that they fall into disuse, the processes breakdown and then rather than take the time to set them up again, people look for a quicker way - popping 2 CDs into an envelope and putting them in the mail for instance.

So, no, email isn't a viable alternative for large volumes of data.  In fact, uploading and downloading to websites via secure spaces, even when encrypted and super-protected, probably isn't a viable way of shifting data around outside of your own secure network within the building, except when you're talking about project-type information and using sharepoint or similar tools - and when you're moving data that you wouldn't mind someone else finding by accident if you haven't set up your server security quite right.

Lots of companies offer solutions to these - the usual products chasing a problem to solve.  There will be lines of them queuing up to offer their services to governments (globally) and their IT suppliers over the next few weeks.  They will offer super-duper-extra-double encryption, they'll say that they can identify rogue data being sent by email and divert it, they can check staff activities on the Internet and make sure they're not doing things, they can spot people trying to download data off a system and copy it to their iPod and so on.  Of course, they spot the problems they're design to spot; not the ones that happen off the beaten track or where the procedures are deliberately over-ridden.

But, on the face of it, had this data been copied to an iPod and hand-carried to where it was going and copied on to another iPod, we might never have known about this.  So iPods to come equipped with a government-approved fingerprint reader as the next step?  Or maybe personal memory sticks with dual control - sender and receiver fingerprint readers.

This is an undeniably serious problem.  There may have been many serious breaches as noted above, but few have stretched as far as the child benefit data.  The solution isn't, however, simple.  And it isn't about secure ways of exchanging data - at least not initially.  There's nothing to say that had this data not arrived at the NAO securely, it wouldn't have been left on an unsecure laptop and then been stolen from the back of a car for instance.

So:

  1. All of the processes around access to patient, customer, taxpayer, citizen etc data in every department, agency, non-departmental public body and local authority are going to go through a rapid review.  New standards will be enforced: senior management sign-off, dual control (keys round the neck and everything), IT supplier held accountable for where data is put and so on. This will take time and still things will be missed and it will happen again - let's not hope that it's on this scale, but it will happen again.
    • Lock down data exchange now.  People come to the data, not the data to the people. Until better processes are in place, this should stop the problem from getting worse.
  2. All staff should be taught the "green cross code" of using computers. The very basics need to be re-taught.  For that matter, the code should be taught at schools, colleges and libraries.
  3. The spooks should lead a review of deploying encryption technology to departments holding individual data so that all correspondence is encrypted automatically in transit using appropriate levels of protection for the job.  This will be expensive.  The alternative though is to make encryption optional - but because you can choose, sometimes people will choose not to (because it's too slow or something) and the problem will recur.
  4. Systems being architected now and those to be architected in the future will look at what data they really need to hold and for how long and will, wherever possible, make transient use of data held elsewhere.  The mother of all ID databases would be a good place to start.

All of this will take time.  In the interim, managers in the line of fire are going to have to use common sense and check and recheck when they're asked to provide information to anyone.  Social engineering is alive and well after all.

Tuesday, November 20, 2007

When things work ... and when they don't

Yesterday, I had a "blue screen of death" on my recently upgraded to Vista laptop.  I guess the laptop did what it was supposed to do: the screen went blue, then filled with a load of hex numbers as it dumped cores or something and then it rebooted.  So far, so part of history.  The surprise came when, after the reboot, a dialogue box popped open and asked me if I wanted Windows to fix the problem.  Sure, why not?  How nice to be asked.

Windows said that there was a problem with my NVIDIA graphics driver (I had no idea I even had one) and provided a helpful link to their site.  At the site, NVIDIA asked which graphics card I had (still no idea) but offered an option for it to find out.  An applet was duly downloaded that found out what it was but sadly (I'm sure it was sadly) informed me that it was a custom driver for a Sony laptop and I'd have to go to that site.

Another link followed, a driver successfully found (actually lots of drivers related to Vista and my laptop).  None of them would download however - bizarre error messages in the middle of the download saying "not a valid filetype" kept appearing.  I left some feedback on the site to say there was a problem.

This morning, the download worked fine and my NVIDIA graphics driver has been successfully updated.  Let's hope that's the end of that blue screen.  Now, if I could just get the laptop to turn off the bluetooth light that has stayed permanently on ever since I upgraded to Vista, even though I have deinstalled the bluetooth drivers.

Wednesday, November 07, 2007

Dubai.gov.ae - Everything you wanted to know but were afraid to ask

DSC00052

DSC00001If you've arrived at this page and you're not a regular reader, it's probably because you've typed "dubai.gov.ae" into google or some other search engine (I'd give good odds it was google though) and found that this site has 2 of the top 10 results. But it isn't what you want.

Here are some alternative links to try that I think will get you closer to what you need:

  1. Dubai's "Official Portal of Government", in arabic http://www.dubai.ae/
  2. The same site, in English, http://www.dubai.ae/en.portal
  3. A page on visa requirements (English), http://www.government.ae/gov/en/visitors/uae/visas.jsp
  4. Flight information for Dubai's international airport (English), http://www.dubaiairport.com/DIA/English/Home
  5. Sheikh Mohammed's own website (English), http://sheikhmohammed.ae/
  6. The UAE's e-government website (English), http://www.government.ae/gov/en/index.jsp
  7. The UAE's e-government website (Arabic), http://www.government.ae/gov/ar/index.jsp - if you compare these 2 sites, you'll see that the entire arabic site is right justified. Nice touch, obvious I suppose when you think about it.

I hope that helps you with whatever you were looking for when you inadvertently landed at this site.

Online Services - Voter Registration

Today's error trying to get my voter registration sorted on my local council's website:

Microsoft VBScript runtime error '800a01f4'

Variable is undefined: 'sql'

/CXfinalconfirm.asp, line 31

Funny. I don't even know what that means of course.  You'd have thought that would have come up in testing.  There isn't, though, a "report this bug" to me button.  Even better, given they have my voter number, how about they auto-mailed me to say that they'd seen the problem and would fix it and let me know when to come back and try again? Bound to be my fault of course - silly me using a Mac and Firefox.

Paula Gets Gold

image What an awesome run by Paula Radcliffe on Sunday.  After standing at the finish line of the London Marathon earlier this year and watching five hours of what seemed endless pain and suffering, including some (literally) staggeringly emotional scenes as runners collapsed yards from the finish, I'd pretty much vowed never to watch another big race again.  But with Sunday's New York Marathon, the benefit of distance and the aid of television to keep an emotional check on me, I relented. I'm sort of glad that I did.

There were real tears in my eyes as I watched Paula near the finish.  Never will I know how it feels to lead an entire race and finish in 2:23, let alone 3:23 I imagine, but I'd like to think I knew all about the grit she showed as she dropped the hammer and went for the finish on tired legs.  Watching Paula surge past Gete Wami brought feelings of enormous emotion, not to say relief. Bring it on Beijing, we have a champion ready and waiting.

The oddest thing was that it turns out that even when you watch a marathon on the small screen, the last 800 yards is definitely much closer to a mile and a half. It's just amazing how long it seems to take to get through that last part of the race - running or watching- and the tension in New York was incredible.

Tuesday, November 06, 2007

Offline Demonstrations Lack Impact?

On Sunday I was cycling briskly along the river past Westminster when I was stopped in my tracks by a cavalcade of whistles, drums and people in fancy dress. Sadly there were no horses that I could see. This had two immediate effects - a two minute spectacle that was really quite entertaining and then, far, far better, the opportunity to cycle along the river from Westminster pretty much to Tower Bridge without so much as a car on my side of the road.

The cavalcade was, I gather, in protest against NHS cuts. The organisers say some 7,000 people turned out in support (um, protest I mean). Apparently this was a lower than expected turnout because all the senior people in the unions had expected an election to be called on November 1st and so had put plans for the protest on hold. I'm wondering how many other things have been ahem, blamed on the lack of an election.

I was on my way to the Tate Modern to see "Shibboleth", Doris Salcedo's new installation. Or, perhaps more accurately, de-installation. Somehow, Doris or someone Doris knows with a succession of power drills of varying sizes has drilled a long, parallel sided crack from one end of the Turbine Hall to the other. Not only that, but the sides of the crack give the impression that the rock was torn apart - with overlapping edges and bumps sticking out and recessing on each side. It really is a stunning "thing" to look at - and there were thousands there on Saturday, looking, touching, poking and prodding. You can imagine the Tate Board of Directors reacting to her pitch: "So you want to cut a hole in our floor?";"No, not a hole exactly - a crack, from one end to the other"; "A crack? Let me just think about that for a second". How on earth she got away with that I have no idea - but the result is quite brilliant. You'll spend more time trying to figure out how it was done than the average person spends solving the 43 billion billion combinations of a Rubik's Cube. A Shibboleth, by the by, is something - usually liguisitic I think - that identifies those from one region/country/place from another (check the Book of Judges for the detail on how this can get abused). These days it is just as much used to distinguish between those from the new wave of doing something versus the old wave.

image As I cycled down the empty Embankment, en route to the Tate, I wondered about the efficacy of such demonstrations. Sure, people come from all over and parade through the streets of London, making a lot of noise and having a lot of fun (several looked to be having too much fun and having stopped off at the Walkabout for more than a few drinks were lying, in full regalia, in the street looking decidedly the worse for wear), waving placards and so on. London stops for them, as it should - nothing here about people not having a right to protest (I walk past Brian Haw's modern day Greenham Common most days of the week and absolutely believe he should be allowed to do what he does, although I wasn't so keen on all the extra tents recently).

But what does it accomplish? A brief moment in the news - so little news coverage that I was forced to swipe the image above from the daily star website (and I am grateful for that - the image links to the original page). An ephemeral memory for most who saw it. A hangover for some the next day? Shared war stories for those who march to talk to their colleagues back at at work? I still remember the day, aged 9, that I marched for "Save the Seal." Fat lot of good it appears to have done.

There are almost no mainstream news stories about the NHS rally that I can find (using simple search terms "save NHS", "NHS London 3rd November 2007" and so on. Lots of local news stories from the various unions that sent people though.

And then we have our online equivalent - the petitions page:

  • 1.7 million people signed the virtual petition against road pricing
  • 223,000 have signed one asking that the Red Arrows be able to fly at the Olympics (who knew they wouldn't?)
  • 69,000 want student loan repayments to be deducted monthly not annually (that sounds sensible - I might sign up myself)
  • Since Gordon Brown mentioned the petition site in his conference speech, 22,000 have signed up requesting that Jeremy Clarkson be made PM.

These online "rallies" (hardly cavalcades I suppose) seem to attract greater support - the barriers to presence are far lower of course - and they get returning media coverage. On all but the busiest news day there is almost always a story about one petition or another and, as the Daily Mail proved with their campaign against Road Pricing, real "foot" traffic can be attracted very quickly.

Have we arrived at a point where an online rally is a better, more effective and more likely to succeed vehicle than a colourful, noisy demonstration in the centre of London?

When the banks started to change the charges made on student accounts, it was an online group on Facebook that caused them to change their policy again. If Road Pricing doesn't make it, could it have been the 1.7 million e-signatures that made the case stick?

Or will we still hold rallies in real life, as opposed to the second, virtual life, because they're just more fun even if they accomplish less? Is the nature of protest now distinguishable by the shibboleth of whether you protest online or offline?

Thursday, November 01, 2007

Comparing apples with round, green, tasty, slightly acid things

I read today that the price of white truffles, a delicacy from northern italy, has leapt to £7 a gram. One commentator noted it was like "grating a gold bar over your papardelle."  That's quite a lovely image - although I'm guessing a standard grater wouldn't quite cut it so to speak.  It's also wrong.  There are 31.1 grammes in a troy ounce (a troy ounce is a little more than a standard ounce.   My screen shows gold trading at $791 per ounce and the pound is presently $2.07. That makes an ounce of gold £382; and an ounce of white truffle £217.7.  So eating white truffles is like "grating 56/100ths of a gold bar over your papardelle."  Not quite such a lovely image.  But it's funny how often I read an article that makes some egregious comparison so as, apparently, to aid our understanding.  9 times out of 10, it doesn't work for me.

Last week I read that someone had grown a huge pumpkin and that it weighed as much as fourteen and a half Kate Mosses (I hope that's the plural).  I don't know how much one Kate Moss weighs and a comparison between a pumpkin and 14-odd KMs really didn't help me figure out how big it was.  The same newspaper carried a story about the Rubik's Cube world championship and noted that the cube has 43,252,003,274,489,856,000 combinations.  No clever comparison there.  Surely 43 billion billion would have been easier to write? And just as comprehensible.

Why am I wittering on like this and when am I going to get back to talking about e-government? It's coming ...

I was just sent a link to an article about the Government Gateway - one of the best projects I've ever worked on (and one that is still going - which I can't say for everything I've ever worked on).

It contains a splurge of statistics along with some just plain weird comparisons.  Did you know that the weight of the servers in the Gateway is the same as 42 John Prescotts?  No, I digress.  Here are the real ones:

  • 11 million citizens and companies are now e-enabled. In context, that’s equivalent to 120 new Wembley Stadiums, filled to capacity. Or, in other words, an online UK community of registered users, seven times greater than Barclays Bank
  • On its peak day 150,000 people logged on to the Government Gateway to file their tax return, that’s the equivalent to the population of a town like Oxford, or the number of people at the Glastonbury festival in 2007.

120 Wembley stadiums? I don't know what that means.  Seven times Barclays Bank?  Surely that's not important - the Gateway is a monopoly. Barclays has competition. How about "25% of the number of users Facebook has"?  Every day Oxford as a whole logs on?  Reminds me of the commentator during the Rugby World Cup who said, I think about Samoa or Tonga, that "these guys are fielding a team from a country that is so small that it would be the same as Chesterfield entering a team in the competition".  I'm no nearer knowing how many people that means, but at least I know the population of Oxford now, ready for when I'm asked one day (in 2001 it was 134,248)

And one that I quite like

  • 20 million online forms electronically submitted since its inception in 2001. This is an impressive statistic when you consider that if each form had been submitted in paper, via first class post, this would have cost over £6 million in stamps alone.

Now that's got some legs.  £6.4 milli0n in stamps - the cost of a 5,000 square foot apartment by the river.  That's pretty good - and let's not even mention the 60 million bits of paper saved (1 envelope and 2 pages of form) - one for every person in the UK.  Think of the trees. And the reduction in shoe rubber for the postmen.

Ages and ages ago - 2002 maybe - I did a triple header presentation - me, Paul Kelsall (then IT director at the Royal Mail) and Marc Andreessen (needs no intro).  I joked with Paul that he had a real problem looming because government was responsible for about £1 billion of the Mail's revenue through sending and receiving forms - and once e-government took off, they'd be in serious trouble).  Plainly we're a loooooonnnnggggg way from that, but it's nice to know we've made a dent the size of a riverside apartment.

All comparisons aside, I'm as pleased as punch (a hulking Ali-esque one) that the Gateway is alive and kicking 7 years (as long as some wars) after we started work on it (yes, September 2000) and wish only that the numbers were quite a lot bigger. Perhaps we could set some new targets, by 2010:

  • 25 million users - 6 times the population of Los Angeles
  • £16 million in stamps, the same as the number of copies sold of Elton John's greatest hits (and Hotel California for that matter - see an earlier post on hotel california.gov - you can check in, but you can never leave. use the search box to find it)
  • 60 million forms (one for every man, woman and child in the UK) or indeed, the number of Vista copies sold in the first 5 weeks (or 30 times the number of Leopards sold by Apple, no not real leopards, in the first 4 days).

There's so much opportunity for comparison.