Publications on the internet
|©Parliamentary copyright||Prepared 12th April 2011|
Publications on the internet
CORRECTED TRANSCRIPT OF ORAL EVIDENCE
This is a corrected transcript of evidence taken in public and reported to the House. The transcript has been placed on the internet on the authority of the Committee, and copies have been made available by the Vote Office for the use of Members and others.
The transcript is an approved formal record of these proceedings. It will be printed in due course.
Mr Bernard Jenkin (Chair)
Witnesses: Martin Rice, Chief Executive Officer, Erudine, David Clarke MBE, Chief Executive Officer, British Computer Society, Janet Grossman, Chair, Intellect Public Sector Council, and Sureyya Cansoy, Director of Public Sector, Intellect, gave evidence.
Q141 Chair: May I welcome you all to this evidence session on the use of IT in government? May I just alert you to the fact that we have a very busy morning in the House of Commons this morning? Several members of the Committee unfortunately have other duties in the House, specific debates allocated to their name, duties on other Committees and so on, but don’t let the thinness of attendance lull you into a false sense of security. I notice the cameras are not here, so do speak freely although you are on the record. To start with, will each of you identify yourselves for the record?
Sureyya Cansoy: Sureyya Cansoy from Intellect, the trade association for the technology industry in the UK, representing 780 technology companies.
Janet Grossman: I am Janet Grossman, and I am the chair of the Intellect Public Sector Council. In my day job, I work for a company called CSC and I should also tell you that I am a former civil servant.
David Clarke: David Clarke, Chief Executive of BCS which is the Chartered Institute for IT, equivalent to the Institute of Chartered Accountants, for example.
Q142 Chair: The British Computer Society?
David Clarke: The British Computer Society, although we actually use Chartered Institute for IT rather than the full words of BCS these days. We are an impartial organisation, which is totally independent and self-funding. We have 70,000 members, who include world-class members on pretty much any subject in IT. I think you will find that most of the wellknown people in IT around the world are fellows of the BCS. What we do is offer good, professional advice, impartially with really no representational links at all. We are the professional body for the IT profession.
Q143 Chair: What rather confirms all of one’s worst prejudices about the IT industry is that your name belies what you actually do.
David Clarke: I don’t want to go into that too much but when BCS got a Royal Charter in 1984, it was in the name of BCS and we would have to go through changing the Royal Charter to actually change the name of the chartered institute, so it is a bit of a project for us there.
Q144 Chair: Again, I will refrain from drawing attention to the parallels. Mr Rice?
Martin Rice: Martin Rice, CEO of a software company called Erudine that specialises in agile technologies and agile service delivery. I am also cofounder of an organisation called UK Innovation Initiative and a former vicechair of the Intellect SME group.
Chair: Well thank you all very much for joining us, it is very much appreciated. Mr Halfon, who has to leave very shortly, is going to ask the first question.
Q145 Robert Halfon: Thank you, I do apologise, I have a debate on something in my constituency downstairs. Why do you think that such a small number of companies are awarded the majority of Government IT contracts?
Sureyya Cansoy: Shall I attempt to respond to that? First, we need to recognise that it is very difficult for smaller companies, and indeed new entrants to the public sector market, to win business in the public sector market. We are very encouraged to see that this Government are taking the SME agenda very seriously. We saw some important announcements made by Francis Maude at the Treasury just last month, attempting to open up the market to smaller companies, social enterprises, charities etc. As a trade association, 60% of the companies that we represent are actually SMEs-small and medium-sized enterprises-so we are very much encouraged by that. Having said that, yes, there is an issue and there are practical things that could be done to address it. The most important thing is to look at how procurement currently works. The current procurement process in the UK Government space does not help smaller companies or new entrants coming into the market. By improving the way procurement works, we can open up the market to not only smaller companies but all sorts of other organisations in this space. So yes, there is an issue-we recognise that-and the measures that the Government have taken so far are very encouraging in terms of addressing those, and we are really looking forward to being able to work on some of the details of those new Government initiatives.
Q146 Robert Halfon: But do you think some of these big IT fat cats have too close a relationship with the civil servants and, because it has gone on for so long, it is part of the de facto system?
Sureyya Cansoy: The key to a successful project or programme is a real partnership between a customer and a supplier. In a sense, you would want a strong partnershipbased relationship between a customer and a supplier, albeit not a cosy one, and perhaps we need to accept that. There is some comfort zone issue in that procurement customers at times might prefer companies that they know well and that they have an experience of working with. I will pass on to my other colleagues to add to that.
Chair: May I just interrupt for a second? I forgot I wanted to place on record a potential conflict of interest. The Chairman of Fujitsu Europe has been a family friend for a great many years and our two families know each other extremely well. I just wanted to put that on the record. Carry on.
Janet Grossman: I have been on both sides of the equation as a procurer in Government of very important IT systems that deliver citizen outcomes for the poorest in society, including pensioners, and I am now with a supplier. I will tell you that, as a small and medium player with innovation, the cost of entering a procurement cycle can be life threatening. As the Government contracts tend to be very, very wellprescribed, very detailed, long and very big, if you are a small innovator and you want to do something radical or even a bit different, it can be very hard for you. As a taxpayer, as someone who wants to deliver citizen services and all those good things, what we need to do is broaden the ecosystem however we can. That means that we help make it easier for them to enter the cycle, that we encourage the big guys to partner and change with them and that we look at the very, very best in the world to bring to the UK. It is radically shifting but not fast enough and we all stand for a lot of change in that area. In terms of the cosiness, when you have very longterm contracts you can become too familiar, that is a fact. However the fact that the economy is suffering and people are having to get out of their comfort zones, is helping people to look at each other in the mirror and, on both sides of the aisle, challenge each other to get better value out of these contracts so I think we are at a quite important tipping point.
David Clarke: When you work with people over a long period of time, clearly then relationships form. There is some evidence of that, but I agree with my colleagues here that the root cause is the procurement programme, because it is very expensive to bid for large projects. The bigger the project, the more expensive it is to bid, and because of the sheer scale of a lot of the Government contracts, that excludes all but the very largest companies from actually being able to afford to bid. The UK rigorously follows the EC procurement directives-more rigorously that anyone else in Europe-and its aim is to be more transparent and to have more competition, but the effect is that the procurement processes are much longer, which makes it more expensive and less people want to bid. There is a fundamental issue about the procurement process that needs to be fixed first and, if that isn’t fixed, nothing else will be fixed. That makes it very difficult for smaller companies and even some very large companies who look at whether it is worth spending that money to bid-it is only worth it if they win. If they are new into this area for the first time, it costs them more than someone who is doing repeat business-they will know how it works-so it is a lower cost to the people who are already in place. So the whole process actually works in favour of the existing suppliers, which is the fundamental problem.
Martin Rice: I am always interested in root cause analysis rather than how we deal with a symptom of what is going on, and my understanding is that in 1918, the Haldane report for the Ministry of Reconstruction made the decision to structure in vertical silos for each Department, which has carried on. Now we have Departments who produce what the Department needs, so we don’t get reuse. If we think in terms of verticals, you will always buy IT in the big, but you are reinventing the wheel all the time. So something being developed in that Department is being done there, and the problem has been solved. If you start dividing it horizontally, which is what is happening in the cloud in the rest of industry, you can start procuring the services in much more subset parts and you can assemble services so that you procure IT in the small. I also feel that because of the vertical alignment of buying IT in the big, it has created an oligarchy, which is a very dangerous situation. It is much worse than just a cosy relationship, and what needs to happen now is that the oligarchy has to be destroyed. You don’t deal with an oligarchy through talking; you change the environment and you destroy the oligarchy.
Q147 Chair: So which is the oligarchy-the industry, the Government or both?
Martin Rice: No; with the suppliers who have the majority of the work, it’s the tail wagging the dog now. It is not the companies that are at fault; the Government procure badly-they procure in the big, and they allow these contracts to be let. There has to be a move to what the rest of industry is doing, which is buying horizontal services, such as ata centre services, and people use them.
Q148 Robert Halfon: Is there an artificial cartel with the big companies crowding out the smaller ones?
Martin Rice: It is dangerous for me to say yes, but I understand what you mean and it is close to that.
Q149 Chair: You can’t be sued in here.
Martin Rice: Then I believe it is.
Q150 Chair: You believe that it is a cartel.
Martin Rice: Yes. I believe that everybody knows they will win a proportion of the work, and they are careful what they bid for.
Q151 Chair: Do you think they talk to each other unofficially?
Martin Rice: Unofficially, yes.
Q152 Chair: And does that mean they actually decide, "You go for that contract and we’ll go for this one"?
Martin Rice: I don’t know if it is as much as that but I know that if they win one, they will bid for other ones knowing that they will lose some and they will not put as much effort into the bid.
Q153 Chair: Well it is very refreshing to have such frankness and, if I may, on behalf of the taxpayer and the public, there is a very strong suspicion that this is the case and when you say, Mr Clarke, that the system militates in favour of the large companies, that is basically what you are saying, isn’t it?
David Clarke: I have no evidence to say to you whether there is a cartel or not, I am afraid. I cannot tell you but the system certainly militates in favour of that.
Q154 Chair: To an outsider, frankly it looks like a racket, because the taxpayer is losing billions-we are spending billions of pounds on systems that don’t work properly-and the sector is as profitable as ever. We are going to come on to the shortage of skills later on, but why is the industry so adept at exploiting the lack of skills in government and making money out of it. That is what you are doing isn’t it? Intellect.
Janet Grossman: I will take that one. It was by design, if I may say so.
Q155 Chair: By whom?
Janet Grossman: In the ’90s when the big outsourcing contracts were let, the business case relied on transfer of intelligence and knowledge into the supplier community and it went too far. Government did not retain enough balance on that side and through successive Governments and budget pressures etc it has not been improved.
Q156 Chair: So it’s the Government’s fault that you make profit out of failed systems.
Janet Grossman: Oh absolutely not, no, absolutely not. We take full responsibility where we have failed, make no mistake about that.
Q157 Chair: So you lose money.
Janet Grossman: Sometimes we do, sometimes we don’t.
Q158 Chair: Take the identity card system: who were the main contractors on the identity card system?
Janet Grossman: My company was one of them.
Q159 Chair: Which is?
Janet Grossman: CSC, but I was not involved in it-it was before my time so I will be limited in what I can tell you.
Q160 Chair: Okay. Do you think your company lost money on that contract?
Janet Grossman: I don’t honestly know.
Q161 Chair: Well they are not going to advertise if they made money, are they, because it is a bit embarrassing?
Janet Grossman: I will tell you that it is in the public domain. You mentioned your counterpart at Fujitsu. Fujitsu lost money out of a contract and exited. I am sure all the big boys have done it at some point or another, and they have also made money on contracts, so it is a mixed bag.
Sureyya Cansoy: Perhaps I can add something on the ID cards. As Janet has said, the industry takes responsibility for the mistakes it has made in the past. As a trade association, we have both large and small companies in our membership so we are able to see different sides of the argument as well. I attended the Institute for Government event a couple of weeks ago where they launched their latest report on Government ICT and, as you may know, Ian Watmore, the Government’s chief operating officer, was the keynote speaker. He made a comment about ID cards which I found really striking. He said that we always talk about the Government ICT failing but what we don’t really consider is that often ICT is there to implement a Government policy and a Government business change programme. He was referring to the policy decision to introduce ID cards and the policy decision to cancel IT cards, and the technology elements were independent from that process. There is something to think about there-it is not only technology. We need to think about the wider policy and why that has an impact on how the Government do technology.
Q162 Chair: I think we all accept that policy churn has an effect on the cost of IT. But the ID cards project was way off target before it was cancelled, wasn’t it?
Sureyya Cansoy: I don’t know the details of the project.
Q163 Chair: And there are plenty of projects, like the Rural Payments Agency and the Child Support Agency, for example.
Janet Grossman: As a taxpayer it is a bugbear of mine as well; RPA started with a policy that could not be implemented. Should the ICT industry have raised its hands sooner? Absolutely, and the Child Support Agency is a similar thing. We both have to sit down and look at the outcome to the citizen or the taxpayer first, craft policy and delivery mechanisms that are deliverable and then put the IT around it, not the other way around.
Q164 Chair: So the industry is becoming aware that the perception that you are exploiting the dumb customer is not acceptable any more.
Janet Grossman: It is not acceptable to us either.
Q165 Chair: And is that going to stop? How are you going to stop it?
Martin Rice: Identity is a really interesting one. I agree with you; I think the IT industry should publically apologise to the citizen for the rip-offs of the last 10 or 20 years. The Martin Read report in 2009 said something like: the UK is being charged 23% more than our peer nations for no discernable benefit so we are ripping you off as an industry. I feel that very strongly. People only started making any noise about it after the Government had the strength to propose a moratorium that scared the willies out of the industry, and it was a good thing. Identity is a very interesting one; you can go to IT companies and say, "Can you do identity?"-and this is where Government is not a good customer-if you ask for something, industry will happily tell you that they can charge you a lot of money to deliver it. Facebook deals with identity for a 12th of the world’s population and they did not have anything like the budget the Government has to deal with 70 million people. But we are not bringing the learning of these paradigms to bear; we are reinventing the wheel each time and it should not be allowed. As a taxpayer, I am very angry about this and it should just not be allowed. A lot of these problems have been solved; they are not being brought to the Government because of the oligarchy. It is not in a profitable interest to bring you these paradigms. That is why I feel the oligarchy has to stop and Government has to start looking at how we can learn from these organisations: very clever 24 year old people, dealing with 500 million people regularly. In another real case which was interesting, The Guardian run ‘Hack the Government’1 in which, basically, geeks get together and do clever things; four people in two days produced the equivalent of a multimillion pound DWP website for Jobcentre Plus. In two days they had a globally scalable website that you could use to find out what jobs were in your area. It was a better experience for the user. They couldn’t keep it going because the Post Office wants to charge too much for the lookup of the postcode. The DWP know about this but they haven’t adopted it. It cost two days, four people, and delivered a better experience but they would rather carry on going to the same supplier. It is criminal.
Q166 Chair: But the industry has locked the Government into these very large supplier contracts. You insist on these exclusive arrangements, don’t you?
Martin Rice: Stop them. As an intelligent customer, just stop placing them.
Janet Grossman: It is multidimensional. The contracts are let over a long period of time because of the cost to the Government’s civil servants to procure, evaluate and all that, moreover they get the best value if the cost and the application is spread over time. That is changing dramatically as we go to software as a service and things are more spotty and dynamic, so it is a twoway street. I will be honest with you; yes, we get better return on our investment, as anyone would, over a period of time. It suits the Government as well because they get to lock in a procurement and don’t have to repeat that cycle over and over again. It is a two way street and we both have to address that.
Q167 Chair: Anybody else?
Martin Rice: I feel nobody is fully to blame here; generally as an industry we have taken advantage of a nonintelligent customer who made a quick saving outsourcing everything a decade or two ago. The fact that the industry continues to take advantage is wrong. There are paradigms out there that we, as an industry, should be bringing; the Government should be listening and the Departments will not let those paradigms in. The cosy relationships exist and it will keep those out and I personally believe that they cannot let one success story get through because it will open the floodgates. You only need one or two successes and it will open the floodgates.
Q168 Chair: We are going to get to more specific questions about Open Source and agile later so we will deal with that then. Mr Clarke?
David Clarke: I am struggling a little bit because, if you take the difference between the Government and the private sector, this would never happen in the private sector. It will not happen in the private sector, because those companies will not let it happen-the customer does not let it happen. There is a fundamental piece here where the Government have to get the skills to stop this happening. I do not represent the suppliers at all, but they are commercial organisations and the Government have to be in a position to manage that, with the skills to make sure that doesn’t happen. That is where the fundamental issue is. That whole skill set was outsourced in the ’80s and has not been properly replaced, and that, to me, is fundamentally what needs to change.
Martin Rice: I agree with what you are saying but for any industry in a supply chain, if it is a professional supply chain, everybody has a duty of professionalism not to take advantage of who is below them in the supply chain, or take advantage of the customer or the person above. We all have a duty to educate each other so I do think that the Government are lacking the skills and that they need to learn more. It is our duty as an industry not to take advantage of it while it is vulnerable. What I am seeing at the moment is the Government making a lot of noise-which is good- and I don’t mean noise in rhetoric; they want change. I am seeing rearguard actions being fought everywhere and contracts being extended to get 10% savings. I believe the HMRC has an extension to 2017 because it reduces costs, which precludes innovation into HMRC. We need to stop this, we need to educate Government and we need to bring in the paradigms.
Q169 Chair: So you think the nature of the contracts that the large companies negotiate with the Government are protectionist by nature?
Martin Rice: Yes
David Clarke: Absolutely.
Q170 Chair: Well then, why does the industry go on insisting on them?
Sureyya Cansoy: Can I come into the debate here? The industry understands, as I said before, some mistakes have been made in the past but it also takes two to tango. As industry takes responsibility, Government also need to take responsibility for some of the mistakes. However, what we are now seeing is a real window of opportunity to do things differently. We talked about Government’s initiative launched last month about making it easier for smaller companies and other types of organisations like social enterprises etc. to do business with government-we will come on to areas such as Open Source and agile, as you have suggested. We do need to look at this in a positive manner. Industry is committed to working with Government to make this work and the industry understands that its success depends on making Government ICT work, and there is also an element in this for us as citizens. I cannot see my life as a citizen working without the contribution of technology. Every service that I use in the private sector is delivered to me by the help of technology. The citizen expects the Government to deliver the same standard of service to them through the use of technology. So we really need to start looking at this in a positive light rather than thinking about the past too much.
Q171 Chair: Well I do not want to dwell on the past, except to say that our customers, our voters, do expect us to ask about this. We are going to be just as beastly to the Government, I can assure you; as you say it takes two to tango. But there has been an inevitability about this for the last decade, every time the Government embarks on a large IT programme like the National Health Service patient record system-the Government has cancelled that one too, but it was just doomed to fail wasn’t it? Why didn’t the industry just say, "Government, you have the wrong idea, go back to the drawing board because different ways of thinking about this would produce much cheaper solutions," instead of going for large mainframe databases.
David Clarke: We submitted three reports to the Government and NHS saying exactly that over a period of about six years.
Q172 Chair: And they were ignored?
David Clarke: Totally.
Q173 Chair: Well I think a note about that would be jolly useful to put in front of the Government. I would be grateful for that.
Martin Rice: I concur with that as well. The Government talked to certain companies and individuals for advice and there is a wealth of advice out there in the industry where people will tell you, "This is the wrong thing." I am not an advocate of large companies or SIs, as I am small business, but I do have to interact with SIs if I am to deal with any sort of large contract. If a systems integrator puts in what is called a "noncompliant bid" to Government, they are discarded, it is not listened to. So if the Government asks for something and you do not comply with that bid, as an SI, you will not be considered because if you start saying, "We think it is flawed", you will not get the work. I have never been in that tendering system because I am so far down the supply chain, but these are the apocryphal stories that you hear. There is a wealth of advice given to Government that is not listened to and it really should be.
Janet Grossman: I have been in the position many, many times where they say, "You are missing a trick here, why don’t you do it this way? Banking does it this way, why don’t you?" and you get the "Oh, oh, tender’s out, we can’t talk to you, we can’t listen, we don’t want to hear it". So there has to be a way to have an interaction about what is best before Government makes up its mind, particularly before the policy is nailed to the wall.
Q174 Chair: But the industry will be the first to litigate if they feel the contracting process has not been adhered to. Isn’t that why the Government are so defensive?
Janet Grossman: It’s a cop out to be honest.
Sureyya Cansoy: There is engagement that needs to happen before that situation happens. One of the main reasons for projects going wrong, identified 10 years ago, is lack of engagement with key stakeholders within the industry before the procurement process starts. So what we have been telling our colleagues in the Government is, "Talk to the industry collectively; we understand you might not be able to talk to individual companies because of competition rules etc. but please talk to the industry and use their collective knowledge and experience". At Intellect, we have a service called Concept Viability, which we launched with the support of Peter Gershon, who was the first Chief Executive of the Office of Government Commerce. The idea is that for any given project or programme in Government, the customer can come to the industry and test the viability of their thinking before they put out the contract notice. The industry has the opportunity to tell the Government department or agency honestly whether the project or programme is designed well, whether it would work, whether the commercial arrangements are the most appropriate ones, whether their budgets are realistic etc. And we are urging more Government departments to use services like Concept Viability and to talk to the industry collectively.
Q175 Chair: On the question of SMEs particularly, how can we get more SME involvement?
Martin Rice: I am passionate about SMEs but I don’t think they have a right to work. It is dangerous to say that 25% goes to them; they should only get the work if they offer the best value. John Suffolk started the G-Cloud strategy a year ago; we put a fulltime person on it for free, gratis, because it was a looking at how we break it down horizontally and how we combine the small. As soon as Government starts buying IT in the small instead of the big the best person with the best value will win because there are much smaller contracts for each small subset part. You do not start buying £100 million, £200 million or £300 million systems that are never going to work. You start saying, "I need a computer to process x", and it will cost threepence. Anybody who needs to use that uses it, and you can work out all these different services. Then you allow the SMEs an open playing field.
Q176 Chair: But there is a conceptual conflict here, isn’t there? On the one hand you think, ‘Well buying bulk must be cheaper’.
Martin Rice: I didn’t say buy, it should be a payasyougo system; the world is going to payasyouuse. If I get a BlackBerry, I do not pay £300 to £400 for the physical phone. I get a phone, on a contract and I pay an amount of money per phone call. If I use it a lot, I pay for more time and if I don’t use it, I don’t get charged. I don’t pay for the infrastructure of the phone network-I could phone Australia-it is a payasyougo. The rest of the world is moving to a payasyougo service and the Government isn’t. You shouldn’t be paying the capital expenditure, you should be specifying a requirement and the industry should be building it at their expense, and it should be multiplicity of supply for each service. You should be able to bring the competitive market into nolocking contracts. There is so little that Government is doing that couldn’t be delivered that way and if you stop buying large capital expenditure projects and say, "This is how we are going to do it", you are forcing industry to have to interact that way. While the DWP and HMRC are happy to spend £2 billion at a pop, industry is still going to keep coming-they’re big boys-and taking your money. You will not move to where the rest of industry is going. You have the ability to do it. You own the cheque book, close it.
Q177 Chair: What you are basically saying is that the Government’s idea of trying to allocate a proportion of their traditional spending method to small businesses is doomed to fail.
Martin Rice: I think it is doomed to fail. I am more interested in looking at it another way around. You have a little old lady who has to interact because she is vulnerable; she has a certain amount of benefits she gets. Whom does she trust? She trusts her local Post Office. Let them deliver the service; she trusts them and she has got a relationship.
Q178 Chair: Are you seriously suggesting each post office should be allowed to buy its own IT system?
Martin Rice: No. The front-end service systems can be delivered by companies like mine and others. We could put in the systems in the same way as you go and buy a lottery ticket, because somebody has decided to put in a payasyougo service. All the infrastructure is in place, because it is profitable to do so. The delivery of most front-end Government services can be done through the places that the citizen already has a relationship with. Why can’t Tesco or ASDA run part of the jobcentre? We shop there, we get banking services there. If Tesco want to invest and produce a front-end to interact and deal with Mrs Miggins and her interaction with Government, why shouldn’t they be able to? Tesco don’t want to get involved in a £1 billion procurement, but they want more upsell to Mrs Miggins. So give them the opportunity; tell them what you require and industry will build it.
Q179 Chair: So how does this prevent the creation of a profusion of systems and therefore the interoperability problems that you are trying to get away from?
Martin Rice: That is bringing it back to an IT stance, and that is not the case. I am a complex tax person because I run a business. You trust a trusted party called a chartered accountant to make sure that what I submit to Government in my tax is correct. We trust certain people. So you bring in Open Standards. You say, "To deliver that service, it has to meet x". You audit what they are doing and if it meets that standard, the citizen can go to them. You can bring it in through standards.
Q180 Chair: But we are not talking about the citizen, we are talking about Tesco here and Tesco doing the job search and being the DWP job agency. Are they the customer in that sentence?
Martin Rice: No the citizen is the customer. Because you have defined what you need, if Tesco or ASDA or whoever chooses to build one, anybody can have multiplicity of supply if they meet the standards. A good example of this was the SAP calculations you were doing for home buybacks. The Government published a set of constraints that said, "If you build a system that meets these constraints, you can deliver a SAP service". So companies built systems, they got them accredited to say "Yes we will meet those constraints", and you had a multiplicity of supply. Government did not have to build the system.
Q181 Chair: But how does that apply to NHS records for example?
Martin Rice: NHS records: Google have a service called Google Health in America. They have solved the problem. It is a service that you could use.
Q182 Chair: So the Government doesn’t need to build it at all?
Martin Rice: No; it was pig in a poke and I will be careful of the words-is it a cartel? It was a pig in a poke and it was doomed to failure.
Q183 Chair: We will come back to Open Source later but, Mr Clarke, you are sort of nodding.
David Clarke: To some of what Martin says. I have always struggled strongly with: what is the public task? What is the Government role in all of this? My opinion is that it is to set the strategy, the policy and the standards, and to monitor that those standards are being adhered to without necessarily delivering everything.
Q184 Chair: Well when did a large IT company like EDS, Fujitsu or PA say that to the Government?
David Clarke: I don’t know; I do not represent those companies. The problem is that the Government could not do that today, because the skills are not there to do it. It is a real mindset change.
Q185 Chair: Yes but the Government are relying on your industry to provide those skills. Here is the industry in front of us explaining that you have those skills and that understanding, why don’t you deliver it to the Government?
David Clarke: Because what those companies will do is they will deliver it; they will want to be the delivery mechanism.
Q186 Chair: So selfinterest takes over inevitably?
David Clarke: Inevitably.
Q187 Chair: Intellect?
Janet Grossman: I want to talk about-
Q188 Chair: Bringing SMEs and smaller businesses in?
Janet Grossman: Let me give you an example. In DWP there is something called, "Tell us once". If you are unfortunate enough to have a loved one die in this country, you have to notify dozens of people at your time of grief; the local authority, central Government, the Coroner, everyone and their dog-you name it. Exactly as Martin was saying, DWP has partnered with a local point of contact, voluntary sector organisations and everybody else, to make it as simple as possible for those people in their time of need. So there are green shoots out there where this is happening all the time, and they are using us as a means to deliver that service. There are pockets of greatness, but what is missing for me is having an incubation cell where we can explore these things on a reasonable scale and then take them out from there. It is not a choice of big or small, it is a choice of an incubation centre so that we can try things out and see what works and, if we go to Google for health, who is to say that that won’t melt down in our country just because it worked somewhere else?
Martin Rice: At least it was delivered and it might work.
Janet Grossman: So I am saying we should try things like Google Health. We should try these things. We should try smaller things.
Martin Rice: I agree with you to a sense. We spend £6 billion and we are always five years off NHS records. It is a pig in a poke. The whole idea of agile development or iterative development is to get something that is good enough out there and then see what the citizen needs; let’s do a bit more.
Q189 Chair: We will come to that later.
Martin Rice: That is the idea of Google. It might go into meltdown but at least it is there, it is working and we can make it better. It is adding value for the citizen and it is not just an open cheque book for unbelievable large sums of money for ever, until we cancel it and say "Yes, that is fine."
Q190 Greg Mulholland: Perhaps to take the heat off the industry for a minute, which might be welcome to you, can I ask you to turn to the specific rules around the procurement of IT systems? The average procurement exercise takes 77 weeks, which most people would regard as quite extraordinary as well as clearly unacceptable, and which reflects badly against other nations who have some of the same rules-it is not about the EU rules although they may be part of it. What do you think are the specific problems about the Government procurement process and how would you seek to reform that to make it quicker and better?
Sureyya Cansoy: Procurement is both a complicated and a very simple topic. We have been scratching our heads for the last five or six years, together with our colleagues in Government, trying to understand the causes of that delay in procurement and trying to understand the things that actually make public sector procurement costly and complex in the UK, and then seeking to find answers to those issues. One of the biggest problems in relation to procurement in the UK is, going back to something I have mentioned before, there is not enough preparation on procurement before a Government department or agency goes out to procure and publishes its contract notice. They don’t spend enough time understanding the art of the possible, they don’t spend enough time thinking about the business outcomes that the project or programme is trying to achieve, whether technology can deliver it, whether they have the budgets, whether they have senior buyin from the Department etc. So what happens is that you start procurement and then you spend a lot of time during your official, formal procurement process trying to answer some of those questions. That is one problem-one of the biggest problems that exist around procurement in the UK. What really frustrates me is that working together, the technology industry and Government have come up with some really neat ideas and tools to try and address some of the causes of complexity in procurement but we are not really seeing those tools being implemented. You need to ask the question why we are not seeing people in Government departments and agencies using these tools and the answer can be complicated as well.
Janet Grossman: Just to give you a flavour for it-the most basic thing on Earth-you can get a questionnaire with hundreds of questions on it that you have to put a team on to answer. Then you go into competitive dialogue, and I will not bore you with all the steps, but instead of looking at it in terms of how we could do this in the quickest possible time with the least amount of risk, it tends to go in a pattern that is unchangeable. Intellect, in particular, worked with Government over the last four years to come up with some really clever ways to streamline the process, bring in more SMEs, do all the things that I think we want to do, but, honestly, what we lack is the will to change.
David Clarke: The procurement process in the UK at the moment is based on sound contractual arrangements to deliver low risk and value for money though open competition but to get there, we have a very complex, timeconsuming, process that is expensive for all parties, which ultimately favours large suppliers. Increasingly, because the cost gets so great, there are fewer and fewer suppliers for each project. We have a system that says that we are going to end up with one or two big suppliers being the only ones who really can bid. The public/private partnership contracts make it very difficult to change suppliers and if we go down that route, we absolutely buy-in to a partnership with one organisation that makes it very difficult to change in the future, with no real flexibility. The UK public sector also outsources far more than any other public sector in Europe; that is for sure. We outsource far more than anyone else. You will find that very few European governments that outsource much at all, but we do. That outsourcing process again passes the knowledge and the expertise to suppliers so we do not have it within Government. All of that limits Government’s ability to change the process and to understand what it is being offered. So there are some fundamental issues around procurement.
Martin Rice: It is a very big question. It favours a certain scale of companies because Government is procuring in the big. Over the last couple of years, EURIM Intellect and different groups have looked at what they do in Europe; there has been a belief that the UK adheres to the rules far more strictly than other countries. There could be a lot more flexibility there; it is our interpretation as a country that means it ends up being that long. EURIM sent out a delegation to the Dutch Government to find out what they were doing because they were deemed to be better, and the comments back on the minutes of the Euro meeting were that the Dutch laughed when they realised the scale of the projects we do here. They consider €30 million to be a huge project and I believe there were only three or four projects over €30 million; they still felt that they were not doing it right but they could not believe that anyone would procure such big projects. The other side is that the real innovation tends to come from small organisations. This is not an SME issue, it is that people tend to leave big companies because they have an idea to solve something; they set up a small business and you get elite people working together solving a specific problem. The route to Government is through the systems integrators, and the reality of the situation is that you will be engineered in to the procurement to win the bid because, as part of the procurement, the Government is saying, "Show us the innovation". You are then almost guaranteed to be engineered out once the systems integrators win it, so many SMEs now just don’t bother getting involved. Where the innovation that could make a difference could be brought forward, it won’t ever make it to the project itself. The simplistic answer is, buy in the small, and don’t assume you have to buy in the big; it is not that complex, and it is a con. You have 70 million citizens and there are global companies dealing with hundreds of millions of customers in a very complex way and they do not have anything like the budgets that you spend. Do just close the cheque book, procure in a different way.
Q191 Chair: It is very attractive to Government to just close the cheque book.
Martin Rice: But you can. You really can close the cheque book. The same supply chain won’t, but a different supply chain will stand up and you only pay for what you use.
Sureyya Cansoy: On the Dutch reference, what is really interesting is that we have had various Dutch, French and other EU delegations visiting the UK over the last few years because there are certain things about the way that the UK does Government ICT that other countries think they can copy, believe it or not. For example, I mentioned Concept Viability, a service that is offered by Intellect, and the Dutch Government is implementing the concept of Concept Viability-which tests the viability of your project before you start procurement-in their country. If we have these kinds of tools that other countries are copying, why are we not using them?
Q192 Greg Mulholland: It seems fairly clear from what you have said and two of you specifically mentioned it, but do you all agree that the current procurement procedures effectively lock smaller outfits out of the process?
David Clarke: Absolutely
Sureyya Cansoy: Yes. We actually asked a small sample of our members before this Committee Hearing how much it costs to bid for a major project, just to get a feeling of the costs associated with it. It can be as much as £2 million for each supplier to bid for a complex ICT project in Government. That is not an amount that an SME can afford to invest and, actually, it is not necessarily an amount that a larger player can afford to invest in these very tough times, so it is competitive.
Q193 David Heyes: I would like to bring us back to this intelligent customer point which has come out over and over again in the evidence so far. Mr Rice was exhorting Government to behave more as an intelligent customer, and David Clarke said something similar. But Janet Grossman, you used to be part of the Government’s intelligence, how can we get you back? Can we afford you? What should we be doing?
Janet Grossman: The happiest time of my life was working for the UK Government, helping citizens, and I live for that. So taking the personal out of it, peppering the UK Government with a few people who have the will, the desire and the expertise will make a huge difference. In the current economic environment, it is not popular to bring in experts on anything, but if you were going to spend a few bob on experts, you would do it in the area of procurement and being an intelligent customer. That is my opinion.
Martin Rice: I agree with everything that you say but the only thing I would ask is, how do you give that person teeth? You need the passion, you need all the things that you said but you have to give that person the ability to drive something through and if they say it is happening, it is my way or the high way, if it is decided that that is what you are doing, and you are going to do it differently, they cannot hit closed doors or bottlenecks.
David Clarke: I totally agree, you cannot afford not to. You have to do that, almost at whatever it costs, because you are spending a huge amount of money down the road on implementation and a relatively small amount of money getting the right skills in Government to manage that properly first. That would save a huge amount of money down the road. You cannot afford not to.
Janet Grossman: The other weakness Government has, which hasn’t come up in any of these papers, is programme delivery. Because you outsource your programme delivery work so much, there is noone on the customer side to watch out for what is going on internally, and that is another area where you have let too much go.
David Clarke: I just remembered an ancillary point on procurement. One of the things that worry me a lot is the lack of career paths now in this profession in Government. So much is outsourced; that work used to be the career paths of people coming up to become those excellent, knowledgeable people at the top of the tree. By outsourcing a lot of the stuff that you do, you don’t have that career path within Government and you have no choice but to bring people in from the private sector because at the moment, you cannot bring them through. It makes sense to develop people and over time you will have that career path back but you do not have it right now.
Q194 David Heyes: Let’s develop it a bit further, what particular skills are they? What is the skill set that we need to get back into Government and how should the Government go about achieving that? There is the question of costs that will be difficult, there is the question of ideology as well, because of the very powerful ideology that private is good and public is bad. How are you going to effectively get those important people back into the public sector?
David Clarke: Ideology is not the problem. People do not feel that working in the public sector is a bad thing, quite the opposite, but it has to be the right skills, and those people have to be empowered to do the job. That should be strategic planning and there is no such thing as an "IT project", these are all business change projects enabled by IT. So you really need people to understand the business change element and how IT can deliver that. There are lots of those people around but it is really important to have business change managers, programme managers and enough business and technical skills to know how to get the best out of technology, what the right technology is, when to go agile and when not, and what the security risks are of doing one or the other. Those sorts of skills need to be central and they need to be managed, but then the delivery can absolutely be done in the commercial market place. You need people that can monitor what is going on in these projects; people who are knowledgeable enough to monitor what is being delivered. So there is a whole series of skills but you don’t need a huge number of them; you don’t need thousands of those people, you need a number of them who can control the delivery. I think that will dramatically reduce the cost of delivery.
Martin Rice: I agree with what you are saying about that person being there from the beginning to the end.
David Clarke: Absolutely
Martin Rice: Not leaving half way through and going somewhere else; that is not what you mean by career development, you need continuity. The main thing I would say is, profit is a dirty word but Amazon’s IT is really interesting because they don’t have an IT, they distribute things. Everybody involved in IT is focused on driving the transaction costs down, otherwise there is no profit and Government does need profit. You take a certain amount of money from the citizen and anything you don’t spend on IT goes to frontline services. You need the people who think that way round, looking at how you can reduce the transaction costs, looking at what other people are doing in the industry and how you can learn from that, not understanding IT that much but having that mindset of: if I make that saving, there is more profit to give to frontline services.
Q195 David Heyes: Can I just link this in with the point that virtually all of you have made about involving industry early in the contract specification? Are you saying that is a substitute for the lack of an intelligent customer or is that in fact the intelligent customer role?
David Clarke: It is the intelligent customer role. If you do not have them, then by definition, you outsource it to a supplier and I think that is not the smart thing to do. You should have those in Government and if you do not have them in at the beginning, then that will have a serious impact on the costs of the project, the time it takes; expectations will not be set properly at the beginning if you do not have that expertise in early. People will be guessing at stuff rather than really knowing what it will actually cost, what it should cost and how long it will take. If you get that intelligence built in, you will have successful projects. Part of the lack of success is due to unrealistic expectations set at the beginning.
Janet Grossman: For me the elephant in the room is, under the noble intention of fairness, the Government does not feel able to bring in people to brainstorm and workshop ideas prior to policy coming alive or whatever, because they are afraid that others will complain they were not involved. In the private sector you are free and open to say, "You seem to know something about this, we are thinking about doing this, what about that? You do too", but because of the noble intention of fairness, you either have to invite everybody in or nobody in and you err on the side of nobody in.
Q196 Chair: But we have this Technology and Business Fast Stream in the Civil Service now, and none of you have mentioned that. I am told that there is a zero attrition rate from that which must mean that it must be a satisfactory job because they are not paid as much as people in the private sector. Do you rate this?
David Clarke: Yes
Q197 Chair: And is it producing good people?
David Clarke: It is, but nowhere near enough.
Q198 Chair: Is it a programme that could be called up?
David Clarke: Absolutely.
Q199 Chair: And you would very much welcome that?
David Clarke: Yes.
Chair: Moving on.
Q200 Paul Flynn: Ms Cansoy, you used the expression, "Concept Viability", which interested me. I was reminded what Cecil B DeMille said: "Before we make a new film, someone should read the script." The idea of people coming from Holland to tell us that, before we embark on a concept, we have to make sure it is viable-do we really need to be told that?
Sureyya Cansoy: It is actually a UK initiative; it was something that Intellect launched with the Office of Government Commerce in 2003. What colleagues in the Netherlands are doing is copying, with our permission, the same initiative in their country because they think it is a very simple and neat idea to use the collective knowledge and expertise that exists in the industry to test the viability of an idea before you take it too far.
Q201 Paul Flynn: But is that not stating the bleeding obvious? I don’t understand; would you get some special people in who were experts in Concept Viability to find out whether what you are doing makes sense?
Sureyya Cansoy: The way Concept Viability works is that you take a specific project or programme that you are working on, you bring a group of about 50 or 60 technology companies together and you ask them a number of specific questions about the project or programme. So for example, "Is this doable? Has it been done elsewhere? Are there any lessons that we can learn? Can technology deliver this? Are our budgets realistic? What kind of commercial arrangements should we be following?" Intellect then takes that collective industry feedback and presents it as the industry response to the Government department or agency. It looks quite obvious; you would think that people would say, "Actually yes, that is very sensible, we should be doing that", but you do not always get that.
Q202 Paul Flynn: And the comparison with Amazon: we talked in the past about Tesco; these are huge organisations with very rare errors of one in 10,000, whereas comparatively the Health Service has errors of one in 10 and so on. Are there differences there? I apologise for coming late and if this has been covered earlier. There does seem to be a great gulf between what happens-with the enormous waste, the huge amounts of money that are being paid in the public services-and the often dire results that come about.
David Clarke: Can I maybe come back to Connecting for Health? We did a report in 2006-Concept Viability-that said that the basic concept of that would not work. BCS is quite unique in that we have, in a number of sectors, combinations of experts users and, in this case, medical people and the IT implementers in the NHS; we brought all those people together to look at what was being proposed. We did a report there that said that this concept, which is one big, central system, simply cannot work. That was ignored and so a couple of years later we had another go, and that one was ignored. The idea is that you do need to look at concepts and the viability of concepts. This was a Government policy to do things in which it seemed that the only way of implementing that policy was to have that central system. That absolutely was not the case but, even if it were, would that price be worth the policy? And to have one central database of everyone’s record, when 95% of health interaction was within 20 miles of where people lived, was just nonsense. We put all of this stuff in the report. So there is a need on some of these projects to stand back and take a look at the concept.
Sureyya Cansoy: If I can just very quickly mention one example of a small pilot project that used Concept Viability about six years ago, at the end of the Concept Viability exercise, that Government department realised that they did not have the budget for that project and it was not doable. They took the sensible decision not to continue with it for a saving to the taxpayer of millions of pounds.
Q203 Paul Flynn: We are just in the middle of a census on a biblical basis of the entire population when we know could get almost as valuable a result if we took 0.1% of the population and examined them, but we seem to carry on doing these things. Ms Cansoy, in Intellect’s evidence, it states that technology currently tends to be considered separately from business change. What does this mean? How would you change the way Government behaves as far as that is concerned?
Sureyya Cansoy: The first question that we need to ask, which David and Janet touched on earlier, is: what are we trying to achieve? Take the HMRC Tax SelfAssessment Service. The starting point for that was: "Okay, we need to make the service more convenient for citizens so they can do it 24 hours a day, they can put their details of their finances on this online form and their tax gets calculated automatically". It is a great convenience and it is saving HMRC money at the same time, so you need to start with the business outcomes that you are trying to achieve first and then look at the technologies that are out there to help you do that. That should be the starting point.
David Clarke: I remember talking to a senior civil servant a couple of years ago about this area and they said that, when they are developing the detailed policy behind an idea they have been given, they always ask the Treasury about the financial situation; they always ask the lawyers about what is legal; and they never think of asking the IT people about what is possible. That is always done as an addon later and it may be that even more would be possible if they asked earlier. It may be that what they are asking to do simply cannot be done. To leave it late means that it almost certainly will not get delivered because IT simply enables the project. It is not the be all and end all within itself; it has to be a subsidiary of the business change.
Q204 Paul Flynn: Are Governments a soft touch because of the ignorance of IT by civil servants and politicians.
David Clarke: I don’t know that I would say "soft touch".
Q205 Paul Flynn: Well you made the point about the large amounts of money that have been spent on projects that do not work.
David Clarke: I don’t think that the Government have the skills across the board, at the moment, to get value for what they are investing. They are investing a huge amount of money and they should get a lot more value.
Q206 Paul Flynn: If you were down in the Dog and Duck with a Minister, enjoying a pint of lemonade amongst yourselves, what would you say to them? We have a new Government full of reforming zeal. They are Maoist-they want to revolutionise the system and do it yesterday. What is the best advice you could give them in a few short sentences?
David Clarke: Get the right IT skills, and that is not the technology, it is as much about the application of IT to the business. Get somebody who knows your business, knows what is possible, give them the authority that you give to the finance and legal people to incorporate that. Get them in early, listen to them and you will get projects delivered on time and to cost.
Janet Grossman: Being a bit provocative, I would tell the Minister to get involved and to take personal responsibility, understand what business drivers are in the system; if a Minister stands behind a policy, it gets done. If a Minister stands behind a really good innovation, people want to do more of it. It is really hard to be a civil servant these days; nobody tells you that you are doing a good job in the newspapers. So I would tell the Minister to find pockets of innovation, to love it like mad and to be really tough about accountability, but also to be accountable themselves.
Q207 Paul Flynn: The tendency is for Ministers to run a mile when things go wrong and to put their civil servants up to explain, as far as this Committee is concerned-take Tax Credits and so on-but do you think the Ministers, of all Governments, are defective in this in not taking a personal responsibility?
Janet Grossman: It is mixed.
Q208 Paul Flynn: Do they really know what is going on?
Janet Grossman: It depends on the kind of department it is; it depends on the background of the Minister, whether they come from a public service background or not, and it also depends on the nature of the challenge. If you have a really big challenge going on, they get more involved than if it is business as usual.
Martin Rice: Simply put, it is a guardian on detail. You get clever people, and they produce a fully working system in two days that might be completely what you didn’t want but you will be wonderfully capable of telling them it is not what you want when you see something that isn’t it. Alternatively, we could all sit there and do a nice big report that nobody reads. Just do fast, iterative spikes-it doesn’t matter that it is not scalable, and it doesn’t matter that it hasn’t got security. Is that what the citizen wants? You can do it in days and then you can start saying, "You have totally got the wrong end of the stick," and you can get everybody involved and get the stakeholders in. But actually build, fast, iterative systems and throw them away.
At Erudine, we follow a process of quest; if we are not sure how to solve a problem, we get two or three teams of two people, and we give them half a day to go away and get creative-there is not a wrong way of solving it. They then come back and we will discard one or two of the routes. We might have two weeks of development and then we choose one. We don’t predetermine from a big report, we just keep looking and saying, "That is getting closer to what we think we need", and then you are on the right track. So we don’t waste millions because we waste a few tens of thousands doing experiments, and then you know that you are on the right track. So in the pub with the Minister, I would be saying, ‘Start funding more of things like the geek cells, and get more people who can do these very quick systems who can ask, ‘Is that what you meant?’ and get everybody involved in analysing your systems and, if they work, use them".
Q209 Chair: Just moving on, we visited Facebook for example, they use Open Source software and they now have 500 million users. Why are Government so resistant to this method of working?
Martin Rice: It comes back to Mr Halfon’s point. You go to the systems integrators, they have tier1 relationships with certain suppliers; they have to push them forward, they have signed contracts to say they will. Facebook is an interesting example; they developed some software called Cassandra. It is a globally scalable database, they decided they did not want to own it so they put it as part of the Apache Open Source stack. It is available to the world and it has a very large group of developers working on the code. It is a brilliant piece of software and it is free. Now it is not free, because you will pay people to use it, you will pay maintenance support, but you are not locked into an adversarial relationship.
Q210 Chair: How is that parallel to a patient record system or a system delivering a tax disk for my car?
Martin Rice: The patient record is a really interesting one. Rather than building this massive database, which is going to cost billions, the way that Facebook works is that they can access any record anywhere in the world, and it comes up like that. The way that Cassandra was developed, as an example of it, was to allow them to do that. So these have been produced with that specific type of access to data in mind.
Q211 Chair: What about the security problems? Facebook is notorious for its lack of security.
Martin Rice: That is beyond the scope of today to go into that, and I believe it is a red herring. If you were to take a copy of Facebook and say, "Let’s use it for Government," it would be unsuitable, but that does not mean the underlying technologies are not capable of delivering this. It is a red herring.
Q212 Chair: And is the lack of Open Source development a reflection of the protectionism in the industry?
Martin Rice: I believe so because it is used, pervasively, everywhere else.
Q213 Chair: I only use that because I feel you need to put your side of the story forward.
Janet Grossman: My company, CSC, does not develop anything without the use of quite a lot of partners. It is a myth that we are using less Open Source than we think. We have a lot of Open Source in government; it is surrounded by security measures that obviously we don’t want to talk about in a public forum. It is getting to be part of our real world more and more. Dare I say, looking at the age of myself and some of the people in the room, it is a generational thing as well. Those of us who grew up in the IT industry do not really fully appreciate what is out there that could be rapidly deployed, so we have to look ourselves in the mirror as well. But I think you would be surprised to see that more and more of even the big SIs are using Open Source, Open Standards in their cloud applications in particular and we need to be better at communicating that.
Sureyya Cansoy: If I may add to that, Intellect has both Open Source providers and proprietary software providers in its membership and, whenever we talk to members about it, Open Source providers say, "Yes, we would like to have a level playing field when it comes to doing business with Government" and we are strongly behind the message that Open Source should be used where it makes business sense, where it is the best solution for the problem we are trying to solve and where it provides the best value for money. But at the same time, there are solutions where there is a mix of both proprietary and Open Source software, so often Open Source is hidden in a more complicated solution provided to Government; it is not always the case that it is not there.
Q214 Chair: Is there just one more thing Mr Rice?
Martin Rice: I am yet to find Open Source to have a salesman who takes everybody out to lunch. A lot of procurements are sorted in the wine bar, over lunch or on the golf course, so I see that as a problem for Open Source systems with very good software out there.
Q215 Chair: So Open Source is alien to traditional commercial relationships.
Martin Rice: A friend of mine was an MEP a few years and said as a tongue in cheek joke, "Microsoft had a bigger delegation there than most Member States." So the Open Source community did not have a large delegation there and Microsoft keeps the stranglehold. The word that was used down there is key. There is also a big difference between Open Source and Open Standards, and Open Standards are far more important than Open Source because it sets a level playing field. It really does not matter, whether it is closed source or Open Source is actually a misnomer; anybody can interact within that set of rules.
Q216 Chair: And this relates of course to agile development as well, which you have been referring to a lot in your evidence Mr Rice. Why do you think it is not in the interests of large suppliers to promote agile development?
Martin Rice: The Agile Alliance started 10 years ago; the 10th anniversary is in June. We have been an agile development house since it started. The purpose behind agile as we see it is there is no lockin and no predetermined outcome. You just have a vision working with a partner and that it is a true partnership. But you are starting on a journey of saying. "We will give you a working system every month which will be better than the last time and then we will all get together and decide what it will be" but at any point, you can stop the contract. Big companies do not like that; they want five or 10 years’ lockin. Agile has been there, and it has been proven to be a very robust, professional methodology.
Q217 Chair: Would agile have the effect of fragmenting the industry?
Martin Rice: Sorry, what do you mean?
Q218 Chair: At the moment contracting processes have militated in favour of the consolidation of the industry because, if you are a big company, you buy another big company and you get more share of the market. But agile development would have the reverse effect wouldn’t it?
Martin Rice: Yes but if Government continues to get the big, you will always get the big company. If you start buying in the small, it suits the small, agile development to produce exceptionally good, smaller services. The key thing about agile as I see it though is that the user gets what they want. The key thing there is what Mr Flynn was saying about the business rather than IT. It is not even the business; if you are building an IT system and someone is going to use it in a Jobcentre, talking to a vulnerable person, what does that person want? Not what did the Minister want, but how do I make their life, sitting and interacting with that person, easier? That is the person who agile wants to sit and help with the development; the user, the people who actually interact with it on a daytoday basis. There is a standard joke in the software development industry that you bring the user in at the stage when we have finished. You very rarely bring them in right at the beginning and say, "How do I make your job easier?" These people, who do the front interaction, probably know more about how to make savings to the business process than anybody back in Whitehall or the big IT company.
Q219 Chair: Okay, so what skills does Whitehall need?
Martin Rice: Learn the principles of agile.
Q220 Chair: You just need people to learn them?
Martin Rice: Learn the principles of agile from agile development companies, not from the current oligarchy, because they are not experts although are starting to read the manuals and say, "We can do agile." I was really interested in the transcript from last week’s evidence session when one of the people said that he could do agile within waterfall. That is a fundamental misunderstanding of the point of agile and it is dangerous that that is on record in Government. If you want to know about agile, talk to people who are delivering agile projects, do not talk to people who are not.
Q221 Chair: Can big business deliver agile?
Janet Grossman: Yes. I am amused here, because when I was in DWP, the Pensions Transformation Programme was all bottom up and delivered by the people who were using it and two big companies delivered agile; that was four or five years ago. We are painting too much of a brush one way or the other. We have a long way to go in the big contracts because some of the big contracts are over specified to not be as agile as they could be, but it is happening more than you think and agile is out there. Just to be a little bit provocative, the problem with agile is, if you are not careful and you are not an informed customer, it can be the never ending change project so I will just say that you do have to put some brakes on it at times and I will leave it there.
Martin Rice: If you look at agile from a certain perspective, you are right it can be never ending, but the purpose of agile is to reduce the cost of change. The whole purpose of agile is to make change easy. Lord Erroll has a lovely phrase; he says that it is the job of a systems integrator to extend the problem, not solve the problem. That’s a waterfall; it is a throwaway comment. It is the purpose of agile to simplify the problem and reduce the cost of change. So yes, you keep working on it because the world iterates. Facebook did not have a document saying, "Let’s build Facebook, job done, go away"; what they do is say, "How can we improve the service?" It is an iterative, constant change and it is cheap.
Q222 Chair: Mr Clarke, you are going to get the last word.
David Clarke: Thank you. It do not think that it fragments the industry. In the end, if the Government can become an intelligent enough customer, the customer is king. If you demand that, then the big suppliers will respond and they will not walk away from that business. It does not fragment it; I don’t think they are there now. The smaller companies are more agile but the big ones will not leave that alone if that is how you demand certain projects are developed.
Chair: Is anybody else burning to justify anything that they feel they need to justify? Well I am very grateful to you all, there have been some frank exchanges; one senses an electricity in the air, that is what we wanted. It has been very informative for us, thank you very much indeed.
Witnesses: Adam McGreggor, Rewired State, Andy Burton, Chair, Cloud Industry Forum, and Jim Killock, Open Rights Group, gave evidence.
Q223 Chair: Welcome to our new witnesses. Perhaps you could introduce yourselves for the record.
Adam McGreggor: I am Adam McGreggor, the Chief Technologist at Rewired State. I should declare an interest here; if I don’t, it could crop up that I cosigned the Constitution for NO2ID and remain the Technical Director of NO2ID.
Jim Killock: I am Jim Killock, I am the Executive Directive of the Open Rights Group. We are a citizenbased organisation that campaigns on human right issues in relation to digital technologies.
Andy Burton: My name is Andy Burton. I am here as the Chairman of the Cloud Industry Forum. We are a notforprofit organisation made up of members representing the broader technology industry and our aim in life is to try and make it easier for consumers and technologists to meet minds.
Q224 Chair: Did you all sit through the previous session?
Andy Burton: Yes.
Chair: That is very useful. In that case I shall not repeat my own declaration of interest.
Q225 Greg Mulholland: Good morning. Can I start with you Mr Killock? I am going to ask all of you to comment but in the evidence that the Open Rights Group supplied, you said that, and I quote, "Viewing IT as a standalone area for policy is a bad idea", and we are very aware that this is one of the big challenges of how this is done. How do you think IT could and should be integrated into the policy making process?
Jim Killock: It needs to come further down the line. The evidence that I presented to this Committee is mostly based on a series of seminars we did which looked at various big IT projects that were causing a number of human rights issues from things like ID cards through to health projects. But what really struck us when we did that work and we talked to the practitioners is that IT solutions were essentially being thrown at services. Services, such as in child safety, would be told, "Here is the next thing that you must deliver and therefore everyone must have information about children to the nth degree". And these projects were essentially being imposed in a rather topdown way so they totally failed to really ask both the end users, perhaps in this case the children and parents, but also the service users, such as childcare practitioners, what they actually needed from these systems. So IT was really being regarded as a solution in itself. So the first step was to ask "Who is doing the work? What work are they doing? And what do they actually need?" So then whether IT fits into that is a completely secondary question. I don’t know if that makes is a little bit clearer.
Andy Burton: There are two ends of the spectrum we need to look at with this; first of all, if IT does not serve an organisational purpose then, arguably, what is its function in life? It is there to achieve an objective and that objective is not to selffulfil and deliver it by IT, it is to achieve an organisational objective. Listening to the earlier session, it also seemed to me that we risk lumping IT into this homogenous mass that only has one procurement model, which is outsourcing, and there is a risk that in looking at that as a deployment procurement method, you automatically lock in certain philosophies around how you build software, how you deploy software and how you manage software. We were mentioning about agile computing and things like that briefly, and it seems to me that the challenge is that is has to be serving an organisational or Governmental objective for public purpose, but the way in which it is procured needs to look at the elements where cost waste is incurred. There are issues around hardware and scalability, software-how it is built and whether it is licensed or not-and the way in which it is managed. You need to look at that whole spectrum and there is not enough rigour, I think, given to how the solution is procured because the method of procurement today typically advocates a lead organisation defining what sits underneath.
Adam McGreggor: I endorse both previous speakers’ comments really, regarding a topdown position and not actually considering design for the people using the service, whether they are the end users or those actually keying in the information, who are possibly very crucial in this sort of thing but are often left out. It is all very good to implement IT systems but is there always a case? The answer is: is this a technical problem or is this a social problem? I would look at it from those sorts of direction as well and consider is as an allround process, not just ongoing. There is always this wonderful thing of continual improvement, which is the other thing rather than just doing it. As we heard earlier our rigid framework does not allow scope to change and 77 weeks is an immensely, ludicrously long time just to deliver a project.
Q226 Greg Mulholland: And do you think that, as part of the procurement process, the Government focuses too much on the procurement of new systems and technology rather than thinking about how they will actually be used and the data that the systems will hold?
Andy Burton: I would say it is both of those things. The fact that it is a silo procurement, i.e. you have Departmental projects, institutionally leads to looking for a solution for that particular purpose, almost ignorant of what else is available across the Government. The fact that there are 168 different data centres in Government today is a reflection of that.
Q227 Chair: How many?
Andy Burton: About 168 I believe.
Chair: Different data centres.
Andy Burton: Yes. The point I was making in the previous statement is that, if you look at it, there are basic savings; regardless of who you buy solutions from, at the end of the day they use computing power. If you look at it, it is a standard fact that the average computer or server is using 20% of the capability, so if you are using 20% of the capability and you have this replicated multiple times because you always build software solutions that scale to your peak demands; you are building capacity for your income tax returns on 31 January or whatever it is, but on the other 364 days of the year, it is running at a lower level.
Q228 Chair: One of the interesting things that we heard, I think it was about Amazon, was that they sell their data storage capacity for 11 months of the year because their peak time is Christmas, but Government do not do that.
Andy Burton: That is why they have moved from being a pure book retailer, which they started as, to now offering a massive cloud as their product. But I am obviously not here to representative a specific commercial agenda. The point I am trying to make is that when you look at procuring IT, the tendency is to look at the overarching solution, but Government actually needs to provide a framework for organisations to comply with. It comes back to the comments in the previous conversation about the participation of small businesses. If you actually provide a framework-going back to Open Standards, you have this initiative called GCloud running in Government, which I do not believe has enough teeth yet because it should be providing a blueprint to all Government Departments about how IT solutions should be procured. You should be sweating your hardware assets, you should be running less data centres, you should be consuming less power and there is no reason that someone who is delivering a software solution on top of that, and managing it or not managing it, cannot work on top of that underlying platform. At the current moment in time, you tend to look at a solution as a complete turnkey rather than saying, "Okay, it has got to fit within this model because we are going to use that capacity that we have now better." And so because you are buying everything in a vertical stack, you are not getting the benefit of the investment you have already made.
Jim Killock: The question needs to start off with: what are the Government trying to achieve? Just to take a quick case study, we have been involved in looking at the consequences of certain sorts of systems rather than at the detail of how they got procured, and we ran a campaign about electronic voting. We got involved in electronic voting as an issue because, to us, it was some significant issues about democratic accountability, because you are trying to bring together certain things which are nearly impossible to bring together--anonymity of voting, security of voting and transparency of the process. These are very difficult things to bring together. How do you make a process both transparent and anonymous? It is actually very difficult in an electronic system, because, most of the time, you are trying to account for what happens in transactions by seeing everything that is going on, so it is very difficult to make something transparent, accountable and anonymous. But the Government started off from a position that they wanted to increase voter turnout and just assumed that the answer was going to be technology. The policy process appeared to be, "What technology might we throw at this? Electronic voting sounds good so let’s put that in the mix." If you think about the question of how you increase voter turnout, that is actually something about democratic accountability first and foremost and about whether people think who they are voting for actually holds power, and whether they are going to have any influence. So trying to answer the question of voter turnout through technology might be entirely inappropriate. Then when it got down to, "How do we make any of these systems work?", the key problem in technology terms turned out to be far less about the method of voting-whether you are using an electronic machine or a paper ballot-but far more to do with voter registration, which is a very mundane problem but is causing lots and lots of issues around voter security and whether people really are voting, whether postal ballots are really secure and so on. In a way, the Government led policy from, "Here is a technical solution that sounds great that we’d really like to impose on our Departments", rather than, "What is our problem here? What are the best fits to answer that problem?" I cannot really say how Government stops using democratic, parliamentary or other political whim to drive policy but it seems to me that a number of the projects that we are talking about and criticising fall into that category. ID cards is arguably another. Would it have solved any real identity problems or was it actually far more about Governments appearing to look tough on law and order? What was really the driver behind that system?
Chair: I don’t think you’ve got any dissenters here.
Paul Flynn: It would destroy a lot of jobs in my constituency.
Q229 Greg Mulholland: I wanted to ask a question on the IT card scheme so that leads very nicely on from there, but I thank you for declaring an interest and congratulations to NO2ID for their excellent and successful campaign which I am involved in and delighted about. Do you think that, concerning the whole ID card scheme, whatever people thought about whether it was a good idea or not, there were other issues that we can learn from? One of the interesting things about the ID card scheme was that it was a policy idea and an IT solution all wrapped up together. Do you think that one of the reasons that it was clearly going to be unsuccessful in policy terms is because those policy objectives kept changing throughout the course of the development of the programme in itself, but also because it became IT driven rather than policy driven?
Adam McGreggor: I will kick that off. On the policy objectives changing, if we go back to when I first got involved in identity cards-which was when they were still Entitlement Cards back in 2000-ish or so, and even before then going back to the previous Conservative Administration when the idea was being mooted even then-it is actually quite interesting to look at the identity cards and how, as a piece of machinery of Government, they actually came into fruition. There are some people who have even traced Permanent Secretaries and Deputy Secretaries around departments to see how departments followed when the servants moved as well, so there is that objective. It was kind of destined to fail from the start, with ever-changing policy objectives and as the solution, for the Government, for everything from terrorism to benefit fraud through to everything else. It didn’t actually address the underlying problems in any way. There was still this problem: if we are going to tackle benefit fraud then why don’t we look at the number of National Insurance numbers in circulation compared with those actually being used? Similarly, if we take immigration then why don’t we look at it from the other side of things, at those actually leaving as well as those inbound? So there are those aspects. The policy change did not help at all. A golden rule is that if you are going to be delivering a service then it is useful for the goalposts not to continually be moved. So there is certainly that aspect of it. I suspect that I am probably going to turn into a previous witness here with the idea that I don’t think it was IT driven; it was driven by IT procurers, those consulting and those involved in the procurement process, rather than the whole industry. They had an interest, to make lots of money for their shareholders, and they had the perfect opportunity with a nice little system that would be used in every single Government building, by, near enough as damn it, by every Government official: "We might as well build a system that will have universal rollout if it succeeds." As your previous witnesses last week have shown, if we actually designed the system based on the card-the Ministerial whim was making the card and then the database behind that-then we have that sort of issue here: are we actually delivering for a consumer who is going to use it? No. Does it actually deliver any benefits to the consumer-the citizen? No. Does it make life easier for Government? Possibly.
Q230 Greg Mulholland: Any comments?
Jim Killock: I would just add that it is not the only example of these sorts of projects. With ContactPoint, the Government had a concern about child security, so they invented a database system to solve the problem rather than talking to the professional childcare people and asking whether it really answers the problem without distracting them from their job because they are busy filling in databases that are largely full of useless material on people who are not actually at risk of child abuse. Those are the sorts of problems that you end up with, but I would just mention that there are a couple that are still carrying on, still in this vein. Summary Care Records are arguably in a similar vein, and the intercept modernisation programme is potentially a similar sort of massive IT project looking for a problem-it relates to needle in a haystacktype cases of terrorism. That involves collecting all the online traffic data of every UK citizen in order to solve a needle-in-a-haystack problem. So these drivers and the things pushing these policies forward still seem to be there. Intercept modernisation could be an incredibly intrusive and anti-human rights, anti-human privacy, measure-the sort of thing that both the Conservatives and the Liberal Democrats were very keen not to repeat. The fact that that is still somewhere in the Government agenda-or perhaps I should say the Department’s agenda-says to me that the civil servants have not necessarily changed their view of how they want to solve the problem.
Q231 Chair: But can I just press you on this for a second? If you have everybody’s emails, there are search engines that can search that pretty efficiently, aren’t there?
Jim Killock: The idea of the programme is to store the traffic data, who talks to whom online-so it is the e-mail headers that are wanting to be kept-or who talks to whom on Facebook or who talks to whom in chat rooms. The problem is, of course, just collecting that data on the basis of no business case but purely on the basis that somebody somewhere-
Q232 Chair: You might want to search it one day.
Jim Killock: Yes, that is not how our human rights privacy is meant to work. We are meant to have a right to privacy until we are suspected and the use of traffic data in law-like your phone records; who you might have been talking to on your phone-depends on the businesses having a case for keeping that data; that is why they keep it. They do not keep it in case the Government wishes to survey all individuals; they keep it because they have a business reason. The Government is able to take that data because they have suspicion of an individual and they wish to get hold of that for investigation purposes. It does not therefore follow that, if the Government wishes to survey people, it can just simply have a blanket surveillance of everybody in whatever case. So that is how the balance in privacy is meant to work, but that does not seem to be any part of this debate internally, within the Home Office, about why the intercept modernisation programme should be advanced.
Q233 Paul Flynn: One of the things I see in your biography, Mr McGreggor, is that you were responsible for FaxYourMP, which nobody does any more. What more successful things have you been involved in recently and why did you want people to fax their MP?
Adam McGreggor: We built FaxYourMP almost by accident. It was one of those things that came out of a now defunct organisation group that, in some ways, led to the cofoundation of the Open Rights Group: the Regulation of Investigatory Powers Bill. We had lots of people, lots of our friends, saying to us, "We have to do something about this. How do we contact our MP? How do we write a response? How do we actually get involved in responding to a Government consultation?" Many people did not have any idea and a few of us were working in this building at the time, and those of us who founded FaxYourMP were all pretty activist and politically aware. So we thought, "Actually, how can we get hold of these MPs?" If we go back to 1997, if you remember, every MP had their pager. We initially thought of PageYourMP, with these wonderful 130 characters or something like that which people could use to say, "This Bill is bad, do not vote for it". So we ended building this campaign website and collated 5,000 opinions on why the Regulation of Investigatory Powers Bill was bad, the reasons why, and we collated those into a response. Part of that was because people wanted to get in touch with the MP and say, "Vote for this please", or "Please read this", or "Support this EDM" and things like that. We got hold of the information, contact numbers and fax numbers in those days because email was still in its infancy in Parliament, and we built a website.
Q234 Paul Flynn: 38 Degrees are operating this very successfully now; it is Write To Them in the present form. Do you think that is has a longterm effect or are MPs going to be able to sort out who is lobbying them? If they are the same people lobbying them on half a dozen issues, it would not be seen as vox pop by MPs; it would be seen to be people who are strongly motivated in certain directions.
Adam McGreggor: That is the case with surgeries though, as those who have a need contact their Members. We have merely made a little annoying tool which is slightly better than Parliament’s own offering; we at FaxYourMP and now Write To Them have set it up that only your constituents can contact you. If you visit the Parliament site 14 years on, anyone can contact their MP, according to the 300-year-old tradition. I think I remember there was something from Bagehot about that.
Chair: How is this relevant to our inquiry?
Paul Flynn: It is interesting though isn’t it?
Adam McGreggor: I was wondering that, Mr.Chairman
Q235 Paul Flynn: We are told we have just entered this postbureaucratic age, which is an idea that I am sure thrills you as much as it thrills us. Do you see the concept of IT helping to lubricate our advance into this brave new world?
Adam McGreggor: Yes and no. IT can facilitate and IT can enable. What it cannot do is get people talking facetoface and having dialogue. It can certainly allow people to arrange to meet up in a pub-while in the old days we would have used telephones or had regular meetings with people-to talk amongst our peers. It goes back to the public discourses and the foundation of coffee shops. Technology can help to some extent but it is not the solution to everything and that applies to social, political and economic technology.
Q236 Paul Flynn: I believe that part of the hope is that instead of a topdown approach from Government, there will be a parallel contact between citizens and that will take the place somehow of this authority down to the peasants. Is this a daft idea? Is it a great concept? Have we suddenly become postbureaucratic or not?
Adam McGreggor: To me, postbureaucratic will not happen unless bureaucracy disappears. There is this wonderful oxymoron of postbureaucratic, yet there is still bureaucracy.
Q237 Paul Flynn: Can we use IT as a magic wand to make it disappear?
Adam McGreggor: We could, but I don’t know whether it would have the same effect. It is a question of whether you go for your armchair expert or armchair auditor versus someone who has had 40 years in the field and is a proper expert. It is a provenance issue as well; the provenance of to whom you are listening, and whether the person you are talking to is in a position to give you sound advice. It is a trust issue as well.
Jim Killock: Thinking about how we might become rather more of a big society or rather more postbureaucratic, there are three things that were touched upon in the last session which are very important here; there is a question of Open Standards. Obviously the Government does not want to lock itself into very tight, closed and impossible to get out of relationships with software vendors. Open Standards allow free competition on that sort of basis and that goes through the whole of the software world; we understand this but it is still not being done. We are all still locked into Microsoft formats for documents, and it is understood that that is a bad thing and it is understood that those companies are probably creaming off extremely large profits for very little work but we are not really pushing that hard and fast enough. There is a second question around Open Source. Government spends a lot of money on IT; when it spends that money, there is intellectual property being created and that will potentially be reused and resold back to the same Government, different departments or other governments elsewhere. By insisting that IP rights are made open, Open Source offers the potential for governments to retain control of those IP rights and not to simply be charged licence fees for things that they have essentially already paid for many times over. So Open Source can obviously enhance competition between different vendors using the same software; it can get you better returns on your investment. The third question is around open data which Adam just touched on. Open data obviously allows people to construct markets and analysis on that data but it also allows people to criticise Government and look inside what Government is doing, and that is incredibly important. The question about analysis is also very important; if we are going to make best use of open data over time then people need to have the skills to analyse that information and there needs to be a dialogue about it, but we should not just assume that, just because open data might lead to people coming to the wrong conclusions from that data, therefore they should not be given that information. That is an erroneous and rather shortterm approach.
Andy Burton: We can only achieve this postbureaucratic ideal, for want of a better phrase, if we don’t view IT as an outsourcing solution. The fundamental thing that I keep hearing again and again is that we are looking at IT as something that is designed and built deliberately for a Government department and managed by a third party. You have got to look at the component parts. The technological world has changed so dramatically that we are still trying to build things based upon archaic understanding of what technology is capable of. Therefore the procurement process of making the IT uphold the bureaucracy is the wrong way round. There is not enough new thinking; there are some great initiatives like GCloud out there and there is some very lowhanging fruit, to use a horrible phrase, from which the Government can save considerable sums of money and reports have been written by organisations like the Open Computing Alliance saying that there is about £44 billion over a 10 year period, as a conservative estimate as to what can be saved, versus the £95 million that we are talking about at the moment in time.
Q238 Chair: But what you are saying is that the postbureaucratic age is an essential component of harnessing modern technology. You have got to do agile development to do Open Standards and Open Source software. There has got to be a letting go.
Andy Burton: It is not about ceding control, it is about providing guidance to the market. It is actually the other way round, I would counsel. It is having the courage of conviction to say, "This is what we need as a nation, this is what we need as a set of public services". Just jumping back to the whole identity issue, that argument got lost with the manifestation of how to authenticate a person to their online identity. The notion of having an online identity is not a bad notion, and being able to reuse it multiple times rather than having to do it in every single system is a very sensible philosophy. The problem is that there is a lack of tangible evidence as to what the Government plan is. I would use GCloud as your best example and the Cabinet Office is on to a great thing there. It is a very sensible model which allows for that open standard to be deployed; it enables you to rationalise data centres; it enables you to break the provision of IT down into hardware and software and when you do that, you start enabling the SME, the entrepreneurial organisations. As Mr Rice said in the previous session, there are plenty of organisations out there that have the intellectual capability. The issue is, if they can only procure in the solution that is going to cost hundreds of millions of pounds to deliver, they just do not have the ability to come forward and even to be part of that consortium.
Q239 Paul Flynn: What happens when the creation of the postbureaucratic age comes into conflict with the Government cuts? The mythology is that you cut nonfrontline services, and IT is seen as something behind frontline services, and when cuts take place, it is 30% here and 30% there. Does it make sense to cut IT by the same amount because it is not seen somewhere and it is not on the frontline?
Andy Burton: What is the point of having hundreds of thousands of servers running at the 20% capacity? There is no benefit to the taxpayer, there is no benefit to the Government, all it means is that the way in which it is being procured-although at the time of procurement it may have been legitimate-at the point we are now, is no longer relevant. So would we rather save hundreds of millions or even billions of pounds in the way in which we procure our IT, rather than keep the method going? And by the way, we can then reinvest that, because IT services in this nation today do not do us justice, so even if you do not want to take that estimate of £4 billion a year saving and making it as a saving, you can reinvest it in the agility.
Q240 Chair: But the astonishing thing that one of our previous witnesses has just said is "If you want value, just turn off the tap". Do you agree with that?
Andy Burton: There is no point turning off the tap unless you are prepared for the drought, that be the way that I would put it, because you have got to say where it is that you are going. Just turning it off will mean that you are going to end up with chaos because you have nothing to replace it with at this moment in time. Getting to the blueprint is not that far away and the GCloud initiative is a very credible step in that direction.
Chair: We will come to that in a second.
Q241 Paul Flynn: There was great distress in the past about the loss of private information. There were tens of millions of people involved in the huge loss of Health Service data. I can’t remember any single case where data was found and anyone was harmed by it-perhaps you know of some-but I am sure that the procedures have been improved in some way. What was the justification for the hysteria about lost memory sticks that took place when in fact very little, if any, damage was done by those losses?
Jim Killock: I don’t know if no damage was done. Have you got concrete examples?
Adam McGreggor: Of disks being found again? No.
Q242 Paul Flynn: I don’t think they found any of them did they? Being lost is one thing.
Adam McGreggor: I don’t know of any cases but it is still a case of: where is this data and what is going to happen? A vaguely comparable thing is the Metropolitan Police sitting on the News of the World phone-hacking data. There is a wealth of data sitting somewhere and the content of it is a hissing time bomb waiting for the release moment if it is in various hands. If it has just fallen down the drain then it is a case of what the damage actually is, where has it ended up and, even before that, why it was being transported. Why was it being transported and transferred in such a way?
Jim Killock: Some of that included bank details didn’t it? I would imagine that anyone with bank details can engage in minor fraud of setting up direct debits and so on.
Q243 Paul Flynn: But did it happen? Was the nervous breakdown by the Daily Mail justified on this subject?
Jim Killock: It was; whether or not concrete examples in specific cases occur or not, the point is that if large amounts of data is getting out there, then it is a problem. It is certainly the case that, in certain instances, there has been a great deal of embarrassment, people will have been quite scared and if your bank details are among 10 million or 15 million other people’s bank details that you know have got out there, you know that is going to cause worry to every single one of those citizens because they do not know if there is going to be a consequence or not. So worrying whether there is always going to be genuine large scale harm to individuals is not necessarily the point, but if Government systems are not up to the job, and they are creating risk and worry for people, then that is a very serious concern.
Chair: We must press ahead in the next 10 minutes. I would just observe that it is like explosions at a nuclear power station; nobody gets hurt but everyone is very worried about it.
Paul Flynn: I don’t think that’s true.
Chair: Well, nobody gets killed by the radiation.
Paul Flynn: There were 10,000 at Chernobyl.
Chair: Well obviously I was making a parallel. Mr Heyes?
Q244 David Heyes: It is pretty clear from what each of you have said so far that you do not think that Government understands the potential of IT to change the way it runs and delivers services and so far, the focus has been on automating existing processes. I would like to tease a bit more out of you and ask each of you to give some examples of how the Government could use IT to deliver services differently. You talked about lowhanging fruit, so give us some examples.
Andy Burton: At the most basic level, and forgetting even the applications that are being used, when you look at how IT is being delivered, you have effectively got hardware, software applications- whether Open Source or commercially licensed-and you have people managing it. Purely at the level of the way in which hardware is bought, consumed and used within Government, by default, it is running at 20% of its efficiency because of the silos, the way that the original technology was built, the fact that systems are designed to work at peak capacity although they do not typically work at peak capacity and the fact that every Department has its own IT approach. By consolidating that infrastructural service, you can release considerable capacity growth and you can realise considerable savings because you move away from the capitalbased investment plan into an operational, payasyougo delivery plan-as the previous gentleman said-and you are only paying for what you need when you need it rather than building something that is for the 31 January tax deadline. It is that kind of philosophy. Without even worrying about what the applications are, there is a huge saving there.
Jim Killock: We don’t study these things from the point of view of trying to deliver actual systems; we are just observing what goes on. So from our perspective, what we see is that there is a huge disjunct between the intentions of Government, what people within those Departments or projects need, and what then gets delivered or what these projects aim to deliver. We also see the lack of expertise in Government. There were very good comments made in the last session about the need for that sort of expertise. We also experience that it helps understanding when technologists are able to get in and talk to Government officials directly. The big things for us are probably around releasing data and actually allowing Government data and Government information to empower citizens. That is our particular concern, and we think that Government currently has the right approach about that and it should go as far as it possibly can on that. However, in terms of the experience we have had of looking at the systems over the last five years, we would say that the Government has got to be very, very clear about why it is doing things with IT and know that it has the right idea at its core, that it has chosen an objective that is actually needed rather than essentially driving IT from a political priority that it has set.
Q245 David Heyes: Mr McGreggor, you have done some specific work on this, haven’t you? I understand your hack days are designed with this in mind. Tell us about it.
Adam McGreggor: We have heard in passing from Martin Rice about hack days. I hate to correct a witness but actually these two day events were run by Rewired State not The Guardian. A hack day2 is something that probably needs explanation here. Essentially, within a given period of time, either 24 hours, 48 hours or something similar, a specific problem is given, with some specific data, and by the end of that, depending on the number of participants in the hack, you will see a number of prototypes knocked up. So for example, you heard talk of the Jobcentre ProPlus earlier, which involves Jobcentres looking up and finding jobs close to you. These services are built up by keen developers on the basis of a real need. There is actually a case for this, people are actually going to use this; so it is built up from the view of demand rather than on the basis of what Government wants, or what Government thinks it needs.
So that sort of approach to it results in a very rapid process: prototype through to a fullyworking application in a very short burst of time. So that is one of those things, but in order for those to function, as Jim mentioned, data release is needed. It is all very good to release past data, but live data will give developers a much better, much faster and a much more realistic approach, particularly if there is something that you can tap in. So for example, building a simple service for something like "When is my bin going to be collected?" would rely on the Council providing up-to-date information because bin contracts change occasionally, so there is the issue on that. Going agile, which we have heard about already, can certainly help; you could not build a site or a hack day using a traditional, project management, project procurement tendering process at all; it just would not work. The idea for the hack day is that these things come up very quickly, they are built and that is it. There is handover and so on to take it beyond there; so in our case, the intellectual property rights remain with the developers themselves, with the source code generally being available so that people can add in and build additional functionality. People can also peer review the code so as to have some confidence in it to say whether it actually does what it says it does. People will scrutinise other people’s code, be competitive about it and come back with suggestions. That is improving in terms of waste by hitting at the very root of it, and the code that drives the site can be collaboratively worked on.
To go back to the question, it is maybe a bit harsh to say that the Government do not wholly understand the potential. Some Departments have got it right and some Departments are keen. Certainly with our professional hats on, we are realising that Government departments want to run hack days; Government departments want to go agile; Government departments are thinking about how they can do stuff and how they can do it quickly. They go along with this idea of, "What can you do with our data? We do not have any ideas, we have this wealth of data, build us something, show us something fun, something that ordinary citizens can actually make sense of. Show us what we can do."
Jim Killock: It strikes me that, at the moment, a lot of the data sets that are being licensed or paid for fall into two categories; one is basic infrastructure. When we are talking about information, things like maps and postcodes are really critical infrastructure, so if they are being charged for, that is causing either social or economic barriers to people really using data properly. The Government should identity those parts of data which really are infrastructure and critically important to make sure that they are free and open to use. Secondly, some of the data that is being charged for, people have a tendency to license, which I feel is almost competing against the core purposes of those departments, businesses or Government functions. Take transport as an example; fair enough it has been privatised but the core business of train and bus companies is to get people on trains and buses, but it is nevertheless quite difficult to get the data off them to advertise their services. So in a way, they are trying to charge or license the data of their train and bus services, and that attempts to charge for the data and provides a revenue stream that actually competes against their core business of getting people on transport. Around a number of places where people are trying to sell or license data restrictively, that is quite a common feature. People assume that they can charge for data and go about finding new revenue streams when that is not really the point.
Q246 Chair: We must bring our session to a close but can I just briefly ask Mr Burton about how Government can make use of the Cloud? How could the Government make much better use of the Cloud than it does?
Andy Burton: I do not really believe that it is making use of the Cloud at the moment, or certainly not as a conscious strategy. The GCloud is the formation of that and that initiative can provide a framework to the wider marketplace, bearing in mind that about 26% of IT spend in the UK is made by public sector; it is a major fault in the way that IT is shaped in the nation.
Q247 Chair: Does the Government need to own its Cloud?
Andy Burton: No, it does not need to own it at all.
Q248 Chair: So GCloud is not necessarily Government-owned infrastructure?
Andy Burton: No, in its simplest form, GCloud should be providing the standard by which solutions should be built and it should determine what data is held and protected on sovereign soil.
Q249 Chair: And it should be happy if its infrastructure, GCloud, is used by other users for storing information, and for commercial use? It doesn’t need its own exclusive cloud?
Andy Burton: It does not need its own exclusive cloud. I would counsel that there are probably some areas from a political and conceptual point of view-
Q250 Chair: We won’t put GCHQ on the Cloud.
Andy Burton: Exactly. So there are issues around data privacy, data security, and data sovereignty. They are the three key issues that the general public and businesses are concerned about.
Q251 Chair: And what do you perceive the barriers to Cloud to be?
Andy Burton: If I go back to the tenor of this meeting, a current barrier to Cloud is that procurement is not geared up, at this moment in time, to even define how those organisations move from classic outsourcing-build a data centre, build a unique application, manage it 24/7-to building something and saying, "It had got to conform to this standard; it has got to be able to work within this security framework and it has got to enable small businesses, from a software provision point of view, to be able to interface with local community group", or whatever the case may be. The lack of framework is the biggest disabler today, and that lack of framework does not advise and guide your procurement process.
Q252 Chair: And presumably the existing framework is reinforced by the existing contractual commitments.
Andy Burton: Correct, and something has got to give. That is why I fundamentally believe that the initiative of GCloud is very powerful; it just has not yet manifested itself in a way that is design first and therefore procurement. The critical three things that I am hearing are: on agile computing, I think we all agree that this prototyping and design is an important issue to involve in before you get into contracting; the use of Cloud computing to get a least cost operation; and the definition of Open Standards.
Q253 Chair: And very lastly, how do you address those three qualities-privacy, security and sovereignty-in the Cloud?
Andy Burton: Bearing in mind the example that I gave earlier, a lot of those issues about data leakage were not actually around the central systems. They were about data being left in briefcases or couriers not delivering it, and things like that. It was when data was in portable media that it was being lost. I would counsel that most data centre organisations, at least the credible ones, will have very stringent security operations in place. There is a lot of fear, uncertainty and doubt about security in technology, and a lot of the scenarios we have seen have fed a public concern that it cannot be done. I would counsel that it can be done, but the issue is that you need to be clear about what you require of it, and those standards need to be enforced with any providers you use.
Q254 Chair: But we need to be far more concerned about people with memory sticks and losing their laptops.
Andy Burton: Than using Cloud computing. Correct.
Adam McGreggor: One of the things which should be consistent with a GCloud is that data should be easy to get out as well. At the moment the trouble is if a Government Department wants some data out of their own systems, sometimes they could end up paying a contractor their hourly rate3 to get the same data out, which is a problem when it comes to Freedom of Information requests and the limit on the expenditure available. So if Government owns the data, it can get it rather than paying a contractor to release its own data to it, which would then open up transparency even more.
Chair: This has been a very helpful session. Are there any other burning comments? Excellent. Well I am most grateful for your help with this. It is difficult for us lay people to understand some of this. I think your session has been extremely helpful in that respect, so thank you very much indeed.
 Note by witn ess: Correction – the hack days were run by Rewired State (see Q245).
 Note by witness : “Tell Us Once” (mentioned in Q188) was the product of a Rewired State Hack Day.
 Note from witness: evidence from Freedom of Information Act requests suggest that third parties may be over-quoting for these requests.
|©Parliamentary copyright||Prepared 12th April 2011|