Category Archives: GDS

Goodnewspeak and its Orwellian dark side

By Tony Collins

Orwell made no mention of goodnewspeak. But maybe today it’s an increasingly popular descendant of  Newspeak – a language devised by Orwell to show how the State could use words and phrases to limit thought.

This week, as a statue of Orwell was unveiled outside the BBC, a local council in Sussex made an announcement that was a fine example of goodnewspeak.

This was Horsham District Council’s way of not saying that it was scrapping weekly rubbish collections.

This was the benign side of goodnewspeak. The dark side is a growing acceptance in Whitehall, local authorities and the wider public sector that nothing negative can be thought of let alone expressed at work.

This suppression of negative thoughts means that the rollout of Universal Credit can be said officially to be going well and can be speeded up  despite the clamour from outsiders, including a former Prime Minister (John Major), for a rethink to consider the problems and delays.

[Labour MP Frank Field said last month that the DWP was withholding bad news on Universal Credit.]

It means that the Department for Business, Energy and Industrial Strategy can continue to praise all aspects of its smart meters rollout while its officials keep silent on the fact that the obsolescent smart meters now being installed do not work properly when the householder switches supplier.

It means that council employees can think only good about their major IT suppliers – and trust them with the council’s finances as at Barnet council.

[Nobody at Barnet council has pointed out the potential for a conflict of interest in having outsourcing supplier Capita reporting on the council’s finances while having a financial interest in those finances. It took a local blogger Mr Reasonable to make the point.]

Goodnewspeak can also mean that public servants do their best, within the law, to avoid outside scrutiny that could otherwise lead to criticism, as at Lambeth council.

Last month Private Eye reported the results of a “People’s Audit” in which local residents asked questions and scrutinised the authority’s accounts. The audit found that:

 – The number of managers earning between £50,000 and £150,000 has increased by 88, at a cost of more than £5.5m year.
-Spending on Lambeth’s new town hall has gone from a projected £50m to £140m.
– The council “invested” a total of £57,000 on its public libraries last year – closing three of them – while spending £13m on corporate office accommodation.
-£10.3m was spent making people redundant.

These disclosures (and there are many more of them) raise the question of what Lambeth is doing to dispel the impression that it manages public money badly and that its decisions could be routine in the world of local authorities.

Lambeth council’s reaction to the audit was to denounce it and issue its own goodnewspeak statement; and it is considering a proposal to lobby the government to allow councils to ban such People’s Audits in future.

Lambeth’s website, incidentally, is entitled “Love Lambeth”. Which, perhaps, shows that its leaders have, at least, a deep sense of irony.

Whitehall

The following lists of announcements on the websites of the Department for Work and Pensions and the Department of Transport are examples of how goodnewspeak manifests itself in Whitehall:

And the Department of Transport’s website:

Ministry of Truth

Orwell wrote in Nineteen Eighty-Four of the Ministry of Truth whose expertise was lying, the Ministry of Peace which organised wars and the Ministry of Plenty which rationed food.

Some of the Party’s slogans were:

War is peace.
Freedom is slavery.
Ignorance is strength.

And Orwell, whose wife worked at the Ministry of Information at Senate House, London (Orwell’s model for the Ministry of Truth) said,

“If you want to keep a secret, you must also hide it from yourself.”

Comment

Of course goodnewspeak doesn’t exist as a policy anywhere. But its practice is all-pervasive in the public sector. And it seems to change the way people think when they’re at work.

It blocks out any view other than the official line.

In Nineteen Eight-four, Orwell created “Newspeak” as a language of the Party to coerce the public to shape their thoughts around the State’s beliefs. Its much-reduced vocabulary stopped people conceiving of any other point of view.

Not using Newspeak was a thoughtcrime. The Party advocated Duckspeak – to speak without thinking – literally quack like a duck.

Has this already happened in a minor way at Barnet? A council document on the benefits of its outsourcing policies was peppered with abstractions that could have been constructed by software-driven random-phrase generators:

“Ahead of the game”
“Top to bottom organisational restructure”
“Flexibility to meet future challenges whilst ensuring we provide excellent services to residents today.”
“Root of our success”
“New solutions to complex problems”
“Pioneering partnerships”
“Investing for the future”
“Protect what makes Barnet such a great place to live”
“Increasing resident satisfaction”
“Paying dividends”
“Prepared for the future”
“Great strides”
“A radical, ‘whole place’ approach to designing and providing services”
“We have not been backwards in coming forwards”
“Pursuing alternatives to the norm”
“Vision into reality”
“Frame our future strategic direction”
“Future Shape”
“Drivers for change”
“Genuine innovation in Local Government”
“Bold in its decision making”
“Forward looking change strategy”
“A new relationship with citizens”
“A one public sector approach”
“A relentless drive for efficiency”
“Focus on stimulating the market”
“Best in class’ range of tradable services to win and deliver work for other authorities.”
‘Form follows function’.
“Clear roles and responsibilities”
“An internal escalation model”
“Renewed focus on improving engagement”
“Increasing transparency, and developing trust”
“Connect with people and build relationships of trust”
“A steep demand line to climb”

Dark side

One worrying consequence is that Whitehall civil servants and public servants and ruling councillors at, say Barnet and Somerset councils (and even at Cornwall), made the assumption that their IT suppliers shared the public sector’s goodnewspeak philosophy.

But suppliers are commercially savvy. They don’t exist purely to serve the public. They have to make a profit or they risk insolvency.

For years, goodnewspeak at Somerset County Council led to officers and councillors regularly praising the successes of a joint venture with IBM while covering up the problems and losses, in part by routine refusals of FOI requests.

Goodnewspeak at Liverpool Council meant that its officials had nothing but praise for BT when they ended a joint venture in 2015. They said that ending the joint venture would save £30m. But the joint venture itself was supposed to have saved tens of millions.

Somerset County Council made a similar good news announcement when it terminated its joint venture Southwest One with IBM.

Such announcements are consistent with Newspeak’s “Doublethink” – the act of simultaneously accepting two mutually contradictory beliefs as correct.

DWP

Outsiders can find goodnewspeak shocking. The Daily Mirror reported on how the DWP celebrated the rollout of Universal Credit at Hove, Sussex, with a cake. Were managers mindful of the fact that some failed UC claimants have been driven to the brink of suicide?

Disillusioned

Francis Maude, when minister for the Cabinet Office, was almost universally disliked in the civil service. He was an outsider who did not accept the Whitehall culture.  Even though he believed the UK had the best civil service in the world, he did not always show it.

He tried to reduce Whitehall spending on IT projects and programmes that could not be justified. He spoke an IT supplier oligopoly.

Now he has left government, most of his civil service reforms (apart from the Government Digital Service) have settled back to how they were before he arrived in 2010.

In a speech last month, Maude spoke of a “distressing” disillusionment with the civil service culture. He said:

“Based on my experience as a Minister in the eighties and early nineties my expectations (of the civil service) were high. And the disillusionment was steep and distressing.

“It remains my view that we have some of the  very best civil servants in the world … But the Civil Service as an institution is deeply flawed, and in urgent need of radical reform.

” And it is civil servants themselves, especially the younger ones, who are most frustrated by the Service and its culture and practices.”

World’s best civil service

He added that, as the new minister responsible for the civil service, every draft speech or article presented to him started: ‘The British Civil Service is the best in the world.’

But complaints by ministers in all parties about the lack of institutional capability, inefficiency and failed implementation were legion, he said.

“When we queried the evidential basis for this assertion, it turned out that the only relevant assessment was a World Bank ranking for ‘government effectiveness’, in which the UK ranked number 16.”

Speaking the unsaid

Perhaps more than any former minister, Maude has expertly summarised the civil service culture but in a way that suggests it’s unredeemable.

“I and others have observed that all too often the first reaction of the Civil Service when something wrong is discovered is either to cover it up or to find a scapegoat, often someone who is not a career civil servant and who is considered dispensable.
“There seems to be an absolute determination to avoid any evidence that the permanent Civil Service is capable of failure.
“Another indicator is that if a Minister decides that a Civil Service leader is not equipped for his or her task, this has to be dressed up as “a breakdown in the relationship”, with the unspoken suggestion that this is at least as much the fault of the Minister as of the civil servant.
“It can never be admitted that the mandarin was inadequate in any way.
“When I suggested that there might be room for improvement, the distinguished former Civil Service Head, Lord Butler, accused me of a failure of leadership. Actually the leadership failure is to pretend that all is well when no one, even civil servants themselves, really believes that.

The good news

All is not lost – thanks to a vibrant and investigative local press in some areas and resident auditors such as Mr Reasonable, Mrs Angry, David Orr, Andrew Rowson and the people’s auditors in Lambeth.

Along with the National Audit Office and some MPs, these resident auditors are the only effective check on goodnewspeak. They are reminder to complacent officialdom that it cannot always hide behind its barrier of unaccountability.

Long may these dogged protectors of the public interest continue to highlight financial mismanagement, excess and self-indulgent,wasteful decisions.

Earlier this year Nineteen Eight-Four hit the No 1 spot in Amazon’s book sales chart.

Perhaps copies were being scooped up by shortlisted candidates for top public sector jobs as vital homework before falling in with the culture at their interviews.

**

Outside the BBC, Orwell’s new statute is inscribed with a quotation from a proposed preface to Animal Farm that was never used:

“If liberty means anything at all, it means the right to tell people what they do not want to hear.”

Thank you for David Orr, one of the dogged local resident auditors referred to above, for drawing my attention to some of the articles mentioned in this post.

DWP good news announcements

Newspeak

Whitewashing history in education

 

Advertisements

Aftermath of the cyber attack – will ministers learn the wrong lessons?

By Tony Collins

At least 16 NHS trusts out of 47 that were hit by the ransomware attack continue to face problems, according to BBC research.

And, as some patients continued to have their cancer treatments postponed, Tory, Labour and Lib-dem politicians told of their plans to spend more money on NHS IT.

But will any new money promised by government focus on basic weaknesses – such as the lack of interoperability and the structural complexities that made the health service vulnerable to cyber attack?

Last year when the health secretary Jeremy Hunt announced £4bn for NHS IT, his focus was on new technologies such as smartphone apps to order repeat prescriptions rather than any urgent need to upgrade MRI, CT and other medical devices that rely on Windows XP.

Similarly the government-commissioned Wachter review “Making IT Work: Harnessing the Power of HealthInformation Technology to Improve Care in England made no mention of Windows XP or any operating system – perhaps because ministers were much more likely to welcome a review of NHS IT that focused on innovation and new technologies.

Cancer treatments postponed

The Government’s position is that the NHS was not specifically targeted in the cyber attack and that the Tories are putting £2bn into cyber security over the next year.

Theresa May said yesterday,

“It was clear warnings were given to hospital trusts but this is not something that was focused on attacking the NHS. 150 countries are affected. Europol says there are 200,000 victims across the world. Cyber security is an issue we need to address.

“That’s why the government, when we came into government in 2010, put money into cyber security. It’s why we are putting £2bn into cyber security over the coming year.”

Similarly Jeremy Hunt, health secretary, told the BBC that the attack affected international sites that have “some of the most modern IT systems”.

But the BBC’s World at One gave an example of how the NHS’s IT problems were affecting the lives of patients.

It cited the case of Claire Hobday whose radiography appointment for breast cancer at Lincoln County Hospital was cancelled on Friday (12 May 2017) and she still doesn’t know when she’ll receive treatment. Hobday said,

“I turned up by hospital transport for my second radiotherapy session, and I, along with many other patients – at least 20 other people were waiting – and they said the computers weren’t working.

“I do have to say the staff were very good and very quickly let us all know that they were having trouble with the computers. They didn’t want to misinform us, so they were going to come and talk to us all individually and hoped they would be able to rectify it.

“Within half an hour or so they came out and said, ‘We’re really sorry but it’s not going to get sorted. We’ll send you all home and give you a call on Sunday’ which didn’t happen.

“But they did ring me this morning (15 May 2017) to say it’s not happening today and if transport turns up please don’t get in it, and it’s very unlikely it will happen tomorrow.

“It is just a bit upsetting that other authorities have managed to sort it but Lincolnshire don’t seem to have been able to do that.”

United Lincolnshire Hospitals Trust told World at One it will be back in touch with patients once the IT system is restored.

Roy Grimshaw was in the middle of an MRI scan – after dye was injected into his blood stream –  when the scan was stopped and he was asked to go back into the waiting room in his gown, with tubes attached to him, while staff investigated a computer problem. After half an hour he was told the NHS couldn’t continue the scan.

Budgets “not an issue”?

GP practices continue to be affected. Keiran Sharrock, GP and medical director of Lincolnshire local medical committee, said yesterday (15 Mat 2017) that systems were switched off in “many” practices.

“We still have no access to medical records of our patients. We are asking patients to only contact the surgery if they have an urgent or emergency problem that needs dealing with today. We have had to cancel routine follow-up appointments for chronic illnesses or long-term conditions.”

Martha Kearney – BBC World at One presenter –  asked Sharrock about NHS Digital’s claim that trusts were sent details of a security patch that would have protected against the latest ransomware attack.

“I don’t think in general practice we received that information or warning. It would have been useful to have had it,” replied Sharrock.

Kearney – What about claims that budget is an aspect of this?

Sharrock: “Within general practice that doesn’t seem to be the reason this happened. Most general practices have people who can work on their IT and if we’d been given the patch and told it needed to be installed, most practices would have done that straight away.”

GCHQ

World at One also spoke to Ciaran Martin, Director General for Government and Industry Cyber Security.  He is a member of the GCHQ board and its senior information risk owner.  He used to be Constitution Director at the Cabinet Office and was lead negotiator for the Prime Minister in the run-up to the Edinburgh Agreement in 2012 on a referendum on independence for Scotland.

Kearney: Did your organisation issue any warnings to the health service?

Martin: “We issue warnings and advice on how to upgrade defences constantly. It’s generally public on our website and it’s made very widely available for all organisations. We are a national organisation protecting all critical sectors and indeed individuals and smaller organisations as well.”

Huge sums spent on paying ransoms?

Kearney asked Martin, “How much money are you able to estimate is being spent on ransoms as a result of these cyber attacks?” She added,

“I did hear one astonishing claim that in the first quarter of 2016 more money was spent in the USA on responding to ransomware than [was involved] in armed robberies for the whole of that year?”

Martin: “First let me make clear that we don’t condone the payment of ransoms and we strongly advise bodies not to pay and indeed in this case the Department of Health and the NHS have been very clear that affected bodies are not to pay ransoms. Across the globe there is, sadly, a market in ransomware. It is often the private sector in shapes and sizes that is targeted.”

Martha Kearney said the UK may be a target because it has a reputation for being willing to pay ransoms.

Martin, “We are no more or less a target for ransomware than anywhere else. It’s a global business; and it is a business. It is all about return on investment for the attacker.

“What’s important about that is that it’s all about upgrading defences because you can make the return on investment lower by making it harder to get in.”

If an attacker gets in the aim must be to make it harder to get anything useful, in which case the “margin on investment goes down”. He added,

“That’s absolutely vital to addressing this problem.”

Are governments at fault?

Martin,

“Vulnerabilities will always exist in software. Regardless of who finds the underlying software defect, it’s incumbent on the entire cyber security ecosystem – individual users, enterprises, governments or whoever – to work together to mitigate the harm.”

He added that there are “all sorts of vulnerabilities out there” including with open source software.

Windows XP

Computer Weekly reports – convincingly – that the government did not cancel an IT support contract for XP.

Officials decided to end a volume pricing deal with Microsoft which left NHS organisations to continue with XP support if they chose to do so. This was clearly communicated to affected departments.

Government technology specialists, reports Computer Weekly, did not want a volume pricing deal with Microsoft to be  “comfort blanket” for organisations that – for their own local reasons – were avoiding an upgrade from XP.

Computer Weekly also reported that civil servants at the Government Digital Service expressed concerns about the lack of technical standards in the NHS to the then health minister George Freeman.

Freeman was a Department of Health minister until July 2016. In their meeting with Freeman, GDS officials  emphasised the need for a central body to set technical standards across the NHS, with the authority to ensure trusts and other organisations followed best practice, and with the transparency to highlight those who chose not to.

A source told Computer Weekly that Jeremy Hunt was also briefed on the security risks that a lack of IT standards would create in a heavily-federated NHS but it was not considered a priority at that top political level.

“Hunt never grasped the problem,” said the source.

There are doubts, though, that Hunt could have forced trusts to implement national IT security standards even if he’d wanted to. NHS trusts are largely autonomous and GDS has no authority to mandate technical standards. It can only advise.

How our trust avoided being hit

A comment by an NHS IT lead on Digital Health’s website gives an insight into how his trust avoided being hit by the latest cyber attack.  He said his trust had a “focus on perimeter security” and then worked back to the desktop.

“This is then followed up by lots of IG security pop ups and finally upgrading (painfully) windows XP to windows 7…” He added,

“NHS Digital have to take a lead on this and enforce standards for us locally to be able to use.”

He also suggests that NHS Digital sign a Microsoft Enrollment for Windows Azure [EWA] agreement as it is costly arranging such a deal locally.

 “NHS Digital must for me, step in and provide another MS EWA as I am sure the disruption and political fall-out will cost more. Introduce an NHS MS EWA, introduce standards for software suppliers to comply with latest OS and then use CQC to rate organisations that do not upgrade.”

Another comment on the Digital Health website says that even those organisations that could afford the deployment costs of moving from XP to Windows 7 were left with the “professional” version, which “Microsoft has mercilessly withdrawn core management features from (e.g. group policy features)”.

The comment said,

“There are a lot of mercenary enterprises taking advantage of the NHS’s inability to mandate and coordinate the required policies on suppliers which would at least give the under-funded and under-appreciated IT functions the ability to provide the service they so desperately want to.”

A third comment said that security and configuration management in the NHS is “pretty poor”. He added, “I don’t know why some hospitals continue to invest in home-brew email systems when there is a national solution ready and paid for.

“In this recent attack most the organisations hit seem to use local email systems.”

He also criticised NHS organisations that:

  • Do not properly segment their networks
  • Allow workstations to openly and freely connect to each other in a trusted zone.
  • Do not have a proper patch / update management regime
  • Do not firewall legacy systems
  • Don’t have basic ACLs [access control lists)

Three lessons?

  • Give GDS the ability to mandate no matter how many Sir Humphreys would be upset at every challenge to their authority. Government would work better if consensus and complacency at the top of the civil service were regarded as vices, while constructive, effective and forceful criticism was regarded as a virtue.
  • Give the NHS money to spend on the basic essentials rather than nice-to-haves such as a paperless NHS, trust-wide wi-fi, smartphone apps, telehealth and new websites. The essentials include interoperability – so that, at the least, all trusts can send test results and other medical information electronically to GPs –  and the upgrading of medical devices that rely on old operating systems.
  •  Plan for making the NHS less dependent on monolithic Microsoft support charges.

On the first day of the attacks, Microsoft released an updated patch for older Windows systems “given the potential impact to customers and their businesses”.

Patches are available for: Windows Server 2003 SP2 x64Windows Server 2003 SP2 x86, Windows XP SP2 x64Windows XP SP3 x86Windows XP Embedded SP3 x86Windows 8 x86, and Windows 8 x64.

Reuters reported last night that the share prices of cyber security companies “surged as investors bet on governments and corporations spending to upgrade their defences”.

Network company Cisco Systems also closed up (2.3%), perhaps because of a belief that it would benefit from more network spending driven by security needs.

Security company Avast said the countries worst affected by WannaCry – also known as Wannacypt – were Russia, Taiwan, Ukraine and India.

Comment

In a small room on the periphery of an IT conference on board a cruise ship , nearly all of the senior security people talked openly about how their board directors had paid ransoms to release their systems after denial of service attacks.

Some of the companies – most of them household names – had paid ransoms more than once.

Until then, I’d thought that some software suppliers tended to exaggerate IT security threats to help market their solutions and services.

But I was surprised at the high percentage of large companies in that small room that had paid ransoms. I no longer doubted that the threats – and the damage – were real and pervasive.

The discussions were not “off-the-record” but I didn’t report their comments at the time because that would doubtless have had job, and possibly even career ramifications, if I had quoted the security specialists by name.

Clearly ransomware is, as the GCHQ expert Kieran Martin put it, a global business but, as ransoms are paid secretly – there’s not a whisper in corporate annual accounts – the threat has not been taken seriously enough in some parts of the NHS.

The government’s main defence is that the NHS was not targeted specifically and that many private organisations were also affected.

But the NHS has responsibility for lives.

There may be a silver lining if a new government focuses NHS IT priorities on the basics – particularly the structural defects that make the health service an easy target for attackers.

What the NHS doesn’t need is a new set of politicians and senior civil servants who can’t help massaging their egos and trying to immortalise their legacy by announcing a patchwork of technological marvels that are fun to work on, and spend money on, but which gloss over the fact that much of the NHS is, with some notable exceptions, technologically backward.

Microsoft stockpiled patches – The Register

UK government, NHS and Windows XP support – what really happened – Computer Weekly

NHS letter on patches to counter cyber attack

Multiple sites hit by ransomware attack – Digital Health (31 comments)

Lessons from the WannaCrypt – Wannacry – cyber attack according to Microsoft

 

Some officials “smuggle their often half-baked proposals past ministers” says Cabinet Office adviser who quits

By Tony Collins

Jerry Fishenden has resigned from the Cabinet Office‘s Privacy and Consumer Advisory Group after nearly six years. First he was its chairman and more recently co-chairman.

The Privacy and Consumer Advisory Group comprises privacy and security experts who give the government independent analysis and guidance on personal data and privacy initiatives by departments, agencies and other public sector bodies. This includes GOV.UK Verify.

The group’s advice has had the citizens’ interests in mind. But the group might have been seen by some Whitehall officials as having an open and frank “outsiders” culture.

Francis Maude, then Cabinet Office minister, helped to set up the group but he left in 2015 and none of his replacements has had a comparable willingness to challenge the civil service culture.

Maude welcomed the help of outsiders in trying to change the civil service.  He tried to bring down the costs of Government IT and sought to stop unnecessary or failing projects and programmes. He also wanted to end the “oligopoly” of a handful of large IT suppliers. But Maude’s initiatives have had little continuing support among some Whitehall officials.

Fishenden said in a blog post this week that Maude had wanted the Privacy and Consumer Advisory Group to be a “critical friend” – a canary that could detect and help fix policy and technology issues before they were too far down the policy / Bill process.

“The idea was to try to avoid a repeat of previous fiascos, such as the Identity Card Act, where Whitehall generalists found themselves notably out of their depth on complex technical issues and left Ministers to pick up the pieces.”

He added that “since Francis Maude’s departure, there has been only one meeting” with subsequent Cabinet Office ministers.

“Without such backing, those officials who find the group’s expert reviews and analyses “challenging” have found it easier to ignore, attempting instead to smuggle their often half-baked proposals past Ministers without the benefit of the group’s independent assistance…

“Let’s just hope that after the election the value of the group will be rediscovered and government will breathe life back into the canary. Doing so would help realise Francis Maude’s original purpose – and bring significant benefits to us all, whether inside or outside of government.”

Comment

One of the Privacy and Consumer Group’s strengths has been its independent view of Government IT-related initiatives  – which is probably the main reason it has been marginalised.

Fishenden’s departure is further confirmation that since Maude’s departure, the Cabinet Office – apart from the Government Digital Service – has settled back into the decades-old Whitehall culture of tinkering with the system while opposing radical change.

While Whitehall’s culture remains unreformable, central government will continue to lose the best IT people from the private sector. Some of these include the former Government Digital Service executive director Mike Bracken, Stephen Foreshew-Cain, who took over from Bracken, Janet Hughes, programme director of Verify,  Andy Beale, GDS’s chief technology officer, Paul Maltby, GDS’s director of data and former Whitehall chief information officers Joe Harley, Steve Lamey, Andy Nelson and Mark Dearnley.

The unfortunate thing is that a few powerful career civil servants, including some permanent secretaries, will be delighted to lose such outsiders.

Jerry Fishenden is simply the latest casualty of a civil service tradition that puts the needs of the department before those of the citizen.

It’s a culture that hasn’t changed for decades.

The canary that ceased to be – Jerry Fishenden’s blog on his departure

Privacy and Consumer Advisory Group

Large suppliers still dominate government IT

By Tony Collins

In 2012, the then Cabinet Office minister Francis Maude, lamented the high costs of government IT and spoke of an “oligopoly” of large suppliers. He suggested things would change.

“… contracts were consistently awarded to a limited number of very large suppliers on long-term exclusive contracts.

“As a result there was inadequate competition and an abdication of control. The concept of having one supplier, aggregated supply, increased project risk and removed competitive tension.

“The Government repeatedly found itself paying large amounts for systems that were delivered late, over budget and which often did not fully meet the original policy requirement.  If indeed, they were delivered at all. There are plenty of well-documented disasters – such as DH’s now terminated National programme for IT.

“Ultimately, the last Government lost control of IT – it outsourced not only delivery, but its entire strategy and ability to shape the future of our public services.

“At the same time smaller, more innovative and efficient suppliers were finding themselves locked out of the supply of services to Government because of what was described by Parliament as a powerful “oligopoly” of large suppliers.

“Procurements took so long only the big companies could absorb the cost – which they naturally passed on to us.

“All in all, we had an approach that was bad for users, bad for the taxpayer and bad for growth.”

Public sector IT spending was up to £20bn a year, he said, adding that “public sector productivity was actually declining”.  He outlined how things were changing.

What has happened since?

A report published today by the National Audit “Digital Transformation in Government” raises a question of how much has changed.

Efforts to boost the SME share of government IT business “have had some impact”, says the National Audit Office, but it adds that “most government procurement with digital and technology suppliers continues to be with large organisations”.

“In 2015-16, 94% of such spending was with large enterprises, a fall of less than one percentage point since 2012-13.”

Today’s NAO report is mainly about the Cabinet Office’s Government Digital Service – GDS. It points out GDS’s strengths and weaknesses but in general does not give any advice on the sensitive point of whether it should have more or less influence on government IT.

On digital transformation, it says that the work of the NAO shows that attempts to transform government have had mixed success.

“Many public services appear increasingly unsustainable. Those responsible for major programmes have continued to exhibit over-optimism and make slow progress towards their objectives.”

It adds,

“Digital transformation has a mixed track record across government. It has not yet provided a level of change that will allow government to further reduce costs while still meeting people’s needs.

“GDS has also struggled to demonstrate the value of its own flagship initiatives such as Verify, or to set out clear priorities between departmental and cross-government objectives.

“GDS’s renewed approach aims to address many of these concerns as it expands and develops into a more established part of government. But there continues to be a risk that GDS is trying to cover too broad a remit with unclear accountabilities.

“To achieve value for money and support transformation across government, GDS needs to be clear about its role and strike a balance between robust assurance and a more consultative approach.”

Comment

The National Audit Office report is strong on facts and quality of research but avoids the big question of how GDS can bring about change when the top brass in departments prefer autonomy to what they see as GDS’s interference.

GDS’s existence goes to the heart of how the civil service runs. It is one part of the civil service trying to bring about change in other parts of the civil service.

And the evidence so far is that the civil service doesn’t like change.

The NAO report disappoints because it doesn’t address how government IT is to change if departments are to continue to run empires unchallenged by GDS or the heads of the civil service. Sir Humphrey is still king.

GDS scrutinises departmental IT spending – spending applications are reviewed by a team of eight people within GDS’s Standards Assurance team – but, much to Sir Humphrey’s delight, GDS’s influence seems to be waning.

When Jack Straw was Justice secretary, he told MPs in 2007 that when he abandoned projects there was a fuss at first and soon nobody noticed the project did not exist.

“There is always the option to abandon things. I did that in the Foreign Office with much complaint that the world might end.

“What happened was that we saved a lot of money and no one ever noticed the fact that that scheme did not exist…it is very frustrating that so many people, including the private sector, are taken in by snake oil salesmen from IT contractor who are not necessarily very competent and make a lot of money out of these things. I am pretty intolerant of this.”

How much has changed? Outsiders including Jack Straw and Francis Maude, together with insiders such as Chris Chant have pointed to the need for major changes in the way departments manage huge IT budgets and there have been some improvements: HMRC’s is breaking up its monolithic “Aspire” contract, citizens may notice that it is possible now to renew passports and driving licences online and GDS has had an impact in making departments think hard about whether they really need to spend the amounts they do on major IT contracts.

But major change in the costs of government IT seems not just a long way off but unattainable while the dominance of Sir Humphrey remains unchallenged.

Digital Transformation in Government – NAO report