Category: independence

IT and government, what to do?

June 7, 2012

Author: arjen

Friday a week ago I, along with other "experts", attended a Parliamentary Working Group to answer questions about government IT projects. This was a Parliamentary group of MPs investigating the many IT failures of the government. After the summer (and the sept 12th elections), the investigation should begin with a sharp set of research questions. The invited experts were there to help formulate the right questions.

Here are my blog links to some of the available online advice written by the working group and the video stream (all in Dutch). It was striking how unanimous was the message presented by all the IT experts, given the variety of backgrounds.

Like other columnists and opinion writers, I also emphasised the failings of government and egregious damage to national security, privacy and general public funds. From available data, in terms of the government, the cost to the Dutch has moved from millions to billions of euros annually.

With such a government it is like shooting fish in a barrel for columnists. Therefore it was refreshing on this occasion to make a more constructive contribution. Although it was a pity that such meetings do not occur more frequently and are not better attended by the officials and suppliers who are responsible for all these projects. As 6 billion euros pour down the drain every year (and that is only the out-of-pocket costs – the social impact may be much higher) it might be a good idea to hold consultations more often. While I doubt that the gathering last week has any ready-made solutions for all the problems, I think there is a reasonable degree of consensus about their root causes:

1. Wrong incentives for both government and suppliers; who actually has an interest in completing projects within the agreed time frame and under budget? Nobody. Not the supplier, who could just add many more billable hours, and therefore finds added complexity much more lucrative. Not the responsible bureaucrats, because when a project runs they have a job and a growing staff to do things – the larger your group, the more important you are. And because projects quickly become a political matter, and then a 1000% overspend becomes perfectly acceptable in order to save the neck of some senior official. There are never any penalties for any of the involved parties, no matter what the scale and comsequences of the failures. The same officials continue to hire the same 10 major suppliers.

2. Too little substantive knowledge; allows suppliers to drive the process; because most government departments lack the expertise they allow suppliers to drive virtually all substantive activities. This allows vendors to interfere in advisory roles about the the delivery of products and the implementation of services. This is very profitable for the suppliers, but not so great for the cost or technology choices that are supposed to work in the interest of the government and the citizens.

3. Total lack of oversight and transparency; there is so little transparency that the government does not know what it has, what it buys and how much it costs. Previous attempts by Parliament to get an insight into all this failed. The consequence is that most so-called "business cases" are mostly hot air. If it is impossible to assess what something currently costs and the expense of replacing it, we are sailing blind. Probably on the ‘advice’ of the vendors mentioned in Point 1.

4. Dangerously naive attitude to security risks; the recent incidents involving SCADA systems and many, many other broken online government services show that the security risks are not incidental but structural in nature. Add Stuxnet to the mix, and it is clear that public systems can be easily manipulated. The social consequences of a targeted attack are difficult to predict, and the government has no contingency plan whatsoever. It is not even clear who is responsible for picking up the pieces when certain services fail.

5. There is no discernable ambition to rectify any of the above points; the government remains quite content to define them as an immutable law of nature or fate and therefore outside its ability to influence.

That all sounds terrible. The question remains – is there anything we can do? Yes we. Because if you have read this, you will probably be concerned about government, your hospital that you might need some day, the school where your children go, the pumping station that keeps your feet dry.

The solution starts with recognizing the five points above. It is not good enough to dismiss the scale of the problem with statements like "but it is not always wrong …". A car which sometimes does not explode is not good enough. After recognising the problem, there must be a real will to improve (perhaps spurred on by a penalty imposed by Parliament). The government must have the ambition to seriously revise its traditional modus operandi. In addition, there must be the will to have a real, effective government, not some call centre for a corporation. The government is not a business, so it should stop pretending. This goal should be the visible core of all subsequent behaviour. Greater transparency will sharply expose any lack of expertise and the wrong incentives; as a result targeted action can be taken. Transparency also makes it much easier for other experts to advise government (for example about that naïve attitude to security).

How large, complex and important all these questions may seem to be. Yet the more important questions were asked last month by Professor Eben Moglen in a masterly speech in Berlin: "Why Freedom of Thought Requires Free Media and Why Free Media Requires Free Technology". Under the speech there are now discussions that ‘I Have a Dream‘ meets ‘Band of Brothers‘ (a vision combined with a call to action). That is how this speech should look to anyone involved in IT, and triply so to bureaucrats. I hope that our MPs can also spare an hour to watch it this summer. To waste 6 billion Euros a year is bad, but to throw away the hard-won freedoms of the past 1000 years – that’s really bad.

SOPA; not our problem

January 19, 2012

Author: arjen

Yesterday was the big SOPA protest day. Wikipedia (in English), Boing Boing, Reddit and many other sites were blacked out. Other sites, and even google.com had one-line banners beneath the bar exhorting me to contact the US Congress. The link said: "millions of Americans Oppose PIPA and SOPA because these bills would censor the Internet and slow economic growth in the US". Even a classic song urges me "to call my congressman". But google.nl, did not show this – clearly indicating that it perceived the matter to be an internal American political problem.

In recent weeks there have been many calls for action outside the US against SOPA. These calls have been synchronized with outrage and protests as ~~Bush~~ Obama signed the NDAA anti-terrorism law. Under this law, anyone in the US "suspected" of involvement in "terrorism" (both nebulously defined) can be indefinitely imprisoned or even killed without trial or any other form of judicial review (think Stalin ’30). The anger itself is justified, but more than ten years too late. Indeed the only new provision in the NDAA is that the US can now treat its own citizens in ways that have been enforced against the world’s other 6.5 billion people since 2001.

The Big Brother legislation that has been introduced across the pond in the last ten years is now so extreme that even Oracle no longer wants to be a US-based company and European companies are beginning to avoid US providers over the Patriot Act. The whole country is obviously going through an Orwellian phase and so it is wise to keep a safe distance until it’s all over.

Even Michael Geist, otherwise a great source for information about ACTA, is not convincing. SOPA may perhaps be a broader North American problem but it still has little to do with the rest of us. Bits of Freedom in the Netherlands has a good overview of reasons to worry about a similar European SOPA-style legislation. Below are four points that explain why we shall not be badly affected:

"The Internet access to a site can be blocked." Annoying for Americans, but it won’t affect us. And Americans abroad can also easily bypass such a blockade through a VPN service, which is good for European VPN providers.

"Your domain name can be seized or sabotaged." Just avoid .com / .org / .net for your site/service, and steer clear of American DNS services and anything dependent on them – and that was an excellent idea long before SOPA. Your domain cannot be seized by customs and you will not be extradited and prosecuted for alleged violations of US copyright law.

“Payments to a website can be blocked." It’s really frustrating that there is an American credit card duopoly. However, Visa and Mastercard have already demonstrated with the Wikileaks case that no specific allegation of crime is required in order to be blacklisted. Fortunately, Europe has more and more local electronic banking systems that redress the balance.

"Websites will disappear from search results." It would be a shame if the American government really wanted to destroy Google, currently the best search engine, but it would also open the market for non-American alternatives beyond the reach of SOPA. Google could also clone itself, like Ikea – a Dutch foundation based in Zurich and Eemshaven datacenter and service its European customers.

This list confirms to me that we have become overly dependent of on US service providers (just like the software market!). This dependency is our real problem, not the current political shitstorm-of-the-month in the US. And finding alternatives and/or developing overseas partnerships is something we Europeans can proactively do for ourselves. That is where our focus should be.

America is broken, fundamentally broken. When an American politician cautiously suggests that the US might want to apply to itself rules it already imposes on others (the golden rule thing), he will be booed. This is the level of the debate leading up to the next "election" (I use the term advisedly – it’s more like bad reality-TV). The idea that it is still possible to influence US policy with a reasonable debate based on facts seems hopelessly naive. As George Carlin explained back in 2005, the US political system is too corrupt to deal even with the real interests of American citizens, let alone the interests of non-US citizens. US-based systems are now unsuitable for Europeans.

Smart Europeans can only wave goodbye and vote with their feet/wallets and DNS registrations. Surely Americans will understand that, it’s how they got started after all.