Thursday, 1 December 2016

Why Jersey Needs Estonia and Digital IDs

I’m in two minds about this flight to the UK for the Estonian Ambassador, Lauri Bambus, and his colleagues. On the one hand, it looks like a cavalier decision without forward consultation with his Ministerial colleagues by Senator Ozouf, but on the other, there is some justification for such a decision in this case.

That is because what is said about Estonia is correct. They are streets ahead of the UK, France – and Jersey – and a world leader in digital services. The benefits could be enormous if we want to develop our own digital economy, and use digital services to streamline government. 

Previously, over the last ten years, the Digital Jersey project (and to be fair, this was before Tony Moretta came on board) has been an abject failure. Let us not forget it has seen the resignation of one CEO in 2013 and a number of criticisms at its failure to move forward. Three years ago, there were lots of sound-bites but little substance.

CEO of Digital Jersey, Tony Moretta pointed out that Estonia has been instrumental in helping develop Jersey's digital infrastructure - including the new Digital ID system.

“Given the huge amount of guidance and assistance we are being given by Estonia, this is the least we could do as a good host. It is behaviour like this that forges strong relationship, and it is in Jersey’s interests that we have that with Estonia.”

But what we need is more transparency about the benefits. Senator Ozouf did not, in any of the reported sound-bites, mention the new Digital ID system. It is said as an aside by Tony Moretta. This I think is a mistake – if this was one of the core reasons for coming to Jersey, can we have some more detailed information on how Estonia is helping us, some flesh on the bones, so to speak.

At the moment, all we have is vague mention of lots of meetings with important people and sectors of the economy such as Digital Jersey, IT companies, Telecoms companies etc. This is not helping Senator Ozouf’s case. We need better communications, preferably by someone who can report in layman’s terms, and not in smooth vacuous sound-bites. I’m sure the detail is there: we just need someone who can write good English to do it.

So what is a digital ID solution? And what is happening with it? One document gives some details:

A digital ID solution is one of the foundational building blocks for government online services. Until now within Jersey, each online service that has required an authentication facility has built its own, leading to a proliferation of similar but incompatible systems of user names and passwords. A corporate digital ID system will provide a standard platform that the majority of Jersey’s government online services will use.

A recommended approach1 was reviewed by key stakeholders who concluded: The proposal: ‘to establish an Alpha project which, using the GOV.UK Verify hub as the model architecture, will build a prototype identity assurance hub for Jersey and establish high level requirements for the data integration approach.’ was accepted with the following requirements:

  • Success criteria and critical questions should be agreed by stakeholders ahead of initiating the Alpha project.
  • The project is anticipated to last four months at a total estimated cost of £50k
  • In addition, a parallel, short life, work stream should be established to identify whether a product exists that, in contrast to the GOV.UK Verify model tested in the Alpha project: 
  • Relies exclusively on SOJ data for the provision of a digital ID 
  • Represents an alternative commercial model, specifically based on product purchase as opposed to third party service provision.

It is this second part where we are looking to Estonia, as the UK has only just introduced its own model, and we do not want to go that way and have "buyers remorse" at taking the wrong option. As Estonia has the best alternative model, that is clearly why we have been in contact with them. Why reinvent the wheel?

The States of Jersey has a number of online services that are being introduced in 2017 and 2018 which are dependent on a digital identity solution. The cost savings that those initiatives will bring are key to Jersey achieving a balanced budget so they cannot be delayed. The strategic digital identity solution therefore must be available for integration, testing and public beta by March 2017 and must be fully live by September 2017.

And from the Minutes of the Committee des Connétables, we can see how this filters through to all parts of our government services:

The Comité received the Programme Director - eGov, Chief Minister’s Department, and considered a paper seeking in principle approval for the interfacing of LICAR (the Jersey driving licence system) to the United Kingdom Cabinet Office to facilitate the provision of a digital ID for an individual.

A common digital ID system was a core component of the eGov strategy and would remove the need for multiple, service specific logons, reducing the number of passwords a user must remember and providing a faster, more efficient way to engage with the parishes or States.

An important privacy principle was that the hub did not store any data about a person’s identity but data provided by a person to the Identity Provider would be checked against that held by authoritative data sources and a ‘yes’ or ‘no’ answer would be returned on whether the data provided by the applicant was valid. Important privacy principles had been designed into the system in order to ensure compliance with the General Data Protection Regulations (GDPR) which would become law across Europe and the U.K. in May 2018; equivalent legislation was expected to be enacted in Jersey

And what has Estonia got to offer:

Estonia is a pioneer in public sector digitisation. Every citizen has a digital ID card, which means inter alia that they can use their computers or smart phones to vote in election

Every Estonian has two PIN codes, one for authentication – enabling the owner to prove his/her identity – and the other to give agreement or approval, e.g. to sign a document or make a payment. An authentication service uses a central database to check that the card and code correspond. The system has already been up and running for ten years and to date no security breach has been reported.

The administration offers citizens a total of no less than 600 e-services and 2,400 services are available online to businesses. In addition, by enabling Estonians to cast a vote remotely in just a few minutes, the digital identity approach is helping to strengthen the democratic process and reduce voter abstentions. Authentication software allows people to cast their ballot online. Votes are then encrypted to maintain anonymity and forwarded to the relevant polling office. Estonians can also use a special SIM card, which identifies the user, to vote from their mobile devices.

In conclusion...

So in conclusion.... compared with the South African flights, and the travel and accomodation costs incurred which have already been controversial, I think this may well be a good use of taxpayers money. 

My suggstion: could we please have this "emergency reserve" incorporated in the budget, so it can be allowed for in advance in future.That way, there are no nasty surprises. If not used, it can be carried forward to next year.

And please can we have some details, even if not technically specific, about what the meetings that took place here were all about, in language that is not composed of smooth sounding sound-bites. Senator Ozouf needs to work on improving his skills there, and still manages to sound more like an estate agent sound-bite generating machine.

No comments: