The annual report on the Government Major Projects Portfolio includes assessments of a range of big-ticket IT initiatives. We take a closer look at three experiencing differing fortunes
PublicTechnology’s sister publication Civil Service World has been taking a close look at the findings of this year’s annual report from government’s Infrastructure and Projects Authority. CSW has been compiling a snapshot of progress in each of the of the report’s four categories. This section looks at the state of major projects in the ICT category.
7 projects | £10bn whole life cost
1 Red | 9 Amber/Red | 12 Amber | 3 Amber/Green | 2 Green
The smallest category in the GMPP by both number of projects and whole life cost, the ICT project basket is home to schemes to upgrade tech and digital services across government. Schemes range from the Department for Environment, Food and Rural Affairs’ Unity Programme to replace the ministry’s tech services, to the Home Office’s biometrics programme.
Like the transformation portfolio, the number of schemes under the ICT heading has fallen since 2015, from 48 to 27, reflecting that a number of major digital schemes have been completed in recent years, for parts of government as varied as the Student Loans Company to an ICT procurement programme for the Crown Prosecution Service
There was one red-rated ICT scheme in 2019, compared to none in 2018, with GOV.UK Verify moving into the red from a previous amber rating. There were also more amber-red rated projects (nine, up from seven). However, there were also two green-rated projects in the category, when there none in 2018.
Technology Communications Capabilities Development programme (CCDP) | Home Office | Whole life cost not disclosed
The Home Office’s CCDP supported police, spies and other public authorities to access digital communications. As the green rating indicates, it has been successfully delivered, ending early on 31 March 2018, two years before its original 2020 end date. Its work has since transferred to the Communications Data and Lawful Intercept Service Partnership.
According to the most recent data, CCDP started on 1 May 2010. However, it can be seen as a rebadging of the Intercept Modernisation Programme (IMP), first launched in April 2006 under the last Labour government, and which has major projects data from 2014. The initial IMP plans would have created a central database of all UK internet and telephone communications data – including email headers, websites visited and telephone billing data, although not actual content – allowing for state analysis of everyone’s online and phone activity.
In 2009, following criticism on privacy grounds, then-home secretary Jacqui Smith said the data would instead be held by communications service providers with public authorities applying for access when needed. Service providers would be paid to hold this data (which they often already retained for purposes such as billing) with a total cost to the government of £2bn over 10 years.
The coalition government continued with this model for CCDP, along with greater openness and oversight of state surveillance. According to the most recent report by the investigatory powers commissioner Lord Justice Fulford, more than 500 public authorities are authorised to apply for communications data and they acquired 758,000 such items in 2017, with the vast majority of applications made by law enforcement (92.6%) and intelligence agencies (6.5%). The number of applications has risen since 2010 when 553,000 requests were made, but has been stable for the last couple of years.
The Home Office has released little information on CCDP. In May 2014 the Major Projects Authority rated it amber-red for the 2013-14 fiscal year, “due to uncertainty around communications data legislative proposals and potential issues with long term affordability”. It added: “The programme has, however, re-focused effort under existing legislation and has re-scoped accordingly taking forward work with stakeholders in priority areas.” Later assessments of the project showed gradual improvement to green in the most recent iteration.
Following the programme, the Communications Data and Lawful Intercept Service Partnership has been formed to maintain the capabilities across government. As of April this year, 85 civil servants in the Home Office are directly contributing to the CDLI partnership.
Unity programme | Department for Environment, Food and Rural Affairs | Whole life cost £1bn
UnITy is a programme to revamp ICT services across Defra, and a number of the key agencies that it sponsors.
It replaces the previous arrangements under which services were delivered via separate contracts by Capgemini and IBM to the Environment Agency and Defra respectively.
These big contracts are being replaced by a multi-supplier model, disaggregating the existing arrangement in line with the long-established government priority to move away from monolithic contracts. The new services will operate across the Environment Agency, Rural Payments Agency, Natural England, Marine Management Organisation and the Animal and Plant Health Agency alongside Defra.
As well as more flexible contracts, this multi-supplier model aims to deliver more modern ICT, supporting new ways of working and enabling the department to move from its current reliance on in-house data centres and regionally dispersed server rooms.
According to Defra’s director of group infrastructure and operations Chris Howes, hosting its applications in the cloud will enable the department and its agencies to better increase and decrease capacity in line with ebbs and flows of demand.
This will in turn help Defra, which is the lead department on sustainability across government, to contribute towards the 2020 Greening Government Commitments.
The IPA’s most recent review gives the project, which is scheduled for completion by 2020-21, amber status.
The rating is based on the grounds that the programme faces significant risks. The inherently complex nature of breaking up large-scale contracts is compounded by other departmental reforms and by Brexit, according to the department’s submission to the IPA.
In April last year, Defra announced that it had agreed a 17-month contract extension with IBM to help it cope with application development pressures surrounding Brexit, with an estimated cost to the department of around £30m.
But the high-level plan for UnITy continues to make “significant progress” with all key service procurements having successfully completed to schedule, according to Defra’s submission to the IPA. It also concluded that implementation has begun on all of the programme service contracts.
However, the year-on-year phasing of costs has been reprofiled following a 31% increase for 2018-19.
This was due to what the department described as “significant” investment during the last financial year. This variance has not though materially changed the whole life costs of the programme, which is on track to deliver savings forecasts.
GOV.UK Verify | Cabinet Office | Whole life cost: £209.6m
GOV.UK Verify is one of just four major projects with a red rating indicating that successful delivery appears unachievable. In some respects this is surprising, given that Verify already provides millions of people with a way to access online government services. Users choose a commercial organisation that will verify their identity, such as by viewing passports or driving licences, and get a multi-purpose log-in.
“Verify is a world-leading example of how to enable people to use services securely online, and demonstrates that the government is working at the forefront of new technology,” said a Government Digital Service spokesperson. “To date, over 4.5 million accounts have been created and Verify has been used to process over 12m secure transactions.”
“The vast majority of use cases for digital ID exist in the private sector” Lisa Barnett, GDS
But these numbers are far below the project’s original ambitions. GDS started public trials of its predecessor, the Identity Assurance Programme, in October 2014 at which point it expected to eventually support 100 government services. Two years later this had been pruned to 46 services by March 2018, with fees paid by government departments making it self-funding. It also expected 25 million users by 2020 – but is less than one-fifth of the way to reaching that.
Earlier this year, the National Audit Office said Verify only supported 19 government services (GDS has since added one more, allowing health service employees to claim NHS pensions). At least 11 could be accessed in other ways, many through HM Revenue and Customs’ Secure Credential Platform, which has recently taken over from its Government Gateway system. When Defra and the Rural Payments Agency attempted to use Verify in 2014, many users reported difficulties with the system, leading the department to bring in its own interim solution – which is still in use.
Verify’s failure to attract users, both citizens and departments, means it has failed to save money. Its 2016 business case projected benefits to the government of £873m for 2016-20; this has since been cut to £217m. The NAO concluded that it showed many of the common failings of major programmes “including optimism bias and failure to set clear objectives”.
Red status also indicates a project in need of re-scoping, and the Cabinet Office is doing just that, having said in October 2018 that it would stop funding Verify in March 2020 with the hope of shifting responsibility to the private sector. In June, minister Oliver Dowden announced a call for evidence on the digital identity market, open until 15 September, with ideas including the use of Verify for loan or credit card applications.
“Looking at ways to scale, we have found that the vast majority of use cases for digital ID exist in the private sector,” wrote Lisa Barnett, who GDS recently appointed to lead on digital identity. She added that fewer than five million users is “only a small proportion of what’s possible”. The question is whether Verify can attract enough business, both from the private and public sectors, to make it sustainable.