Friday a week ago I, along with other "experts", attended a Parliamentary Working Group to answer questions about government IT projects. This was a Parliamentary group of MPs investigating the many IT failures of the government. After the summer (and the sept 12th elections), the investigation should begin with a sharp set of research questions. The invited experts were there to help formulate the right questions.
Here are my blog links to some of the available online advice written by the working group and the video stream (all in Dutch). It was striking how unanimous was the message presented by all the IT experts, given the variety of backgrounds.
Like other columnists and opinion writers, I also emphasised the failings of government and egregious damage to national security, privacy and general public funds. From available data, in terms of the government, the cost to the Dutch has moved from millions to billions of euros annually.
With such a government it is like shooting fish in a barrel for columnists. Therefore it was refreshing on this occasion to make a more constructive contribution. Although it was a pity that such meetings do not occur more frequently and are not better attended by the officials and suppliers who are responsible for all these projects. As 6 billion euros pour down the drain every year (and that is only the out-of-pocket costs - the social impact may be much higher) it might be a good idea to hold consultations more often. While I doubt that the gathering last week has any ready-made solutions for all the problems, I think there is a reasonable degree of consensus about their root causes:
1. Wrong incentives for both government and suppliers; who actually has an interest in completing projects within the agreed time frame and under budget? Nobody. Not the supplier, who could just add many more billable hours, and therefore finds added complexity much more lucrative. Not the responsible bureaucrats, because when a project runs they have a job and a growing staff to do things - the larger your group, the more important you are. And because projects quickly become a political matter, and then a 1000% overspend becomes perfectly acceptable in order to save the neck of some senior official. There are never any penalties for any of the involved parties, no matter what the scale and comsequences of the failures. The same officials continue to hire the same 10 major suppliers.
2. Too little substantive knowledge; allows suppliers to drive the process; because most government departments lack the expertise they allow suppliers to drive virtually all substantive activities. This allows vendors to interfere in advisory roles about the the delivery of products and the implementation of services. This is very profitable for the suppliers, but not so great for the cost or technology choices that are supposed to work in the interest of the government and the citizens.
3. Total lack of oversight and transparency; there is so little transparency that the government does not know what it has, what it buys and how much it costs. Previous attempts by Parliament to get an insight into all this failed. The consequence is that most so-called "business cases" are mostly hot air. If it is impossible to assess what something currently costs and the expense of replacing it, we are sailing blind. Probably on the 'advice' of the vendors mentioned in Point 1.
4. Dangerously naive attitude to security risks; the recent incidents involving SCADA systems and many, many other broken online government services show that the security risks are not incidental but structural in nature. Add Stuxnet to the mix, and it is clear that public systems can be easily manipulated. The social consequences of a targeted attack are difficult to predict, and the government has no contingency plan whatsoever. It is not even clear who is responsible for picking up the pieces when certain services fail.
5. There is no discernable ambition to rectify any of the above points; the government remains quite content to define them as an immutable law of nature or fate and therefore outside its ability to influence.
That all sounds terrible. The question remains – is there anything we can do? Yes we. Because if you have read this, you will probably be concerned about government, your hospital that you might need some day, the school where your children go, the pumping station that keeps your feet dry.
The solution starts with recognizing the five points above. It is not good enough to dismiss the scale of the problem with statements like "but it is not always wrong ...". A car which sometimes does not explode is not good enough. After recognising the problem, there must be a real will to improve (perhaps spurred on by a penalty imposed by Parliament). The government must have the ambition to seriously revise its traditional modus operandi. In addition, there must be the will to have a real, effective government, not some call centre for a corporation. The government is not a business, so it should stop pretending. This goal should be the visible core of all subsequent behaviour. Greater transparency will sharply expose any lack of expertise and the wrong incentives; as a result targeted action can be taken. Transparency also makes it much easier for other experts to advise government (for example about that naïve attitude to security).
How large, complex and important all these questions may seem to be. Yet the more important questions were asked last month by Professor Eben Moglen in a masterly speech in Berlin: "Why Freedom of Thought Requires Free Media and Why Free Media Requires Free Technology". Under the speech there are now discussions that 'I Have a Dream' meets 'Band of Brothers' (a vision combined with a call to action). That is how this speech should look to anyone involved in IT, and triply so to bureaucrats. I hope that our MPs can also spare an hour to watch it this summer. To waste 6 billion Euros a year is bad, but to throw away the hard-won freedoms of the past 1000 years - that's really bad.