Science, Innovation and Technology Committee
Oral evidence: Digital centre of government, HC 790
Tuesday 13 May 2025
Ordered by the House of Commons to be published on 13 May 2025.
Members present: Chi Onwurah (Chair); Dr Allison Gardner; Tom Gordon; Kit Malthouse; Jon Pearce; Steve Race; Martin Wrigley.
Questions 46 - 105
Witnesses
I: Phil Rumens, Digital Services Manager, West Berkshire Council; and Councillor Sunita Gordon, Lead Member for Resources, London Borough of Sutton.
II: Andrew Chevis, Chief Executive, CitizenCard; and Julie Dawson, Chief Policy and Regulatory Officer, Yoti.
III: The right hon. Sir Iain Duncan Smith MP, Former Secretary of State, Department for Work and Pensions.
Witnesses: Phil Rumens and Councillor Gordon.
Q46 Chair: Welcome to the Select Committee’s second session in our digital centre of government inquiry. Today, we welcome leaders in local government digitalisation and digital transformation.
I will put one question to both of our witnesses and ask you to introduce yourself when you first speak. My question, to start our session, is: how has your local authority used technology to improve service delivery?
Councillor Gordon: Thank you very much, Chair. Good morning, everyone. I am Councillor Sunita Gordon and I am lead member for resources and finance at the London borough of Sutton.
We have been on a journey, like most councils. The way we use technology is moving from analogue to digital. I will give you a short example of how we have done it in social care. The ageing population is something we are all very much aware of. Our intention is to keep people at home as long as they can live independently. With that in mind, we have created tech-enabled tools—basically, just a sensor that measures.
We agree it with the resident and we put the sensor in their home. They can have two or three sensors that learn about the person’s behaviour—how frequently they get up, do they make tea every three hours, every two hours and so on—and they learn that pattern. That pattern is then recorded with the agency, which monitors it 24/7 to see that they are okay. Any day that they do not tend to get up, say after two hours, when it is three hours, it automatically sends a little alert. The alert means somebody can contact them—a first responder. If they have fallen down, or something has happened, we have people on the ground who can go and see them and help them get on with their day.
Phil Rumens: I am Phil Rumens. I am digital services manager at West Berkshire Council. My local authority has used technology to deliver a wide range of public services. We are involved with central Government on Open Digital Planning with MHCLG to transform planning services not only in the back office, but in what is offered online. We are part of the Minute pilot with DSIT. There are 25 councils involved in that, to transcribe and write up minutes and reports. We are working on accelerating reform in adult social care with central Government as well.
Away from central Government, we are using artificial intelligence to detect potholes, translate documents, which has saved literally tens of thousands of pounds every year, draft job adverts and even for an AI policy assistant for social care professionals to help them interpret policy, keeping the human in the loop at all times. We have introduced digital permits, digital tip booking and internal processes and an on-boarding process for new staff. The backbone of delivering public services locally is supported by systems that we might buy off the shelf; HR systems and IT systems and other systems across the board. That is an overview of what we have been doing at West Berkshire.
Q47 Chair: Thank you very much. That is a valuable insight into the range of applications that are using technology: social care, potholes, writing of minutes and the in-house development versus buying in technological solutions. Can you each say a little bit about the development process for the technology applications? How do you build in safeguards, for example, around user data in the social care application? The data of vulnerable people must be well safeguarded. How do you evaluate the success, or otherwise, of these new tools?
Councillor Gordon: If I carry on with the example I gave you earlier, we have complete safeguards in place. There is always a little fear from the resident that we are going to be filming them. The families are always concerned. We explain to them exactly what it is. We have our own safeguarding policies that our people follow very clearly.
The equipment I am talking about, we have developed with a commercial partner. The commercial partner signs up to exactly the same protocols as we have internally. We are very mindful that it is people’s dignity. At the end of the day, data does not decide; data just informs what could be the next steps. We use the data very carefully. It helps in such a way that I can say that, so far, we have had over 1,200 proactive interventions. We have detected 506 falls. In 636 hospital discharges, when a person is coming out and they are vulnerable, we have had the equipment in their house before they come home, literally within 24 hours in some cases. There have been 802 responder visits.
The ethical AI in Sutton aligns with the UK’s algorithmic transparency standards. We are in line with what is the right thing to do. The AI that is used is just learning; it is not watching. It learns through moisture. I will hand over to Phil to talk about his side of it.
Phil Rumens: If we use the Minute pilot as an example, where we are working with DSIT, internally the assurances I needed to get were from our data protection officer. I had to do a full data privacy impact assessment and get that to the data protection officer so that she was assured that the data was being stored correctly. For equalities impact assessment, one of our directors needed to sign that off. There are consent forms and all the other statutory features that make sure the data is being used correctly and according to the legislation.
One thing the Minute pilot has thrown up with the other councils is that there are 25 different processes in 25 different councils to get that approved, even though the legislation is the same. It is a very slightly different interpretation and that means that councils can be on-boarded at different speeds. That is not a criticism of DSIT in any way; it is just an observation on the different processes in different councils.
In respect of the wider thing, I and my council have been working with the Local Government Association on looking at adopting the service standard within councils. There will be a paper published very shortly that the Committee might be interested in on how local government might adopt the central Government service standards.
Q48 Chair: Yes, we are very interested in that. It is certainly interesting to hear there are 25 different ways of implementing minutes. There are 382 councils or unitary authorities across the UK, so we have a great deal of variation in how national legislation is implemented—I imagine. I haven’t studied it, but I am sure we will be doing so as part of this inquiry.
Phil Rumens: There can be subtle nuances, not a huge amount. Everyone is still following the legislation, but interpreting it in slightly different ways. The format of the different things you need to fill in might be slightly different and the hoops you need to jump through might be very slightly different. That is why councils work at different speeds on the same thing.
Chair: Yes. Those are exactly the kind of challenges of implementing technology across different environments and processes.
Q49 Dr Gardner: We have touched on a couple of the wider challenges to implementing technology. If you have a technology in your local authority and you are moving to implement it, what are the challenges you face?
Phil Rumens: The challenges may be lack of resource to do that. The blueprint highlighted that digital teams in local government were among the smallest in proportion of workforce. From memory, it was 2% when the blueprint said it should be at 4% ideally, as also the skills in-house to be able to do that. It is not just quantity but quality in being able to do new things. It is about buy-in from other bits of the authority to do that as well. To get around that, we looked at starting small; not implementing a whole thing at once. It is about selling the thing so that colleagues across the council and members of the council can understand what we are trying to do, and using technology to make the case for other things we might do, with practical examples.
Q50 Dr Gardner: I will come back to skills in a second. Councillor Gordon.
Councillor Gordon: We are uniquely a digital-first authority. It is quite embedded within our workforce that IT is there. I consider digital as the fourth utility. How can you go around every day without it?
Our challenges are often resources—finance—with local authorities going through a number of years of austerity. Any reform you put in and when you bring in digital can subsequently provide efficiencies, but it is having the up-front money first to create that. Our plans are fairly solid and we have a road map of what we will do from year to year and how, as technology changes every six months, we are looking at AI. These days, if you put AI on a bun, people will buy it. AI is a great thing, but AI used badly might not bring about the results that you want. It is about understanding what technology is out there and then honing it for our needs, which can be unique.
I absolutely agree with Phil that sometimes the 26 different ways of doing the same thing can lead to inefficiencies in the public sector, so it is about sharing a blueprint, sharing among councils. We are quite lucky. We are a London council, so we have LOTI. LOTI shares with us, but it would be nice to learn from all the neighbours.
Q51 Dr Gardner: I will come to digital skills next, because that seems to link quite well with your previous answer. DSIT says that about 59% of local government employees lack all of the basic IT skills, so upskilling is really important. If you are nervous about protecting jobs, you upskill workers. You talked about AI used badly. I was quite intrigued when you said that you use algorithms to develop job adverts. How are you designing your prompts to make sure those job adverts are not biased and so on? There is a real skill in that. How are you approaching digitally upskilling your staff, in basic skills and in these newer, more advanced skills?
Councillor Gordon: We have a rolling programme of courses that our staff can do. They can be online and, where necessary, if the business case allows, it can be in person, because we have a small amount of money that we have to use efficiently. Our authority workforce used to be 4,000 strong in 2010. It is now 1,200. You can imagine that the churn has meant that the people who are still working are very agile and open to learning. We don’t use algorithmic job ads; we don’t do that. We tend to go to traditional HR.
Phil Rumens: Yes, similar to that. It is Learning at Work Week at Berkshire Council this week. There are a number of sessions that employees can join, on AI and lots of technology-based stuff, but obviously not just that. Also, there is a rolling programme when we are introducing things of engaging with people and making sure they understand and can ask questions about how we are implementing things.
Q52 Dr Gardner: Do you struggle to fill vacancies for IT, technical, staff?
Phil Rumens: Yes. Local government is competing against the private sector. We all know—not speaking about my council specifically, but speaking generally—that pay in the public sector, especially local government, is less than in the private sector.
Q53 Dr Gardner: That is a real challenge. Finally, there is a lot of attention on the citizen experience, the shiny user interfaces for engaging, but a lot of these developments can be built on very shaky foundational technology in the software and hardware systems, and you have some legacy systems. How are you facing the challenges of legacy systems that provide real weaknesses for cyber-attack and various other types of failures? What challenges do you have in dealing with those?
Phil Rumens: Obviously, there are programmes from central Government and funding to help with that. We have adopted some of that in West Berkshire, as other councils do as well. Legacy systems are a big problem in moving away, not just from a security point of view, but from a data point of view. How do we move from those old clunky outdated systems to doing things differently and in a new and innovative way? It can be a real problem, but perhaps not from a security point of view.
Q54 Dr Gardner: Councillor Gordon.
Councillor Gordon: From our point, we—this is before the pandemic—managed to move all of our legacy systems. There were servers onsite which are going on the cloud now, as we speak. The transition is happening. Before the pandemic, we were absolutely set with people being able to access their work if they were not in the office, so to speak, so there was less reliance on that. Being a digital-first authority, Sutton has spent a lot of money in making sure that we live up to that standard. If I can use the word, we are a Google authority, I would say; everything is in the cloud. I can work anywhere. I can access anything anywhere. If I need a modern desktop, I have log-ins that can do that.
No matter how much money you spend, there will always be something that gets phased out as technology doubles and triples itself every six months. For me, technology can seem like maintaining a very large garden. You get one bed in order and weeds are growing three beds down. It is a constant churn and money is always the key in all of it.
Dr Gardner: I love the gardening analogy. Thank you.
Q55 Kit Malthouse: Pursuing the theme you mentioned about central Government, what assistance and involvement do you have with GDS? Are you participating in the sprint to get you involved?
Phil Rumens: It is not a huge amount at the moment. We have been involved and I have personally been involved with hundreds of officers in Theo Blackwell’s sprint. He probably knows most of the service stations around England at the moment, as well as doing things online. We have been involved in that and I know he is putting together his proposals around that. Councils—not just my own, but other councils—have been very involved in that sprint, if it is the sprint you are talking about.
Q56 Kit Malthouse: Yes. Other than that, not much from GDS?
Phil Rumens: No, not a huge amount. It is really only recently that—I don’t want to be too rude about them—GDS have discovered that local government is a thing and health is a thing, and NHS partners as well. They have been very good at working in central Government but perhaps less so with local government. There have been things along the way—Verify—that perhaps did not work so well.
Other than that, the Incubator for Artificial Intelligence is part of DSIT—GDS is part of DSIT now—and the other tools that the incubator has started to roll out, as well as pilots. There is a realisation that local government is a thing, and that we deliver hundreds of services to people locally.
Q57 Kit Malthouse: How fundamental is the rethink of your structure? It sounds from what you have said so far as if you are digitising, or applying your approach on a piecemeal basis, dividing the council up service by service, rather than looking at the fundamental foundation of overall delivery and then bolting things on top. Would that be a fair summary of what you have told us so far?
Phil Rumens: If you remember, I said we were starting small and moving up from there. Take the AI policy assistant, for example. We rolled that out in adult social care. We are now looking to see how we can use it across the council, perhaps for planning or HR policies for staff. Other things around permits and booking things, we have rolled out across the council. It is not just booking at your local household waste recycling centre, but booking events electronically; 95% of those are done online. I picked out specific examples, but we are doing those widely across the council.
Q58 Kit Malthouse: My final question is a slightly self-interested one. If, on your recycling centres, you digitise, so that, for example, at Newtown Road you do not have to have a person standing on the gate with an iPad and a thing charging me £9 a time as a Hampshire resident to go to your tip, which is the closest one to our house, will I get the saving or will you?
Phil Rumens: I cannot comment on that unfortunately. That would be down to the finance—
Q59 Kit Malthouse: Down to the finance function. Nine quid: all my residents are wincing at the moment. It is either that or a 25-mile round trip to Andover.
Phil Rumens: It would be down to the waste management team and the finance function.
Q60 Chair: I am sure you will get the benefit one way or another, whether directly or through the bills, but it is good to hear that digitisation is helping in your waste disposal.
Kit Malthouse: Well, thank you.
Councillor Gordon: It will help to keep the council tax bills down.
Kit Malthouse: I don’t even benefit from that, because I am not a resident. They are just over the border, you see, which is why we have to pay £9 to go to the tip. West Berkshire residents get it for free.
Martin Wrigley: You’re lucky. We don’t let Torbay residents into the tip.
Councillor Gordon: You have uncovered a can of worms.
Q61 Chair: It is hard to follow that, but a new AI and advanced analytics directorate has been established in the Ministry of Housing, Communities and Local Government. You have talked about engagement with DSIT. This directorate is focused on data standards and data mobility from very relevant areas. Have you engaged with that at all?
Councillor Gordon: No.
Q62 Chair: That’s what we like: short, simple and direct answers.
Phil Rumens: I can give a short answer, which is yes.
Q63 Chair: You have engaged with them.
Phil Rumens: Yes, just an initial conversation with them. I think they are still looking, with future plans and the blueprint in mind, at what might happen; but yes, we have engaged with them.
Q64 Martin Wrigley: May I draw attention to my entry in the register of interests? I have not managed to get rid of my last councillorship, so I am still on the district council, and digital transformation is one of the things I was looking after in that council.
This is Teignbridge District Council, and we came from a background of relatively siloed services, and systems purchased by those services. I am interested in how you are tackling integration between services, so you can have common payment for car park permits or other bits and pieces—all those sorts of services. What sort of tools will help you towards integration as you move through your legacy systems and look at the procurement of new systems?
Councillor Gordon: Thank you for your question. We have done all that at Sutton, so it is all electronic, and people can pay with credit cards and in various ways. We have always been resident-centric—user-centric. All our service design has been user-centric. We put the person in the middle and see what they want. Looking at how I behave in a commercial world, I want that replicated at the council. It should not be something antiquated and different. If I can pay with whatever I use—credit card or PayPal—the council should be able to do the same. That is the road we have gone down. I am sure we have some legacy systems—I am looking at one of my officers. We know where they are and the purpose that they serve, but they are not stopping innovation in the council.
Phil Rumens: I think you asked what would help. One of the things identified in the blueprint was common data standards and taxonomies, which tends to be the issue—getting data out from one to the other system when you are updating something, or even getting systems to talk to each other. That would really help.
Specifically with payments, of course, there is gov.uk Pay but some councils struggle to adopt it: so some specific help around that. Councils cannot use One Login at the moment. Being able to use that within council services to provide a common identity across different council and central Government services would be really useful, I think.
Q65 Martin Wrigley: I have been doing this professionally for private companies for 40 years, and these are things where we have struggled all the way through, and that we are getting to grips with. We talk data structure and taxonomies, which is nice terminology; how do you think that will help implementation, where you are buying in off-the-shelf systems? Is it something you will put into your requirements? What do you need to be able to do that?
Phil Rumens: I think it will help, because it makes it much easier to share data, and to move from one system to another. If, every time there was a new piece of legislation, the data standards and taxonomies were defined alongside it, it would become a lot easier. It is a lot easier for innovators who are building new, more agile technology, to come along, and for councils and, I guess, everyone, to use that, because you are not locked into the older vendor’s product by not being able to get the data out. Obviously, APIs are a huge thing there. Even if you are using, and want to maintain, a legacy product, being able to get the data out and use it securely in other ways would be really useful.
Councillor Gordon: On the API side of things, looking at the social care market and the amount of money local authorities spend on social care—the percentage of the budget that each authority has—I think everyone is in a similar situation. That market has a monopoly or a duopoly. That stops innovation, and API plays a great role in that. We cannot get the data out to run AI learning on it, to understand how our residents are behaving, and at what point to use what intervention, so that it enables us to plan going forward. We cannot do any of that.
Q66 Martin Wrigley: I am delighted that you recognise the importance of APIs. Do you think the standards for these should be defined by individual councils, the LGA or central Government?
Phil Rumens: Not by individual councils, no, because, from my example with Minute, we would end up with 25 different specifications for 25 different councils. Yes, it could be done by the LGA, or by central Government—GDS or MHCLG or whoever, but certainly centrally.
Q67 Chair: It sounds as if you are also saying, Councillor Gordon, that there should be a requirement on private sector companies that provide services such as social care to meet API standards.
Councillor Gordon: Yes.
Phil Rumens: I think you are talking about the need for market shaping as well.
Councillor Gordon: Yes.
Phil Rumens: There are, if you think about local government as customers, only 317 local authorities in England, now—
Q68 Chair: I think it is 382.
Phil Rumens: Across the UK, yes. In some cases, there are only a couple of vendors, for example, that may sell a council tax system, because it is a very niche market; a potential 382 customers are not that many. As you said, you get a duopoly in some areas, not all. I point to the work on open digital planning to get around that and move forward the things that MHCLG are working on.
Q69 Chair: Finally, do you have any brief advice—you are digital leaders—to offer colleagues in local government on digital transformation? One sentence each.
Councillor Gordon: Share your innovation. Let others learn from each other. Peer learning.
Chair: Great.
Phil Rumens: Look at what works already: open digital planning, and networks that I am part of—LocalGovDigital. Use local government reorganisation, which has not been touched on here, as an opportunity to do things differently and better.
Chair: Thank you. That is very useful. Thank you very much, Councillor Gordon and Phil Rumens, for sharing your experience and insights.
Witnesses: Andrew Chevis and Julie Dawson.
Chair: Good morning, and welcome to our second panel in today’s evidence session for the Committee’s inquiry into a digital centre of government. I am going to ask Jon to kick off this session.
Q70 Jon Pearce: Thank you, Chair. Welcome, both. To start with, it would be helpful if you could set out for the Committee what benefits you see digital ID offering to citizens, businesses and public bodies.
Julie Dawson: Thank you very much. I am Julie Dawson, the chief regulatory and policy officer at Yoti, and I have a couple of other hats: I am the co-chair of the Age Verification Providers Association and on the executive committee of the Association of Digital Verification Professionals; and I am part of techUK’s digital identity working group and growth council, one of the 50-plus organisations accredited to the UK’s digital identity and attributes trust framework.
Definitions and benefits: many of you will be in the lucky position of having an ID document. Historically, we all carried those around with us in a back pocket. About 1 million driving licences get lost or stolen in the UK each year, and 400,000 passports. With a digital ID, effectively, quite simply, you have a free mobile app, which you can download from the App Store. Citizens around the world can do that. After that, your document can be sharded and all the attributes put separately and stored in the secure module of your device. From that, you can share certain elements—it could be just the fact that you are over 18, or more details—with an organisation. It can enable you to prove who you are, or just how old you are, either face to face or online.
In the case of Yoti, which is a UK-headquartered and founded organisation set up in 2014, about 15 million of those digital IDs have been set up by citizens around the world, with nearly 6 million in the UK, alongside our work with the Post Office and Lloyds bank. The app is available totally free for UK citizens, and for somebody without a document. In the UK we have a chunk of citizens who do not own a passport or driving licence, but they could add just a facial age estimation to, for example, their digital wallet. In short, once you have set it up, you do not have to keep filling in long forms. You can prove who you are or how old you are many times. It allows for selective disclosure. We don’t know what each individual is doing day to day. The user can anonymously share specific information, such as their age, securely, privately and easily. All in all, it is part of the whole approach to having a privacy-preserving way of proving your identity and enabling people’s lives to be simpler. Businesses, on the flip side, can accept these attributes—your age or your ID details—and know in seconds that this is a verified customer.
That is a quick summary of some of the areas. In terms of numbers, over the last six years, since 2019 one in six 18-year-olds in the UK will have used a digital wallet from Yoti to get their child trust fund money. You might remember that scheme. About 25% of all 18 to 22-year-olds have set up one of these digital IDs. When we offer it, for example, for right-to-work checks, one in three adults completes the online DBS ID check, and one in four does a right-to-work ID check. That is using either the Post Office EasyID, Yoti or Lloyds bank, which are all interoperable as part of ConnectID. Now we are at, I think, 5.6 million—the exact figure at the moment—for the three wallets set up by Yoti. All of them are certified to the digital identity and attributes trust framework where the initial use cases are right to work, right to rent, and DBS. We hope in the future for more supplementary schemes around home buying, know-your-customer checks, anti-money laundering and, maybe, further in age.
Q71 Jon Pearce: Thank you, Julie.
Andrew Chevis: Good morning. I am Andrew Chevis. I am chief executive of CitizenCard, the proof of age scheme set up 26 years ago by George Howarth, who was then the MP for Knowsley, and a Home Office Minister, at a time when it was clear that people needed to prove their age, because the new Government were getting serious about shops not selling age-restricted goods—particularly alcohol, gambling and tobacco—to children. CitizenCard is to this day a non-profit company owned by organisations involved in the retail or manufacture of age-restricted goods.
Twenty-six years ago we were relevant, and 26 years later I suggest that in this impending digital age we are just as relevant. Why is that? Because a lot of people will want to take, or are already taking, advantage of digital identity products such as Julie’s, but people also want the reassurance of something that they can hold in their hand or keep in their purse or wallet. Something like 10 million people in Britain do not have a passport or a driving licence. I am sure that the Committee is absolutely committed to ensuring that, however we go forward as a country digitally, we are as inclusive as possible for everyone.
We surveyed around 9,000 of our card holders earlier this year, in March. We said that the Government would be enabling them to use their phone to prove their age by Christmas, to buy alcohol in a pub, bar or shop, and asked whether they would welcome digital ID. Just over half said yes, they would want both digital and physical ID. Interestingly, 32% of our physical card holders said they would not want digital ID. It is worth exploring, therefore, what the possible roadblocks to that are. I think it speaks to the fact that, while the digital future in every aspect of our lives is great for many of us—I, like you perhaps, use my phone whenever possible to pay for things and I use my Apple wallet as others might their Google wallet for everything, to earn my Nectar points or show my boarding pass when getting on a plane—a lot of people in our population are not especially digital.
Q72 Chair: We will come on to digital inclusion.
Andrew Chevis: Vouchsafe is an organisation that verifies people who have no ID whatsoever, and its figures suggest that 9% of households struggle to afford a mobile phone; 10 million do not have a passport or a driving licence. If you are older, are less well off, do not speak English as your first language, or have a physical or mental impairment, you are in one of the categories of persons less likely to be able to access digital ID or even to have the use of a phone, which of course is a prerequisite for that.
Q73 Jon Pearce: Thank you both. You have set out for both your organisations some of the particular advantages of digital ID, and ID in general. Can you describe what your organisations are offering, and why you have entered into a partnership?
Andrew Chevis: The reason is that we see absolute strength in people invariably, given the choice, wanting both physical and digital ID. The Government themselves accept that, because, having launched the gov.uk wallet, with the promise of a mobile driving licence and mobile passport, they made it clear in the same breath that we will need to retain our physical driving licences and passports. The partnership that exists today between CitizenCard and Yoti, which is long established, is precisely about maximising the benefit to citizens—all the advantages that Julie set out, of having a reusable digital identity, where it is possible to use it, and the back-up of a trusted physical document, and, indeed, being able to use a physical document to create your digital identity.
Q74 Chair: Thank you very much. We will come on to digital inclusion, in which the Committee is very interested. I want to ask each of you to answer two brief questions. First, who pays for the digital or physical ID that you offer to our constituents, and what is your business model? How do you make your revenue and profits?
Julie Dawson: In Yoti’s case, it is free for a citizen to set up a Yoti. It might be, as Andrew mentioned, with one of these pass cards. I am holding up an example.
Q75 Chair: So it is free for citizens.
Julie Dawson: It is free for the individual. Businesses pay classically with the sort of volume arrangement, so if somebody is doing tens of millions of checks there will be a volume discount. It is the organisation that is the relying party. If it was a supermarket self-checkout there might be an arrangement per self-checkout unit, but generally it is volumes.
Q76 Chair: Great. And for you, Andrew?
Andrew Chevis: We are a non-profit organisation, but we have always fully funded ourselves.
Q77 Chair: Citizens pay.
Andrew Chevis: We have not used any public funds at all. We sell CitizenCards to those who can afford them. More than half the cards we issue are issued free of charge through our schools programme and our inclusion programme. Last year, I am delighted to say, we issued more voter IDs, free of charge, to enable people to vote, than the Government issued voter authority certificates.
Q78 Chair: Great. A final question before I go to Alison: do the Government’s proposals for digital verification amount, in your view, to a digital ID: yes or no?
Andrew Chevis: A very good question: I’ll go first, not least because we are not currently a digital issuer. I think it surprised everyone when Peter Kyle announced the advent of the gov.uk mobile wallet and promised that by Christmas we will be able to buy a drink with our phone.
Q79 Chair: Andrew, is it a digital ID, in your view? Yes or no.
Andrew Chevis: I think it could be the beginning of a state digital identity card. I understand that people do not want to call it that, but I think in practice that is what it is, and what it is intended to be, so let’s make sure it works.
Q80 Chair: Thank you. Julie Dawson, what is your answer?
Julie Dawson: It has some of the elements of a digital ID, but it is not international. It would be only UK, whereas you could use most digital IDs internationally for businesses as well, to add additional things. It is part of the functionality, but not all.
Chair: Okay, thank you very much. It has been a long journey with regard to digital ID. I can see that we are still not yet at a confident answer as to whether we have it or not.
Q81 Dr Gardner: I am going to come back to digital inclusion, which you have talked about a lot. The older generation may not have digital skills and a lot of people may not even have the right mobile phone, and may still be using the old Nokias. There are other issues of accessibility—for some disabled people, for example. You talked about blockers, and said that some people are resistant to digital skills. How do you ensure that the citizens who lack digital skills but potentially would be able to afford the technology—it is not just about skills—will not be disadvantaged by the increased use of digital ID? Andrew first, and then Julie. I should mention that I once worked as a consultant for Yoti on their algorithm. I should have mentioned that right at the start: my apologies.
Andrew Chevis: There are two ways of ensuring inclusion in the way the Government are going with the gov.uk digital ID wallet, or whatever we want to call it. I think the important thing is to understand that if the ID on your phone is to be a gateway to the public’s accessing of the services that they are entitled to access, whether in the public sector—all the things that we do with DWP, HMRC, education, NHS and so on—first of all it must be as easy as possible, for as many people as wish to, to use their phone.
The second point is that for all the relying parties—all the organisations, whether in government or in the private sector, such as the retailers who want to know that you are old enough to buy alcohol, or the airlines or airports that need to know you are eligible to get on board the aircraft—all the use cases for the digital ID must also always have a non-digital option. That needs to be embedded in the legislation. There must be a requirement for all parts of government to accept digital ID; it can be made super-easy and user-friendly, but there must be a non-digital backstop. That is why it is so important that physical ID documents are not only continued and retained, and that what we must not do is transition away from physical—
Chair: I think we’ve got the message, Andrew.
Q82 Dr Gardner: It is linked back to not being able to get paper documents; sometimes it is quite hard to even get the paper documents nowadays without having accessed them online, so that you are in a Catch-22 situation.
Julie Dawson: We look at this from quite a few angles. One is the documents angle. Some people do not have them, or do not feel comfortable using them. That is why, for age, we also allow a facial age estimation to be used within that. That obviously requires you to have a device, although apart from that we offer facial age estimation integrated into supermarket self-checkouts, so that at the self-checkout the facial age estimation can be undertaken without someone needing to own, or even to have set up, any app at all on the age front.
We also work, for example, in our partnership with the Post Office, for in-branch verification, where people have documents but need support to go there in person and to go through the process supported by staff; and we work with the WCAG, the guidelines around accessibility, to look at things like screen readers and improvements for people with different disabilities, but, absolutely, the reusable app is on a mobile phone. It historically required a document of some sort, which could be a CitizenCard, for somebody who wanted a lower cost option; but now we also enable the facial age estimation. In the future you could have other credentials—maybe through a GCSE, or having given blood, or that you have a What3Words for where you sleep at night. There could be other credentials added to the wallet over time that could show your proof of existence in a way different from what we have had previously.
Q83 Dr Gardner: Causing mayhem in the Committee, we have been talking about digital ID cards and digital wallets. You have just mentioned examples where someone could go into a supermarket and have their age verified, but that is not a digital identity card—
Julie Dawson: Exactly.
Q84 Dr Gardner: It is digital ID in another framework. What if I were to go to a supermarket and did not want to be identified? I know your algorithm, and I understand about trust and so forth, but an ordinary person would not. If I said, “I don’t want that facial recognition because I’m not sure what you are doing with it; I must have an alternative way to do my age verification,” do you agree with that?
Julie Dawson: I agree that we need an alternate route. The trials that the Home Office did in 2022 showed that 99% of people preferred to use the facial age estimation, which just detects that it is a live face and does the analysis, and deletes the image. It has no unique recognition. There were some very basic materials that explained that. We see that when people are offered the choice of different options, over 85%, for age, pick the facial age estimation versus other options such as scanning a code and sharing just their over-18 from a reusable app.
Chair: We will have to move on. Jon, you want to come back.
Q85 Jon Pearce: Yes. This is really interesting. Can the proposed gov.uk wallet that you mentioned, Andrew, and the private identity wallets co-exist, or do you think there are tensions? Do you have any concerns about how they are going to work together?
Julie Dawson: We think there are some good positives, in that the Government are serious about digital transformation and are looking at the benefits for citizens. If you look at it like a Venn diagram, there are some elements that you would clearly think would be in the public sector. That would be one side of the Venn diagram; for instance, it might be logging into Government services. There would be areas on the other side of the Venn diagram that you might think were clearly in the private sector. At the moment, it is not really clear what is in the middle of the Venn diagram and whether the Government area is looking to spread from purely central access to Government services to areas that had been in the remit of the private sector. The industry is concerned to look at what the reach is. Could it be basically a de facto Government monopoly, because they are not clear what those boundaries are? In the digital identity and attributes trust framework, which was set up with very clear principles around transparency and fairness, is there any separation? If you are accredited to the digital identity and attributes trust framework, should a citizen really have the choice of where they use that? At the moment, for Companies House, they do not have that choice.
Q86 Chair: I think we are clear about your concerns.
Andrew Chevis: One of the advantages of ensuring that there are private sector DIATF digital wallets, alongside the Government wallet, is that that will do more than anything to illustrate that there is commitment to transparency and privacy. Depending on how the Government wallet proceeds, it may or may not start a backlash around concern over a state identity programme. Ensuring that there is a level playing field and a plurality of choice for consumers will do more than anything to demolish the argument that this is an attempt by the state to track what we are all up to through our phones.
Q87 Steve Race: I want to talk about the risk of data breaches from these types of IDs. Could you set out for me, from a digital perspective on ID, how you safeguard people’s data? What experiences have you had of outside organisations and actors trying to access this data? There have been several successful hacking attempts in the last few weeks—for example, on the big retail brands. Can you give clarity and certainty to your users that their data is safe with you?
Julie Dawson: Absolutely. It is a very important question. We were founded in 2014. Since then we have built a comprehensive privacy and security infrastructure with regulatory compliance. There are lots of acronyms, but there are specific security accreditations required at banking and Government level. One is called SOC 2 Type II; there are others around ISO compliance. There are national and international frameworks around technical security architecture. Specifically, we have built our app so that from the very get-go you have a secure key. You have a private key in a secure module of your device. It has been set up from the very beginning to enable the individual selectively to disclose what they disclose to whom, and for the user to consent to what they are sharing with whom. With split-key encryption we ensure that the individual is making that choice.
We go through classic penetration testings. We go through security reviews. We have built in ethical governance. We have invited scrutiny from the get-go. In 2016 we set up an independent council of experts on the human rights side, consumer rights, last-mile tech accessibility and online harms. It meets quarterly and all the minutes are published openly, and we have an internal group that mirrors that. The key elements of the independent review are that we are going for external third-party audits and DPIAs; we are getting civil society input, as well as input from our internal and external teams. We continue to invest heavily in that.
Q88 Chair: When you respond, Andrew, perhaps you could talk about the concerns over reports of security breaches on One Login by a whistleblower.
Andrew Chevis: There is big concern. The National Cyber Security Centre recently revealed significant shortcomings in One Login security. It is interesting and relevant that One Login, having been themselves certified by the DIATF and OfDIA, have now left DIATF. It is not entirely clear why that is, but what it illustrates absolutely is the concern that the Government need to be incredibly careful about how they go forward with the gov.uk wallet, because it is all premised on One Login as the access point, and make sure that One Login is not going to be in data breach. Clearly, that would be a very significant issue. It is just one further illustration of the benefit of having a multiplicity of certified digital ID providers.
The other important issue of potential concern is that Google has announced that it will be enabling British passport holders to have their passport details inside the Google wallet in the UK. It is reasonable to assume that Apple has the same plans for the Apple wallet. There are issues around whether we are happy having so many of our citizens’ personal details on servers outside our jurisdiction. The security architecture and how we go forward will be critical.
Q89 Martin Wrigley: It is delightful to hear about your security standards and I am very pleased about your emphasis on privacy and transparency. Having looked at this some years ago, clearly it is going forward, which is good. My concern is about private companies. We are open to Google deciding it will no longer support a service or a private company getting into financial difficulty and disappearing. What measures are there to be able to export one’s data, with the demise of a private company holding that data, somewhere else, or is it lost and guaranteed it will simply be destroyed, in which case you don’t know who you are any more?
Julie Dawson: There is an imperative on all companies with GDPR to enable export of data, be that Google or, hopefully in future, the Government app. We are all operating across the trust frameworks in the UK and a range of sectors. We as one company do not operate just in reusable digital identity; we operate also in transactional digital identity, e‑signatures and 12 different approaches to age assurance. We are a diversified company working across a range of age and identity areas.
Q90 Martin Wrigley: How do you extract your data from the system when you go bankrupt and stop trading?
Julie Dawson: Obviously, we are doing our best not to go down that route.
Q91 Martin Wrigley: A particular company.
Julie Dawson: All companies have the imperative to enable your data to be exported, and that is something that should go across all the different identity providers.
Q92 Chair: Does it go across your company?
Julie Dawson: All providers have to be able to export data.
Q93 Dr Gardner: I should have mentioned at the beginning that I am vice-chair of the digital identity APPG. In this session, we have had a lot of very probing questions, but there is a flip side, in the solution that it can tackle identity fraud and stop fraud and scams. I thought that would come out in the conversations but it didn’t. Do you want briefly to make a 10-second comment on that?
Julie Dawson: The simplest way to look at it is to think of CCTV. As a fraudster, you would be very stupid or hugely unsophisticated to look in CCTV and commit a crime. When you are using a reusable digital identity it is a bit like that. You set up your details and you leave a very clear audit trail behind you. I remember speaking to the previous City of London police lead, Gary Miles, before his retirement. He said this was quite groundbreaking in terms of fraud prevention. That is one of the reasons why we are glad that the Government are looking at this area. We think it should be part of the work of the economic crime commission. Thinking back to covid fraud, if you had known the identities of the people who were trying to apply for benefits for staff, it could have made a huge difference. It is something very fundamental to the fraud landscape.
Chair: I am very sorry that we have to leave it there. Clearly, we could have discussed for much longer the issues around digital verification and ID, the benefits it will bring and some of the concerns, but I am afraid we have to leave it there. Thank you very much, Andrew Chevis and Julie Dawson, for your contributions and for answering the Committee’s questions.
Examination of witness
Witness: Sir Iain Duncan Smith.
Q94 Chair: Good morning and welcome to our third and final panel of today’s session in our digital centre of government inquiry. For this panel, we are very pleased and honoured to be joined by the right hon. Sir Iain Duncan Smith MP, who was Secretary of State in the roll-out of universal credit. Iain, the delivery of benefits is obviously a critical function of Government and critical for so many people’s lives. When you became Secretary of State what role did you see technology—digital transformation—playing in delivering universal credit?
Sir Iain Duncan Smith: The first thing was that I had to persuade the Government that, instead of just going through the process of looking at each benefit individually—in the usual form, they wanted to reduce spending—we had an opportunity radically to transform the way we delivered benefits that would help get people into work, rather than just looking at salami-slicing benefits, which seems to be a perennial problem for Governments, and be proactive. I had worked on this at the Centre for Social Justice for some time. We had come forward with the idea and I wrote about it many years before, but this time at the CSJ we had a whole team looking at it.
When I entered the Government we already had a significant paper on what needed to be done. You could argue that from the very word go I knew we would need technology at the heart of it, because bringing them together was a technological exercise. It could not just be done by paper; it simply would not work. The existing legacy benefits were mostly paper-driven. There was some online stuff. For example, in areas like jobseeker’s allowance we found that people could go online but it was one of the worst online processes you could imagine. When people went on to it, it took them ages to find what they wanted to make a claim. By and large it was not really an online system. It was online for some of the backroom work, but not for anything facing those who made a claim, or were on it for some reason, so we knew there would have to be a transformation of that when we first came in.
The issue of digital didn’t enter the arena for about another year and a half after we started. I was persuaded by the Department that they could do it in the way they had made other changes in online work. I watched what they were doing. Why I shifted it to digital is another story. They went to an outside organisation. That organisation put together a plan and everything else and we watched it. After about a year and a half, I noticed that it was not old technology—that would be the wrong words—but existing technology, and I was beginning to be concerned that we might struggle in this area. There are two problems. If you are running a system where you have never had open access to benefits before, where a claim would be made and it would be processed and at some point somebody would decide and notify you, you did not have direct access to make the claim; you had to submit it, or do so in the presence of an adviser.
The process was meant to become accessible to everybody outside. The biggest problem when that happens is security in the middle of it. How do you create a secure system? After all, we spend billions in the course of a year, so any security breaches are on a colossal scale. Security then becomes a much bigger problem than it was before, so it is about designing a system that has security and has open access. The important thing is that getting through the security means you do not spend significant amounts of time and end up failing to get to your destination.
When we were looking at that, we visited Cheltenham about security. They advised us to talk to some of the private companies that were already ahead of us on this—doing work on a smaller scale, obviously. We talked to one or two of them about what they did. We could see that a private company, with outside access, is very much driven by the time it takes for the would-be client to get to the end-point for their decision making, because too much delay in that for security reasons means they disappear. We realised that in a way we were much more in that kind of market, as it were, because if you think about it, we were in a retail outfit. People were coming to us and wanted something from us and we needed to get them to the right destination with security.
About a year and a half in, I began to get worried that security was being looked at as an add-on. Of course, when you drop the security into what they were designing, immediately things begin to gum up, because security freezes everybody while they check. The way they were doing it was a design for boxes to be sent away to be produced in India. They would come back and you would find quite often that they did not match with the other box, and somebody had the design or production wrong. I was worried about it. Looking at it, I began to see that the real reason was that we were still designing a system for closed access with notional open access. I organised a red team from outside to look at it privately in 2012. It said that the way they were designing it meant it was not achievable because it was old technology. You cannot achieve open access like that because you have to have security, and security was not being designed as an integral part of it; it was an add-on.
It was a difficult period. Everyone thought that meant that universal credit would fail. We spoke to key people in the Cabinet Office. I trawled some people I knew outside in the private sector. Almost immediately it became very obvious to me that we had to make the major decision to shift to digital—it was the only way to do it—and store it in the cloud. A lot of the processes were simplified immediately. You would design security embedded in the process right from day one, right from the beginning. It is the only way you can do all of that and get the would-be client, as it were, the claimant, to their end destination with an end result in a reasonable amount of time. The private sector takes two minutes. We certainly needed to get something in that area so that people could get to where they had to be and then have a clear idea of their claims and the benefits they were looking for, or whether their situation would amount to a claim.
Digital was the only way of doing it. That was a big sea change. Nobody had done that before in the Government. There was no existing expertise. There were some people in the Cabinet Office, but they were not capable of mounting that at scale, so we had a lot of persuading to do with Treasury, whose aversion to change is legendary. I said that if we really wanted to do this, rather than just fail, we had to make that big shift. We then set about designing it differently.
Throughout all of that, the system we had been designing was already beginning to be rolled out in what I call a test and change decision. It was not being used for outside access; it was used for smoothing internal processes and speeding them up, which it did. It had a big effect on the way we ran the jobcentres, but we knew that if we were to go digital, we would have to move that out and slowly transform it into the digital programme. The process was managed through that. I am cutting through a lot of stuff here.
We had to appoint key people. Neil Couling was eventually appointed as the SRO for it. He is quite brilliant at this. He stepped up having not done it before. He understood implicitly how to work it. What we had to do was bring it together, design the system and start the process of making it work, as we slowly did test and change, and get as many digital engineers as we possibly could, because it was on a scale that nobody in the world had done. It was the biggest digital roll-out anywhere. We had to make the rules rather than go and find any. We hired about 100 digital engineers. We pretty much soaked up every digital engineer in the UK. I am afraid we had to break the salary caps in existence in government at that time for a very simple either/or reason; you have to pay people with the expertise or you don’t have the expertise, so we did and we managed to do all that.
The key thing was to understand that then we had to sit them all in the same room. We had the digital engineers and all those who were responsible for process and running the jobcentres, who understood how that worked and its practicality, sitting opposite each other while the digital engineers were working up the software side of it. We always needed to understand where the challenges were, because if we did everything with software change it could change a lot and make a big problem. We needed to see where we had to make the changes to make the quickest response. They had put up a huge board. I visited them. You had security in the next-door room, so the security issue was being designed in at the same time, which is critical. You start your process. If somebody in what I call the DWP side or the digital engineer side hits a problem, you don’t wait, put it into an envelope and send it to somebody, or email them; you write the problem on a Post-it note and stick it on a special wall at the side. They would say, “Here’s my problem. Give me a shout.” If it was a software engineer, they might say, “I could do this, but it is very complex. Is there any other way round it?”
People would get their coffee, walk along and read the notes on the board. It was very simple. You would say, “Wait a minute. I know how I can do that.” They would go along and speak to the digital engineer and say, “You don’t have to make the change; we can make a process change. We don’t need to make a software change. It is much easier. You can do it very quickly and it will match you.” All the time you had energy moving backwards and forwards as you designed the system. There was not one bit doing software and another bit doing the jobcentres; they were absolutely together, and that helped speed up the process. It is how everybody does it now.
Chair: It sounds like a pathfinder for the way in which good digital transformation takes place now. That is a great insight, Sir Iain.
Q95 Steve Race: You set out the challenges and how the Department and others started to fix them. Why do you think the challenges occurred in the first place? What were the root causes of where it ended up going wrong?
Sir Iain Duncan Smith: This is not a major criticism, just an observation. I was involved early on in technology. I helped to bring a publishing company to CD-ROMs. It may seem a long time ago. We were the first either side of the Atlantic to use CD-ROMs. It was a publishing company, so you could get Boolean searches and, for the first time, it changed the nature of our production. Even then you had to learn what you have to do.
I observed that there was a tendency to say, “We’ll do this in-house; we’ll do it the way we’ve always done any of the technology stuff.” I had just arrived and didn’t want to go, “No, I don’t agree with that.” I thought we should see what they were actually designing. As I said, it was later on that I began to get a serious sense that it was not going to work, and my red team said categorically not. Security was the problem in all of it. It was not being designed as an open access system; they were designing a system with bolt-on open access, which does not work. That was where my concerns came.
I was talking to a bunch of digital engineers who said there was only one way to do it on the scale we wanted: it had to be digital where all your storage would be in the cloud, as it were. You do not have to build boxes and boxes of stuff. What you have is a software process that works interactively, and I got busy in 2012-13 trying to get them to design that, which we did. It meant changes inside the Department and dramatic changes to the way you think about things. I have to say it is one thing they are brilliant at because they stepped up. There was no question about it. They did not moan or complain; they got on with it. We brought over 100 digital engineers into the Department, so a whole culture shift took place.
That culture is still there, which makes it a very flexible Department in many senses. UC allows them to make really big choices. If you think about covid, they took 1.5 million people on to benefits in about two and a half weeks. You could not have done that with the legacy system; it would have crashed. They did it without ever having a face-to-face with anybody because they did it online. That was the point. The end product was tested during covid. It showed that, even though it was not completely rolled out—we still had other benefits to bring in—they were able to match that. By the way, you could have doubled it and they would still have coped. Their practices have shifted, alongside the fact that they have a system that is now faster, more comprehensive and able to take in other benefits.
Q96 Steve Race: Did DWP take that learning and teach the rest of Government? Do you think that learning has been taken across other Departments?
Sir Iain Duncan Smith: I wish. I think that now is the time. If I were the Government—I am not; even my lot don’t want me—the reality is that I would immediately say there is one place where we learned from this and that is DWP. I honestly mean this: nobody in the world had done a digital system as big as that. If you think about the scale of the money that that Department handles in just one week, it dwarfs banks anywhere you can think of. To get it wrong was a real problem for them. They have had to deal with the most pressing problems you can imagine. As they have gone along, they have learnt and got better and better at it. Brilliantly for DWP, most of the team is still there. The key man is the SRO at the moment, Neil Couling, who has written a very good paper on this, which I suggest that I ask him to circulate to you. Basically, anywhere in government now should be knocking on their door. Government should be designing the process around what happened there.
Q97 Steve Race: Would you have expected a Secretary of State to have such an in-depth, hands-on approach to an IT programme? Obviously, you have highly bought into universal credit and have very strong views on it, but as Secretary of State would you have expected that level of engagement in an IT programme?
Sir Iain Duncan Smith: I am not saying that I was technically the one who did it. The key thing is that there is a lesson to be learnt in politics. As a Minister, or Secretary of State, you take full responsibility for what goes right and wrong in your Department. The trouble is that if you are in and out in six months, nine months or whatever at a Department like that, there is no chance of ever getting down to the nitty-gritty. I was there for six years, which meant I was able to see it from its birth as an idea and fight for all the things that were necessary, because I understood it. I would sit there all weekend, reading papers. Were they up to the point? Did they deliver this on time? I would scribble notes. Why weren’t they there? They had a week to go. You would chase them and get on to it. You cannot for one moment let any of it slip on the basis that somehow if they do not deliver you can get rid of them. It is too late by then; you have collapsed the system. Ministers have to be hands-on. You do not have to be an expert, but you need to know about programme management. That is the key bit I have mentioned already to the Chair.
The civil service needs to treat programme managers as vital assets. It is the time now for the civil service to think again, because the one thing we found was that we did not have the programme management expertise that was needed. Now they do in DWP because of what they have learnt, but generally the process in the civil service is that you go up to the top, become permanent secretary and that is your great out. Wonderful. If you are a programme manager you are worth more because, if a programme goes wrong, everything crashes. I think you should value them and be prepared, if necessary, to pay them even more than permanent secretaries because they are far more valuable than anybody you can imagine.
Chair: We will put that to the civil service.
Q98 Dr Gardner: This links to what you just said. I will slip in a very quick question, with the indulgence of the Chair. You said about programme managers that whenever you roll out a big system there is always something that doesn’t quite work; it didn’t work and it wasn’t fantastic. If you were to do all this again, what would you do differently?
Sir Iain Duncan Smith: The trouble is that we were on the cusp of the digital revolution, so, in a way, if I was to try to do it again, I would immediately go to the digital solution; you would not waste time with the older way of doing it. The challenge to us was designing for the first time a system that was completely accessible externally. Anyone can produce a system where you can speed up processes internally. You can do that by not necessarily going digital. That is what they were doing. Their thought at the beginning was that you can do it and then add the accessibility.
The problem when you add accessibility from outside is that you also need security, which is your critical problem, and that is where the whole thing in the original iteration began to fail. That was because, as soon as you added the security, it could take people ages even to make their way through the system. It has to be an integral part that is light touch but secures. You have to design the security in with the digital. Knowing now what I knew then, I would immediately talk about that straight away.
Q99 Dr Gardner: That is really useful. Linked a little bit to what you have just said, a principle of good design of any software system or digital transformation is to engage with those impacted by that technology and have a participatory design approach. Did you engage with citizens who would have to use it, and did you get their feedback?
Sir Iain Duncan Smith: We came up with a better way of doing things in the early years. We did not know how people would react and what would happen, so we came up with test and learn. Test and learn is now how things are done in DWP. If you want to roll a change out nowadays, you do the same. They would take the original system to begin with as it was, and we would roll it out in a limited area and then see how the public reacted to that and what problems came up that we might not have anticipated. In other words, instead of assuming straight away that you know that it is going to do this or that, and then you roll it out and it goes “crash”—the NHS system was a good example—you roll it out to a small section and then wait and see what they teach you about its failings and your misunderstanding of what their claims would look like. That is the bit that has gone all the way through this, right into the digital programme in exactly the same way.
People say, ”Well, it took longer than you anticipated.” Yes, because what we realised was that the mistake of almost every other programme change that has taken place in technology, in government and often in the private sector—there is no uniqueness about failure in government—was that the assumptions that you make don’t turn out to be what humans look like when you hit them. The problem then is that you go back scrabbling to change something that does not have the flexibility to change. Test and learn has made the system constantly able to be flexed because you are always having to make those changes. That is why the digital was so much better; you could make the changes quickly between the two sides.
Dr Gardner: Thank you. That is what participatory design principles are made to help to do.
Q100 George Freeman: Sir Iain, thank you for your testimony. For the record, I think this is completely key as the new Government set about harnessing AI and digital transformation for productivity. I really hope that we can share the insights from it more widely. For colleagues who were not here in Parliament then, universal credit, a massive reform for the most vulnerable in our society, I remember, had the potential to be the biggest Government car crash, and it was not. It was one of the big successes in terms of machinery of government of the last Government.
Sir Iain, I want to ask for your observations on the machinery of government. At the moment, the digital technology revolution is headquartered out of DSIT because it is the AI Department. As the former Minister for AI and science and research, I am not sure that the science research-sponsoring Department is necessarily the natural headquarters for the change of government. I would be interested in your observations as a veteran of these things over the years. How does one drive this kind of pretty basic but vital learning through what you might call client Departments, such as DWP and Health? I launched the digital health programme in 2010 in a Department of Health that did not recognise digital health as a thing. I would like your observations on the machinery of government, and I have a couple of supplementaries, if I may, on skills. Do you have any thoughts on how the new Government should be driving this through?
Sir Iain Duncan Smith: My assumption was always that you need to headquarter it at the Cabinet Office, for no particular reason other than that you need very close access to the Prime Minister; to your Department head, yes, but you also need constantly to be able to inform Downing Street and the Treasury, to a large degree, about what is happening and why it is happening, otherwise you end up with things going wrong in the process of putting them together. Sometimes things do not quite work out as you think. The problem is that Downing Street is often not that close to the issues, and then suddenly it is a crisis. It is not actually a crisis. It is only a crisis in Downing Street because they do not really understand what is going on. The Prime Minister gets a four-page note on it, and he says, “What the hell’s going on here?”, because he is not really kept up to speed and nobody in his team is really that close to it.
It is always important. You may headquarter it in the Cabinet Office or DSIT—the Cabinet Office because it is a bit closer to the centre of government—but it doesn’t really matter, provided that Downing Street and the key decision makers of the Treasury and of Downing Street are kept abreast, and that there are people in those Departments who understand what is going on in the Department that is making the change so that there is a constant flow of information and understanding, not because you want to criticise it, but because you just want to know where we need to put more resource and what the problem is so that it doesn’t always end up in what we call the crisis discussion at the Cabinet table, which is debilitating, frankly.
Q101 George Freeman: Yes, thank you. Can I ask about digital skills in the civil service? In 15 years one has come across some brilliant people in the Government Digital Service and in the Cabinet Office and, equally, officials who are driving—to your point—serious, major change programmes without the skills in delivering change programmes or digital programmes. A few of us feel that this is such a key skill in modern Governments that there ought to be a digital transformation career and service level high-profile appointment so that somebody says, “Yes, I’m the digital transformation lead in X or Y.” There is a cadre of expertise. Are we doing enough to harness it?
Sir Iain Duncan Smith: This is a major change in the way that the civil service works. I said to a previous Cabinet Secretary when I resigned that the thing that I find strange is that the civil service still very much works as it would have done in structural terms 30 or 40 years ago. I don’t say that is wrong, because hierarchy is important. The real problem is that it shows you that the skills that are necessary now are beyond the nature of how a civil service can work. You are looking at people whose whole world is in digital engineering, and you cannot have all that embedded in the civil service. You need people who understand how that works, but you need to be able to fish in the wider pond.
My view is on two areas: expertise in digital engineering and programme management. I am sorry that I keep coming back to this. The thing that I bashed my head on time and again was that I was assured that the people who were going to run the programme in the first instance were on top of knowing it. In fact, we were not on top of that. We had to bring others in, in a way, to start the teaching of how you run programmes. Now some of those civil servants like Neil Couling—I keep referring to him because he has run this thing constantly—and JP Marks, who went off and is now at the Cabinet Office, could be considered great experts on programme management. They are people who learnt a very different lesson and they have skills. Now you need to harness those skills.
The second thing, on programme management, is that you must allow people who have great and proven skills in programme management to go outside the civil service, to do stuff outside and to come back in, because they will glean even more knowledge. They have a price for that, so the civil service has to be prepared to pay that price. Even if somebody like that earns more than the permanent secretary, it is because everything hinges on their skill to get the job done. We witnessed endless political careers end in tears because programmes went down and they did not even know what was going on beneath the floor that they were sitting on. You need to have the flow of information internally and externally and you must value the people who have those skills because, for my mind, today, government is moving so fast that you cannot afford to stay with the hierarchical structures that you have. You need to value those who have skills and who may never become a permanent secretary, but without whom the permanent secretary will crash and burn at some point without realising it.
Q102 Chair: That is fascinating. I appreciate your emphasis on programme management as well as digital skills. Universal credit started in 2010 and was expected to take seven years, a long time in programme management terms, and will finally be fully implemented in 2028, so programme management is clearly key. Where would you place fantastic programme managers in the existing civil service hierarchy? You are not saying that permanent secretaries should be great programme managers, are you? Where would you place them so that they could be valued in the way that you set out?
Sir Iain Duncan Smith: A good programme manager who has been responsible for delivering a great programme should be at the highest level. He or she should equate to the senior figure in a Department or even in government. You need a programme lead in the Cabinet Office anyway who understands transformation and programme management. They exist in the civil service at the moment, but what has tended to happen, if I am going to be critical, is they think, “We’ve got this programme coming up and we will get so-and-so because they’re quite good and it’s good experience for them.”
I am all for experience, but when you are delivering an enormous and very critical programme, you want already existing experience. Others can learn from that, but you need to have that. All the way down through the system, there needs to be a sense that, right at the top of Government and at every Department level all the way down, you have people who are either learning to be great programme managers or who are already good programme managers so that you have that flow. It is almost like a second tier. It is changing the nature of how we look at this within the civil service.
Chair: One of the things that we can do is write to the Government and ask where their programme management skills for the digital transformation are going to come from.
Q103 George Freeman: Can I ask a supplementary on your point about the skills exchange briefly? Do you support the idea of some sort of exchange secondment programme at some level in the senior civil service so that people can spend a month or a year out in the client industry sector that they are with, and vice versa, to try to build a greater understanding of the private/public operating systems?
Sir Iain Duncan Smith: Yes. I come back to the point that I made earlier, though. I am not criticising Government and the civil service because programmes fail. Go to the private sector. You can name many programmes that have collapsed and burnt. There is no brilliance that exists in the private sector that does not exist in the civil service. My point is to understand when things work how they work, and to have people in the civil service who get it and understand how to do it. There is always risk when you make a big change, in a big programme. There is a sense that there is risk and everyone goes, “Oh, my God, why isn’t that 100% immediately?” That is rank stupidity.
The problem also exists with Government Ministers and with politicians, I’m afraid. I have been endlessly critical, and I am just going to say this now. Our system treats jobs in government like you treat giving party bags to children at the end of their party. In other words, “You’ve been loyal. You’ve done something or whatever. It’s your turn. Go over and do this job here.” Six months later, “Time to move. Go and do the other job,” just as you begin to get your feet under the table and understand how your Department is working. With a Department the size of the DWP, you have to get everywhere and work at everything, and then you are suddenly moved six months later. My point is that we treat these as little treats for those who have been supportive. We do not treat it like a company would: “Has this bloke or woman got the expertise? Have they learnt this? Are they good? Have they demonstrated this? Let’s keep them in this because they’re doing well. Maybe move them later.” It is often utterly illogical the way that people move around.
It was unusual in my case. I was there for six years, mostly because I refused to go anywhere else. The reality is that in that time I don’t say that I did brilliantly, but I got to know everybody there, and I got to know their weaknesses and their strengths. When they come to your table, what they need is you to make a decision. If you are still trying to figure out what is going on three doors down from you in the Department, you cannot make big decisions because you are scared stiff of screwing it up. Once you have been there a while and settled and know people, you make decisions at the table. That is what civil servants need. They need to leave the table with a decision, not you prevaricating for four weeks because you are still not sure where you are. That comes from experience.
Q104 Chair: I know that you have to leave in three minutes, so I have a couple of questions to finish off with. One of the reasons behind the push on digital transformation is to reduce the public sector costs that the public are paying. The Government estimate that there is a potential £45 billion in annual savings from the use of technology across the public sector. We asked for an explanation of how that estimate came about. It has come from taking the potential savings from a couple of Departments and extrapolating that across the whole of Government. Does the £45 billion annual saving figure sound credible to you?
Sir Iain Duncan Smith: Yes. I have not seen the rationale behind it. Universal credit has saved and will save significant moneys. In the report that I suggested you read, there is an indication of why that is the case, and a breakdown. That shows that you can make changes. It is mostly in processing that you would make changes. When things speed up and there needs to be less checking and less involvement of humans in the chain, you make a lot of savings because you do not need all the people employed doing all that backroom work that you would otherwise need, because that is the nature of things today. That is where your savings come from.
You also get savings because you should be able to reduce fraud and error significantly. That was very much the case on error in the system with UC. You have got rid of human error in the system. Provided the process is working, it should come out error-free. It also should allow you to chase after fraud. It is a big issue. Covid got in the way of that massively because of the chucking of money out the door as fast as possible. That distracted everybody from the real fraud position, which was bringing down fraud in UC. My point is that now that is needed as well. It is easier to do, but it is not perfect, if you have gone digital than it is if you still have people shuffling papers around behind and trying to make changes, because you can get to the problem straight away quite quickly. Fraud and error can be reduced.
Those would probably be the directions that they are looking at in terms of money saving, but it requires them first to make a system that works and not to make assumptions about it until it is actually done. It is almost certainly going to make significant savings to Government, but the question is what Government do with those savings. Will they waste them?
Q105 Chair: Finally, Iain, are there any particular areas, or any reflections that you have on how the Committee should examine the public sector’s use of technology, as part of this inquiry? Are there any particular places that you would steer us?
Sir Iain Duncan Smith: Yes, there need to be significant lessons learnt from the roll-out of UC and how it has gone. What are the lessons that they have learnt? How would you run a system like that now? How would you set about doing it now that we are in that digital world? Those lessons from those who have been involved in it would be very helpful. If nowhere else, this Committee could certainly be calling in one or two of those people. I suggested to the Department that it allowed one or two of them to come in for this meeting, but the Department was reluctant to do so. It seems to me that we need to be open about this. The UC was the single biggest digital programme in the world. The fact that it is functioning—there were lots of difficulties on the way—and working, and we have so many lessons to learn, suggests that most other countries are looking at this and asking questions. It would seem peculiar if the British Government were not asking the same questions of their own success.
Chair: That is one of the reasons why we were so keen to speak to you, Iain. It is such a large programme, and we believe there are lessons to be learnt. Thank you very much for spending time with us to share your insights.