Whatever happened to trust from Government?
It has been noted ad nauseum that we’re not going through a strong period for modern digital delivery in UK government. Most of the symptoms and causes of this are outside of the scope of this post, but I think it’s worth pointing out that as the system has started to close in around digital transformation and the work has become harder, some of the original reasoning for internetting government has been forgotten.
It started with a nice phrase on some stickers: Trust. Users. Delivery. The stickers are still around, organisations across government taking those three words and printing them on discs to promote a culture of delivery (which often gets narrowly defined as the “it’s ok to…” poster rather than the more complex, nuanced and potentially flawed project thing of trying to build a culture). The words are an excellent reminder of the pillars of why we work in government and what the principles above design principles are. They’re a mantra.
But trust is one of those words that gets bandied around — we, the public, don’t trust politicians, journalists, lawyers, bankers. It’s a crisis, a point of comedy or the status quo depending on your view. But it gets the relationship of power entirely backwards.
How much does government trust you?
I’m not talking about Snowden stuff, it’s obvious that surveillance agencies don’t trust you. But although that is objectively problematic, it doesn’t affect your ability to Get Shit Done.
I mean the everyday stuff. It has been pointed out that government is mostly licenses and permissions to do something you otherwise can’t/shouldn’t do. We don’t trust you to do something without us knowing your name, sex, gender, date of birth, national insurance number, bank details etc. etc.
And every form to ask you these questions is a failure. Government knows who you are. You tell it thousands of times per year. You are not trusted to do something without notifying the government, but the government behaves like it has a memory problem when dealing with you, reducing your trust in it.
But this goes beyond identity verification, this is about the fundamentals of how government works and the threat model in the head of those that build and perpetuate it.
Over the course of the last five or six years of working on Government digital projects, I have worked on a number of forms.
The mental model of forms to start a process is not a uniquely governmental approach, but they are often in evidence. In every case, the conversations have focused on risk before needs.
When building a job application form the business wanted the applicant to fill out the form afresh on each application so that the organisation could check for “lies” (discrepancies) between applications rather than let them used saved details and tailor them for the job in hand.
“This needs to be classified as secret and can’t be hosted on the cloud.” “Why, it’s all either open data or covered under FOI?” “When you put a lot of data together it becomes more classified”.
Building intranet forms, the complaint is that people will fill them in maliciously. “Should we not make them register with their work email?” as that way, people entering imagined rude information into the forms could be tracked and punished.
This will to punish sits at the heart of a large number of interactions between government and the governed. We don’t trust you. You’re asking a stupid question. Why do you want that?
People fill out application forms wrong and make mistakes, so just interview them as a method of verifying their information. Ask their references. If China or Russia or Lulzsec want to aggregate our open data and make inferences as to a department’s purchasing plan for macbooks, I’m pretty sure they already can. No one on earth fills out bullshit forms for fun and if they’re doing it maliciously, it is super easy to disregard it or block them.
And mistrust costs more. It makes us spend money on OAuth logins, on a sysadmin adding exceptions because these people have a non-gov.uk address. More importantly it costs us in failure demand. We get more emails from people who get stuck, who we become frustrated with because we have “a perfectly good online system” that they should use instead of bothering us.
Trust. Users. Delivery.
Let’s take a moment to unpack these words and how they’re working.
The pace and interoperability of delivery has changed a lot. We are seeing a lot more silo’d projects that don’t look as if they’re working in a co-ordinated way.
The discussion about users gets derailed by people still arguing for use of customer (when the user has no choice but to use government) or citizen (which is phenomenally closed minded and little-England when not everyone who uses government services is a citizen [e.g. refugees, tourists, EEA member state citizens, businesses trading with the UK who need licenses, foreign nationals legally resident, overseas students, chatbots…]). But to be fair, users (however we define them) have a pretty good deal at the moment, the way that we’re incorporating research into projects is fantastic and projects where no user research is present are unusual.
That leaves us with trust.
I think we haven’t worked enough on trusting the public. Trusting that they want to do the right thing. Instead, the implicit starting assumption that you have to fight back from seems to be that the user is a bastard. Ignorant of the process and the hard work that’s gone into creating them, so unworthy of help. It’s like a form of road rage. We can’t see the user and so we assume the worst.
Of course work has gone into this problem. The whole 2 hours/6 weeks project has been a catchy way to make people look users in the (recorded) eye. You’ll undoubtedly have sat through a presentation at some point where someone bangs on about how users want to do the right thing. But it hasn’t stuck everywhere. It appears in slide decks, not show and tells. Users and delivery don’t automatically lead to trust. It requires conscious thought, sympathy, empathy and an understanding of what “security says no” sort of bullshit should be ed.
There’s a reason “trust” was the first word and at the risk of going all Blackadder Christmas Special on you, I invite you to imagine an alternate future with an antonymical slogan:
Security. Customers. Strategy.
If that doesn’t sound like the government digital revolution you were promised, then let’s work on it. There’s only so many levers we have to change things, but starting with trust for our users and then working back to wary mistrust if necessary is surely better.