The remarkable William Heath, a key figure in the British Government's IT ecosystem and publisher of ideal government, lands a few of his no-nonsense punches in this piece, both sobering and amusing, on institutional learning:
The original Microsoft Hailstorm press release is still there, bless them! Check out all the hype about â€œpersonalisationâ€ and â€œempowermentâ€ with proper protection of privacy (see extracts below). Complete ecstatic fibs! The apogee of Microsoftâ€™s crazed, childish egocentricity. And it all sounds so familiar to the rhetoric of UK government ID management.
Then April 2002 – Microsoft shelves Hailstorm eg NY Times abstract
And Microsoft announced Kim Cameronâ€™s laws of identity in 2005, and Infocards in 2006.
How fast does Microsoft adapt to customers and markets compared to governments, do we estimate? Is â€œone Microsoft year = seven government yearsâ€ a reasonable rule of thumb? In ID management terms the UK government is still in Microsoftâ€™s 2001. So for the UK government to get to Microsoftâ€™s position today, where the notion of empowering enlightenment is at least battling on equal terms with forces of darkness and control and the firm is at the beginning of implementing a sensible widescale solution will take UK government and IPS another forty years or so.
Could we get it down to one MS year = 3.5 UK gov years? That means we could have undone the damage of committing to a centralist panoptical approach in just 21 years. Aha. But Microsoft doesnâ€™t have elections to contend withâ€¦ (Continued here.)
I know a number of folks who were involved with Hailstorm, and they are great people who really set a high bar for contributing to society. I admire them both for their charity and their creativity. It is possible that the higher the standards for your own behavior, the more you will expect other people will trust you – even if they don't know you. And then the greater your disappointment when people impune your motives or – best case – question your naivity.
It requires maturity as technologists to learn that we have to build systems that remain safe in spite of how people behave – not because of how they behave.
Of course, this is not purely a technical problem, but also a legal and even legeslative one. It took me, for example, quite a while to understand how serious the threat of panoptics is. Things always look obvious in retrospect.
I am trying to share our experience as transparently and as widely as I can. I have hoped to reduce the learning curve for others – since getting this right is key to creating the most vibrant cyberspace we can.