[nige1]

In the UK, the stench of corruption envelops local and national government. The law seems geared to encourage official corruption rather than to inhibit it.

Sale of public assets is suspect. For example, the privatisation of British Rail seemed to give-away billions of pounds to government-cronies.

Another example: government organisations and their cronies enter into ruinously expensive sweet-heart deals, called PFIs (Private Finance Initiatives). PFIs are protected from public scrutiny by CCCs (Corruption Concealment Clauses, sometimes euphemistically referred to as Commercial Confidentiality Clauses). These seem to ensure that government accepts the costs and risks. When projects are cancelled due to time and cost over-runs, you might expect contractors to suffer swingeing penalties. Instead contractors are awarded massive compensation. Government negotiators are promoted.

For example, multiple attempts to outsource NHS IT have cost millions and resulted in shoddy systems unfit for purpose.

The US NSA (National Security Agency) created Wannacry (file-encryption ransomware), which infected government and utility systems in Russia, China, and elsewhere. Lack of adequate security-systems exposed NHS systems to it. This cost the lives of patients.

Alleged criminals responsible should be investigated, including NHS IT negotiators and suppliers.

Corruption In Arms Contracts is probably worse but protected by national security.

Corruption costs a lot. You probably have to waste thousands to hide a few hundred pounds of corruption.

We can't eliminate corruption but reduction could save billions. How can we accomplish that?

I've a tentative protocol and I'm interested in suggestions.

[helene_t]

Free press. The best way to discourage politicians and bureaucrats from taking bribes is by giving the press the means to discover and disclose it.

[diana_eva]

What Helene says. Romania has a very corrupt system but investigative journalism managed to force a few major investigations, most notably in the public health system. We've still got a long way to go, and current government is doing everything it can to change laws in its favor (eg if you take a little bribe it's not a crime lol), but the press and orgs like rise project have been essential in exposing the corruption to the public and causing enough uproar to force the authorities to investigate.

[Zelandakh]

nige1, on 2017-May-30, 06:03, said:

The US NSA (National Security Agency) created Wannacry (terrorist file-encryption ransomware),

Source? The last I heard the general consensus was North Korea...

[Cyberyeti]

If you think the UK is corrupt at local level, you should see some of the things that go on elsewhere. We used to have a holiday home in Spain in a town that was split into 3 pieces (town/port/beach). The land between, nobody was allowed to build on. We notice a new petrol station has appeared on the prohibited land owned by ... the mayor's brother. Worse was that nobody was surprised.

[diana_eva]

Cyberyeti, on 2017-May-30, 07:38, said:

If you think the UK is corrupt at local level, you should see some of the things that go on elsewhere. We used to have a holiday home in Spain in a town that was split into 3 pieces (town/port/beach). The land between, nobody was allowed to build on. We notice a new petrol station has appeared on the prohibited land owned by ... the mayor's brother. Worse was that nobody was surprised.

Yeah, if you click the rise project link in my previous post you'll see the scale of corruption in Romania. Basically every public function tries to steal as much as they can from the state budget or asks for bribes in order to do - well, just anything they're supposed to do. This goes from the lowest levels (assistant manager at state kindergarten asking parents for money to accept their kids in that kindergarten, despite it being free to put your kid to public kindergarten, doctor asking for money in order to perform surgery or investigations that are already covered by your health insurance, bribes to file various requests), till highest ranking politicians ripping off the budget by awarding business to their friends and relatives.


This is a fine example.

[barmar]

nige1, on 2017-May-30, 06:03, said:

The US NSA (National Security Agency) created Wannacry (terrorist file-encryption ransomware), which infected government and utility systems in Russia, China, and elsewhere. Lack of adequate security-systems exposed NHS systems to it. This cost the lives of patients.

NSA didn't create Wannacry. I think they created the underlying technology that it uses, for the purpose of cyber-espionage against other countries, which is part of their mission (not corruption). It got leaked to hackers, who used it for this attack.

[Zelandakh]

barmar, on 2017-May-30, 08:44, said:

NSA didn't create Wannacry. I think they created the underlying technology that it uses, for the purpose of cyber-espionage against other countries, which is part of their mission (not corruption). It got leaked to hackers, who used it for this attack.

Are you talking about TOR? That was invented by the US military as a means of anonymysing its personnel. Obviously you need to have non-military using the system in order to hide the miltary units and so it was released to the public. That was subsequently used for such things as submissions to wikileaks and the Silk Road website and has in the meantime developed into something of a thorn in the side of the intelligence agencies, as they are mostly unable to crack the encryption.

In any case it is certainly the case that many things get developed by the military but get used for nefarious purposes once out in the wider domain. It seems a little unfair to blame them for the altered use without any comment such as in this post!

[Hanoi5]

helene_t, on 2017-May-30, 06:37, said:

Free press. The best way to discourage politicians and bureaucrats from taking bribes is by giving the press the means to discover and disclose it.

I'm not sure this is enough. There has to be some exemplary disciplining of culprits. Take the case down here in Chile. In 2014 a banker was discovered to have funded a right-wing party with money he was not allowed to use. A couple of months afterwards the daughter in law of the president (who is left wing) was found to have acquired a MASSIVE amount of money in a loan from a bank the day after the election. Next the 'newspapers' uncovered that the toilet paper producers were colluded in order to raise prices. Supermarkets came next, they inflated the prices of chicken and some emails demonstrated that they coordinated this. But nothing really happens after each of these scandals. People continue their lives after the outrage, just waiting for the next big one to fall. Corruption has permeated society to the bones. Makes me Wannacry.

[paulg]

nige1, on 2017-May-30, 06:03, said:

In the UK, the stench of corruption envelops local and national government. The law seems geared to encourage official corruption rather than to inhibit it.

Sale of public assets is suspect. For example, the privatisation of British Rail seemed like a billion-pound give-away to government-cronies.

Another example: government organisations and their cronies enter into ruinously expensive sweet-heart deals, called PFIs (Private Finance Initiatives). PFIs are protected from public scrutiny by CCCs (Corruption Concealment Clauses, sometimes euphemistically referred to as Commercial Confidentiality Clauses). These seem to ensure that government accepts the costs and risks. When projects are cancelled due to time and cost over-runs, you might expect contractors to suffer swingeing penalties. Instead contractors are awarded massive compensation. Government negotiators are promoted.

For example, multiple attempts to outsource NHS IT have cost millions and resulted in shoddy systems unfit for purpose.

What you assign to UK corruption is largely due to incompetence in my experience, particularly at national level.

For example, PFI contracts are unbelievably complex and any contractor bidding for them will have their best team on the job. Far too often the government will have given its negotiating role to a civil service team that is paid less than half their equivalent in the contractor and has probably never done the job before. The contractor will pay its lawyers better salaries and will be used to bidding for such projects. Most importantly, they are likely to have a far better understanding of the risks of the project. It is no surprise who gets the best deal in such circumstances.

When you look at NHS IT, a project that I have been involved in, it is very similar. It was an immensely complex and large project, and even the smallest aspects touched so many different institutions and parts of Government. Like so many Government IT projects, it was very difficult to understand who the customer is and near to impossible to get a coherent set of requirements. The IT suppliers reflect this confusion and complexity in their prices and risk assessments, but most projects failed because the customer (whichever part of Government it was) could not meet their contractual obligations. This is government incompetence and inexperience, not corruption.

Selling off public assets is a complex project but also a political decision. The political drive to make it appear successful guarantees that it will be sold cheaply because this is only way to minimise the risk of failure.

Basically, when you don't hire the best people you don't get the best decisions.

[helene_t]

Agree with Paul wrt those specific examples but from my experience as a civil servant, corruption is a real problem. The government s scientific advisers often pay lip service to conclusions dictated by the governing
party's sponsors.

Which lead me to another medicine against corruption: a political system that makes it impossible for a single party to dominate the government

[Cyberyeti]

helene_t, on 2017-May-30, 15:44, said:

Agree with Paul wrt those specific examples but from my experience as a civil servant, corruption is a real problem. The government s scientific advisers often pay lip service to conclusions dictated by the governing
party's sponsors.

Which lead me to another medicine against corruption: a political system that makes it impossible for a single party to dominate the government

Or not allow political sponsors and that means public funding for political parties.

[Al_U_Card]

Cyberyeti, on 2017-May-30, 17:02, said:

Or not allow political sponsors and that means public funding for political parties.

Political appointees. When the major portion of government spending goes into government, you get a sort of self-perpetuating process. Too many hogs at the trough? Enlarge the trough...

[nige1]

I agree with most of what Paul Gipson writes: Government is less efficient than private enterprise. Unfortunately that consideration also applies when the former negotiates a contract with the latter. So out-sourcing can be expensive. For example, the history of failed NHS IT projects spans a quarter of a century. e.g. Wessex NHS IT fiasco.

Nobody seems to learn from basic project-management mistakes. e.g.

• Inadequate control. You should avoid any hint of conflict of interest. You need inspiring leaders, capable of accurate documentation. Important goals are simplicity and security. Your specification should nail down everything it can. Preferably as a series of orthogonal modules that can be delivered piece-meal. Changes are inevitable, however, and you must sign-off and monitor them. You should high-light them in the original spec, so that you have a single comprehensive consistent document, from which to work. You should employ only one supplier (who may subcontract if necessary). The purchaser and supplier should appoint separate managers, authorised to negotiate quick decisions binding on both parties.
• Lack of buy-in. You need to consult end-users, initially and continuously. You should try to win their approval and support but be prepared for Luddites. You should ask them what they want and explain how you hope to help them. You should prototype user-interfaces, if possible. Typically, end-users have a better idea of how things work than their managers. Especially true in the NHS. More controversially, IMO, you must consult with customers.
• Poor communication between/among purchaser, supplier, and other concerned parties. You need to monitor/audit progress, detecting problems early, escalating concerns. If you grasp the nettle that you've encountered insurmountable problems, then you can abandon the project early, and save a lot of time and money.

[paulg]

nige1, on 2017-May-30, 20:01, said:

Nobody seems to learn from basic project-management mistakes. e.g.

• Inadequate control. You should avoid any hint of conflict of interest. You need inspiring leaders, capable of accurate documentation. Important goals are simplicity and security. Your specification should nail down everything it can. Preferably as a series of orthogonal modules that can be delivered piece-meal. Changes are inevitable, however, and you must sign-off and monitor them. You should high-light them in the original spec, so that you have a single comprehensive consistent document, from which to work. You should employ only one supplier (who may subcontract if necessary). The purchaser and supplier should appoint separate managers, authorised to negotiate quick decisions binding on both parties.
• Lack of buy-in. You need to consult end-users, initially and continuously. You should try to win their approval and support but be prepared for Luddites. You should ask them what they want and explain how you hope to help them. You should prototype user-interfaces, if possible. Typically, end-users have a better idea of how things work than their managers. Especially true in the NHS. More controversially, IMO, you must consult with customers.
• Poor communication between/among purchaser, supplier, and other concerned parties. You need to monitor/audit progress, detecting problems early, escalating concerns. If you grasp the nettle that you've encountered insurmountable problems, then you can abandon the project early, and save a lot of time and money.

It is this basic and naive approach that the Government project managers try to adopt but it completely underestimates the complexity of the project. There are multiple Government departments who are stakeholders, most of whom are in competition with each other and have different goals. Some of the hospital trusts are very big, with budgets approaching £1bn, with hugely competent IT departments and developing and delivering solutions for them is very different to your local GP who unplugs their laptops and has a cleaner who switches off the wifi router at the end of each day.

End-users, like nurses and consultants, had little interest in supporting the project - they are people who care about patients, not IT, and there are always patients who need care and will take priority over responding to your requests for meetings about requirements. They never bought in to the benefits of the programme.

Then there was the conflict between the Department of Health, who basically wanted standardised IT services across the NHS to reduce cost, and the Treasury who wanted the hospitals to compete when providing patient services, again to reduce cost. For the largest hospitals, one of the few ways to compete effective was to deliver better IT services than standardised ones: so they didn't want or need the service. These hospitals were, naturally, the biggest customers and their lack of support due to incoherent government policies ensured that the project could not succeed.

There are very few project managers in the UK who are capable of running these mega-projects. You do not tend to find them in the civil service.

[Zelandakh]

I think credit where it is due is also worth bringing up here. One of the most successful large projects in recent times, one that has had a major impact on project management internationally, is Heathrow Terminal 5. That this happened in a government-run project was a huge surprise to everyone. An innovative approach in which the goverment effectively took on extra risk voluntarily in exchange for having more transparency and control turned out to have enormous benefits and is being taught and copied around the world. So while government-private collaborations have traditionally been a dismal failure, it does not have to be the case and there is evidence that things are improving somewhat, at least some of the time.

[paulg]

The programmes about the building of Crossrail (http://www.crossrail...k/construction/) have been fascinating, showing a microcosm of the complexities of a major engineering project. Makes IT projects look simple!

[Cyberyeti]

paulg, on 2017-May-31, 02:51, said:

The programmes about the building of Crossrail (http://www.crossrail...k/construction/) have been fascinating, showing a microcosm of the complexities of a major engineering project. Makes IT projects look simple!

Did you see the one on the viaduct over the gorges du Tarn near Millau.

The planning stuff wasn't as difficult as crossrail, the engineering however is amazing.

[barmar]

Zelandakh, on 2017-May-30, 09:01, said:

Are you talking about TOR?

No, the SMB bug that Wannacry exploited to infect computers.

[barmar]

paulg, on 2017-May-30, 10:28, said:

When you look at NHS IT, a project that I have been involved in, it is very similar. It was an immensely complex and large project, and even the smallest aspects touched so many different institutions and parts of Government. Like so many Government IT projects, it was very difficult to understand who the customer is and near to impossible to get a coherent set of requirements. The IT suppliers reflect this confusion and complexity in their prices and risk assessments, but most projects failed because the customer (whichever part of Government it was) could not meet their contractual obligations. This is government incompetence and inexperience, not corruption.

Is it incompetence, or just a project that's so large and complex that it's practically impossible to manage it well?

You might counter that there have been other projects that were enormously complex, but succeeded, like getting men to the moon and large infrastructure projects like subway and rail systems. But I'm not sure we can make that analogy. First, these were relatively self-contained and well-constrained. Second, they were given plenty of time for implementation (Kennedy set a goal of getting to the moon by the end of the decade, but as long as we beat the Russians we'd have been happy). In contrast, NHS IT had to deal with merging hundreds or thousands of existing systems that were never intended to be compatible with one another. Just figuring out all the competing requirements was difficult -- it had to accomodate different priorities at different levels of the organization.