We have been critical of the grasping information stealing powers which HM Treasury has abrogated to itself under the control freakery of the previous Labour government.
In spite of these unlimited powers, they do not seem to have a clue as to exactly where all the public money has been wasted.
It is therefore interesting to see the Conservative / Liberal Democrat coalition government's new Web 2.0 (WordPress blog, promotion via Twitter, Facebook etc.) website entitled:
This attempts to solicit information about saving public money, from, initially, those people actually working in the Public Sector
Education and training
Executive agencies & non-departmental government bodies
Local and regional government (including fire services)
Police (including civilians)
Private sector partners working with public sector
Third sector organisations working with public sector (e.g. charities)
After July 9th, the wider general public, will, apparently, also be allowed to contribute ideas.
There is an encrypted web form, but no published email address for this Spending Challenge website.
Interestingly, this official UK Government website specifically mentions online anonymity and also the controversial and now insecure "whistleblower" website http://wikileaks.org
All ideas submitted to this site will be considered providing they meet the criteria below:
- Your idea should relate to the question asked ('How can we rethink services to deliver more for less money?')
- Anything you submit should contain a clear idea rather than containing a comment about the Spending Review or about the spending cuts in general
Your idea should not include the following:
* Potentially libellous, false, or defamatory statements; nor should you impersonate or falsely claim to represent a person or organisation
* Material which is potentially confidential, commercially sensitive, or which may cause personal distress or loss;
" may cause personal distress or loss;" is ok, but it should be separated out from
"potentially confidential, commercially sensitive,"
Can HM Treasury really not be trusted with "commercially sensitive information" which pertains to direct or indirect Government spending, waste or inefficiency ?
Since the "economic well being of the United Kingdom", is one of the vague definitions of "national security", surely HM Treasury, is under a legal duty to keep such information, if submitted, in the strictest confidence ?
* The names of individual officials of public bodies, unless they are part of the senior management of those organisations;
What exactly is the definition of "senior management" ?
* Language which is offensive, intemperate, or provocative. This not only includes obvious swear words and insults, but any language to which people review the questions could reasonably take offence.
To submit an idea, you will be asked for your email address and which area of the public sector you work in. This will appear alongside your idea when it is reviewed by the Treasury. If you wish to remain anonymous, you can choose not to include your email address.
It is good to see that the authors of this website and hopefully their political bosses, recognise that without online anonymity, their attempt at getting good ideas online, especially from "insiders", will simply never work in practice.
When you make your contribution, you also need to be mindful of your obligations under your organisation's Code(s) of Conduct.
How does the Civil Service Code apply?
If you are a Civil Servant, in order for your idea or comment to comply with the Civil Service Code it should adhere to the following:
* Uphold the principles of impartiality, and not be party political in nature
* Avoid disclosing any confidential information
* Avoid being critical of government policies
* Not draw from papers or advice relating to the previous administration
You should familiarise yourself with the guidelines for Civil Servants on working with social media: http://www.civilservice.gov.uk/about/work/codes/participation-online.aspx
How it is possible for a Civil Servant to comply with these restrictions and to actually submit any detailed, useful ideas ?
You should also make sure that you comply with your organisation's IT Usage Policy.
If anyone is threatened or is actually disciplined, for submitting ideas on how to save public money, to an official Government website consultation, then please let us know anonymously via this blog's comments, or via email to email@example.com, using , so that the petty bureaucratic jobsworths responsible can be named and shamed.
You should not post personally identifiable information such as telephone numbers or private addresses.
It is not a good idea to post these on a public blog, but surely HM Treasury should be able to keep these private, especially as they will be moderating any blog comment feedback before publishing it.
If you choose to share your email address and department, it may be used as part of our response process to ideas and suggestions. For more information please see our 'How the Challenge Works' page.
Traffic data is collected anonymously for the purposes of analysing visitor usage patterns only.
Really ? How can we be sure of that "Traffic data" is not abused for other purposes, given the "national security" snooping powers of HM Treasury ?
Please note that contributions are not 'protected' i.e. if an idea is submitted, the user should expect that it may be taken forward for implementation by HM Government and that the idea becomes the property of HM Government.
No worse than say, Facebook, in terms of stealing your intellectual property.
N.B. if your public money saving ideas relate entirely or mostly to the Government department you work for, then you should not expect any financial reward for coming up with a good money saving idea.
However, if your novel, practical idea for saving money, relates to a different department, or public body, which you are not directly or indirectly paid by, then surely there should be at least some sort of monetary prize incentive scheme, ideally on a percentage of public money saved basis ?
All personal data will be treated in line with:
Does that mean that it will be left on a train, or copied to an insecure laptop computer, USB memory device or CD/DVD and then lost ?
Will the WordPress blog response form data be left on an insecure web or email server, open to the internet or to privileged internal snoopers ?
No HM Treasury Spending Challenge email address ?
Why is there no HM Treasury Spending Challenge email address e.g.
for direct email contact or submissions of Spending Challenge ideas ?
Is it really too much to ask for the Spending Challenge team to also publish a PGP Encryption Key, for such an email address or for use as an extra layer of security via their online submission web form ?
Even without publishing a PGP Key, which not all people will be able to use, the HM Treasury Spending Challenge team could provide a reasonable level of whistleblower email encryption in transit over the internet, by ensuring that their email server(s) use the STARTTLS protocol, which major email providers like Google etc. honour.
Online anonymity and WikiLeaks.org
The 'How the Challenge Works' page. has this interesting paragraph at the end:
Although this process allows you to submit ideas anonymously, we respect the fact that some people will not want to contribute directly to a government website. As part of this exercise, we will monitor a range of blogs, social networks, forums and also http://wikileaks.org.
We wonder which "blogs, social networks, forums" will be monitored by, or on behalf of, HM Treasury ?
It is astonishing that the controversial and now insecure "whistleblower" website is actually mentioned and hinted at as a method for UK government insiders to "leak" good money saving ideas to the current Government.
Is the Conservatives / Liberal Democrat coalition government trying to sneak around the Sir Humphrey Appleby / "Yes Minster" style Whitehall mandarins, to gain access to "papers or advice relating to the previous administration" etc ?
The online response form on the Spending Challenge home page, is not ideal, in that it is run by a script on a non-UK Government webserver:
theclubuk.com seems to be run by Steria, presumably under contract to the UK Government.
It would be more trustworthy if this webserver had an official UK Government (,gov.uk) domain name address, ideally a HM Treasury one (.hm-treasury.gov.uk).
However, to be fair, this web form does at least use SSL/TLS encryption with a current Digital Certificate, to protect the submitted information in transit over the internet.
Sadly, the same is no longer true of wikileaks.org.
- WikiLeakS.org allowed the only PGP Public Encryption / Digital Signing which they publicised on their website, i.e. the only one which could be trusted, to expire on 2nd November 2007
- WikiLeakS.org stopped their Tor Hidden Service method of accessing the website and of securely submitting whistleblower leaked document around Christmas 2009, when they took the website down to beg for more money. i.e. no more http://gaddbiwdftapglkq.onion/
- When the WikiLeakS.org website returned partially after their fund-raising strike, the only method of securely submitting a document to them was via their SSL/TLS encrypted web page.
This used an old , deprecated, RapidSSL Digital Certificate, with a potentially forgeable MD5 signed Digital Certificate. This Digital Certificate expired on 12th June 2010 and has not been replaced.
The supposedly secure document submission system via https://secure.wikileaks.org has been disabled.
- The current WikiLeakS.org website no longer even qualifies as a "wiki", as new online Comments or Discussions have been turned off.
- There have been no new whistleblower leaked documents submitted via the website, actually published on WikILeakS.org for at least 6 months
See the WikiLeak.org blog for more details of the decline in security and trust which WikiLeakS.org has suffered from
Are the HM Treasury Spending Challenge team cynically aware that WikILeakS.org is no longer functioning as a secure online whistle-blower leak channel, which is why they have dared to mention it ?
We would urge any Public Sector "insiders" to read our Technical Hints and Tips for protecting the anonymity of sources for
Whistleblowers, Investigative Journalists, Campaign Activists and Political Bloggers etc.