appendices - sagepub.com · appendices appendix 1: osi reference model 1 ... £100 a week. in...

Appendices

Appendix 1: OSI reference model 1

Appendix 2: Select Committee on Public Accounts First Report 3

Appendix 3: Internet and e-mail policies and guidelines 28

Appendix 4: The Internet and how it came into being 29

Appendix 5: Who manages the Internet 34

Appendix 6: Guidelines for data protection 37

APPENDIX 1: OSI REFERENCE MODEL

The Open Systems Interconnection model is a standard reference model forcommunication between two end users in a network. OSI divides tele-communication into seven layers. The layers are in two groups. The upperfour layers (4–7) are used whenever a message passes to or from a user. Thelower three layers (1–3) are used when any message passes through thehost computer to the upper layers. Messages destined for some other hostare not passed up to the upper layers but are forwarded to another host.The seven layers are:

1 The physical layer conveys the bit stream through the network at theelectrical and mechanical level (electrical pulses representing 0 and 1).It provides the hardware means of sending and receiving data on acarrier.

2 The data-link layer provides synchronisation for the physical level andfurnishes transmission protocol knowledge and management.

3 The network layer handles the routing and forwarding of the data(sending it in the right direction to the right destination on outgoing

transmissions and receiving incoming transmissions at the packetlevel).

4 The transport layer manages the end-to-end control (for example, deter-mining whether all packets have arrived) and error checking. It ensurescomplete data transfer.

5 The session layer sets up, coordinates and terminates conversations,exchanges and dialogues between the applications at each end. It dealswith session and connection coordination.

6 The presentation layer, usually part of an operating system, convertsincoming and outgoing data from one presentation format to another(for example, from a text stream into a popup window with the newlyarrived text). Sometimes called the syntax layer.

7 The application layer is where communication partners and quality ofservice is identified, user authentication and privacy are considered,and any constraints on data syntax are identified. (This layer is not theapplication itself, although some applications may perform applicationlayer functions.)

The illustration by Catherine Werst, available at http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci523729,00.html, shows wherecommonly used Internet products and services fit within the model. Theseven layers are related functions needed at each end when a message issent from one party to another party in a network. This figure includesonly Internet-related programs in the Network and higher layers. OSI canalso be applied to other network environments.

2Appendices

APPENDIX 2: SELECT COMMITTEE ON PUBLIC ACCOUNTS FIRST REPORT

Annex A: Information technology projects examined by the committeeof public accounts and the comptroller and auditor general

Report Project Problems experienced Impact of problems Lessons

1 HC 8121998–99

The United KingdomPassport Agency

In 1997 the PassportAgency let contractsto the private sectorto undertake some ofits activities and tointroduce a newcomputer system. Theobjective was toimprove theefficiency of thepassport issuingprocess and improvethe security of theUnited Kingdompassport. The Agencyhad planned to roll-out the newprocessing system toall its offices within atight timetable beforethe busy season, butthis was postponedfollowing difficultiesat the first two offices.In the spring andsummer of 1999 therewere serious delays inprocessing passportapplications by theUnited KingdomPassport Agency,partly as a result ofproblems with theimplementation ofnew IT drivenpassport issuingarrangements in theLiverpool andNewport passportoffices.

Although thespecification for thenew computer systembroadly mirrored theprocesses andfunctions of theexisting system, it didincorporate moresophisticated softwareand technology.Agency staff foundthe system morecomplex to use and ittook some time foroutput to return toprevious levels.

Most elements ofthe systemdevelopment hadbeen completedsuccessfully prior tolaunch, but projectdelays meant that theproductivity of thenew system was notthoroughly tested bythe Agency prior togoing live.

The Agency’s rollout timetable wasshort and allowedlittle room formanoeuvre shouldproblems arise. Thesecond office wentlive despite the firstoffice failing to meetthe criterion ofoutput for continuingthe roll-out.

When the Agencytook its decision tohalt roll out it had nocontingency plan.Despite considerableeffort, at no pointduring early 1999 did

From early 1999 thePassport Agencyencounteredincreasing difficultiesmeeting demand forpassports.

The unit cost ofproducing a passportin 1999–2000 is likelyto be £15.50,compared to theAgency’s £12 target.

Processing timesreached 50 days inJuly 1999. Theproblems receivedwidespread publicityand caused muchanxiety for membersof the public. TheAgency’s telephoneservice becameoverloaded, andmembers of thepublic had to visitand queue at one ofthe Agency’s offices.

The Agencyemployed additionalstaff, and optimisedthe efficiency of itsexaminationprocesses, consistentwith the need tomaintain the integrityand security of itsissuing procedures.Only the introductionof emergencymeasures enabled theAgency to reduce itsbacklog.

Departments mustexamine carefully thefull implications ofthe introduction ofchanges to ITsystems, includingthe impact of anypolicy changes thatmay affect demandfor services.

It is essential thatbodies draw upcontingency plans tocover the risk that thesystem will not bedelivered on time.Such plans shouldinclude an assessmentof potentialcompensationpayments tocustomers.

the Agency processsufficient output tocatch up on the risingbacklog.

2a

2b

46th Report1997–98

22nd Report1998–99

The National InsuranceRecording System(NIRS)

NIRS supports thework of theContributions Agencyby maintainingdetails on over 65million NationalInsurance accounts.The system impactson almost every adultin the country as itmaintains details ofcontributions paidand reflects theirentitlement tocontributory benefits.In May 1995 theAgency awarded acontract under thePrivate FinanceInitiative to AndersenConsulting to developa new system – NIRS2– by February 1997.

The contract was toreplace NIRS in onego, but by January1996, it became clearthat AndersenConsulting hadrealised the systemsize and scope werebigger and morecomplex thanoriginally thought.They had thereforeconcluded thatdelivery of NIRS2 inaccordance with thecontract timetablewas not the bestapproach. Thecompany believed aphased approachwould bring lessdevelopment risk tothemselves and lessbusiness risk to theAgency.

Following a fullevaluation, theAgency accepted aproposal to vary thetimetable. In 1998and 1999 there wereserious delays andproblems with thedelivery of thereplacement NationalInsurance FundRecording Systemduring the extendedtransition and pilotperiod. In our firstreport on this matter,we registered ourconcern about delaysin implementingNIRS2, weaknesses incontingency planningto minimise theimpact on the

Delays inimplementing NIRS2in full have led to thecalculation ofthousands of shortterm and long termbenefits on aninterim or emergencybasis, and thatpayments to personalpension holderscontinue to bedelayed. By January1999, for example, itwas estimated thatpotentially some172,000 pensionerscould be beingunderpaid in respectof their SERPS bybetween £0.01 to£100 a week.

In December 1998there were more than1 millionamendments to therecords of the self-employed requiringinput to theContributions AgencyNational InsuranceRecording System(NIRS2). TheDepartment was alsounable to registersome individuals topay Class 2 self-employedcontributions eitherby the Direct Debit orquarterly paymentmethod as aconsequence of thedelays in introducingthe NIRS2 on-linefacilities.

Compensation hasbeen paid out to both

Departments shouldensure that theyunderstand fully thepotential impact ofdelay on theirbusiness andcustomers. TheAgency were not ableto transfer thebusiness risk of nothaving the system inoperation whenrequired.

It is essential thatbodies draw upcontingency plans tocover the risk that thesystem will not bedelivered on time.Such plans shouldinclude an assessmentof potentialcompensationpayments tocustomers.

It is essential thatthere are clearlydefined roles andresponsibilities for theparties to thecontract.

When a PFIcontract purports tohave transferred therisk of late or non-delivery to thecontractor,Departments shouldensure that thebusiness implicationsof late delivery arereflected incontractual penalties.

Inadequate levels ofcompensation havethe effect oftransferring risk backto the public sector.


4Appendices


customers andbusiness of theAgency; and theadequacy ofcompensationarrangements shouldAndersen be unableto deliver.

We expressedsurprise at the delayin the ContributionsAgency deciding thatthe replacement ofNIRS1 would becarried out using aPFI approach. Thisdelay meant that thetimescale allowed forthe PFI completionwas very short. It alsomeant that thewinning bidder hadonly 22 months todeliver this large andcomplex system onwhich important newpensionsarrangementsdepended. Thisproved to beinadequate.

In our secondreport we reportedthat the situation wasmuch worse. Thesystem was still notfully operational, andthe backlog of itemsrelating to benefitawards and agerelated rebates whichwere waiting to beinput into the systemcould take years toclear. There were over1,500 unresolvedsystem problems,many of which werecrucial to fullimplementation.

personal pensionproviders and benefitrecipients. We notedthat theContributionsAgency’s failure tomake timely rebatepayments to personalpension providers hadled to a loss ofinvestment income tocustomers of personalpension schemes. Wereported that theAgency had agreed tocompensate theseschemes, and throughthem those receivingpersonal andoccupationalpensions, by anestimated £38million.

On 1 February 1999the Secretary of Statefor Social Securityannounced that thosereceiving RetirementPension, WidowsBenefit or IncapacityBenefit who wouldnot qualify forcompensation underthe existing rules, andwho had experiencedunreasonable delays,would receive a flat-rate compensationpayment of £10.

continued . . .

Appendix 2: Select committee on public accounts First Report5

6 20th Report1998–99

Home Office –Handgun Surrender andCompensation

In 1997 the HomeOffice needed acomputer systemtailored to meet thespecific and complexrequirements of theprocessing of claimsfor compensationafter the surrender ofhandguns. Planningof the new systemstarted in March1997, with the aim ofhaving it fullyoperational by theanticipatedcommencement ofthe large-calibrehandgun surrenderperiod, then thoughtto be June 1997.

The system had to beintroduced veryquickly.

A prototype versionof the system wasdelivered to theHome Office in earlyJune 1997, by whichtime the Governmenthad decided on a startdate of 1 July forlarge-calibresurrender.

A number ofproblems wereidentified during thesystem’s testing stage,but because of thetight timescale, thesystem was put intooperation while faultswere still occurring.

Throughout thefirst month,processingproductivity wassignificantlyhampered bynumerous andunpredictable systemfailures, such thatstaff confidence in itfell and thecontractors wereasked to provideamended software.

The system was notfinally signed off asfully satisfactory untilDecember 1997.Problems continuedas the systemstruggled to copewith the additionalusers brought in tospeed up theprocessing of claims.

Processingproductivity washampered.

Arising from initialconcerns as to thereliability of thecomputer system, andas a safeguard againstinternal fraud, theHome Officeinstituted a finalmanual check ofpayments, which hadslowed processingfurther.

There are significantrisks to successfulimplementation inintroducing a systemwithin a very tighttimescale.

Postimplementationreview.


continued . . .

6Appendices



Ministry of AgricultureFisheries and Food:Arable Area PaymentsScheme

Under EuropeanUnion requirements,introduced in late1992, the Ministry ofAgriculture wasrequired toimplement an arablearea scheme fromearly 1993 and anIntegratedAdministration andControl System for itand other schemesover the followingthree years.

The Ministry adopteda phased approachbut had to implementthe basic system veryquickly.

Software wasdeveloped andupdated on an annualbasis, but releasedduring the year inseveral stages toreflect whenparticular functionsare likely to berequired by users.This significantlyaffected the mannerin which claims wereprocessed. If thesoftware requirementshad been available atthe outset, manyclaims could havebeen processed in onego, rather than inthree or four stages.

Subsequently,problems with thecentral computer ledto delays in thevalidation of claimsagainst the IntegratedAdministration andControl Systemdatabase to check forduplicate claims, andrestrictions on thenumber of claims thatregional offices couldsend electronically atany one time forvalidation. In 1996staff in regionaloffices had to re-submit each claim forlocal validationapproximately fourtimes on average andfor central validationapproximately 3.5times on average.

There appeared tobe a significantnumber of occasionswhen the system had

The validationdifficulties causedfurther interruptionsin the processing ofindividual claims in1996 as staff had towait at least a day foreach centralvalidation request tobe processed beforethey could investigateclaims that wererejected.

The absence of adatabase based on ageographicalinformation system,the need to processeach claim in anumber of stages, andthe increasingdemands placed onthe system bycomplex checks andperiods of peakdemands, lead toinefficiencies.

The annual costs ofthe systems haveescalated due to thedifficulty ofdeveloping andmaintaining theprogrammingsoftware.

Introducing systemsin a phased approachto provide flexibilityand meet urgentrequirements can leadto problems inprocessing andfrustration for staffcarrying out complextasks.

continued . . .


been either partly orcompletelyunavailable to users.

8 HC 1551998–99

Council for the CentralLaboratory of theResearch Councils(CCLRC) – Integratedaccounting system

The CCLRC decidedto replace their oldand outdated cash-based accountingsystem with anintegrated accrualsbased system torecord all financialtransactions, producetheir accounts andprovide meaningfulinternal managementinformation.

The integratedaccounting systemwas due to beintroduced on 1 April1997 for fulloperation by June1997. The Councilceased to operatetheir old system on31 March 1997, butdid not follow thenormally acceptedpractice of runningthe two systems inparallel. CCLRCestimated this wouldhave incurred costs ofup to £2.5 million in1997–98, althoughthe Comptroller andAuditor Generalreported that a morereasonable estimatewas between £0.75million and£1million.

The Councilencounteredproblems with theoperation of the newsystem, together withdelays and errors inthe migration of datafrom the previoussystem.

The projectmanagementstructure failed tocomply with bestpractice, particularlyin terms of ensuringclarity of roles,responsibilities andaccountabilities.There had also been afailure to ensure clearreporting lines tosenior management

The system was stillnot fully operationalin early 1999, twoyears after theplannedimplementation dateand costs had overrunby 84 per cent.

The originalcontract value was£544,000, but theCouncil estimatedthat they incurredfurther,unanticipated, directcosts of some£458,000 onadditional hardware,training, legal andaudit fees andtemporary staff.

Inadequate controlsover manualpayments made toease the backlog inpayment processingon the new systemled to nearly 500overpayments to staffand suppliers,totalling some£270,000, most ofwhich weresubsequentlyrecovered.

A fixed assetmodule did notaccount correctly forthe Council’s largecapital asset base,forcing them to resortto a spreadsheetregister to supporttheir 1997–98accounts.

The Council werealso unable toreconcile their general

There are verysignificant risks innot introducing back-up procedures, suchas the continuation ofthe outgoing systemfor a limited period.Full consideration ofthe risks and arealistic analysis ofthe case for parallelrunning must beundertaken.

It is not acceptablefor the bodyconcerned to rely onthe contractor tomanage the project.

Organisations mustrecognise thatintroduction of abespoke financial andmanagementaccounting system toa demandingtimetable is a businesscritical operation,requiring goodproject managementskills.

If an organisationhas reservations aboutthe technical viabilityof a proposal, theyshould seek expertadvice beforeproceeding.

Sponsordepartments shouldbe notified directly ofsignificant problemsimpacting on their ITsystems.


continued . . .

8Appendices


consistent with theirresponsibilities.

The project teamwas not equipped tomanage a situationwhere the contractorprogressivelywithdrew before theproject wascompleted anddemonstrated a lackof effective controlover the contractor.

Scrutiny of theproject wascompromised becausethe Audit Committeewas presented withinsufficient and over-optimisticinformation on theproblems beingencountered.

ledger to their bankstatements. There wasan original differenceof some £1m, whichwas eventuallyreduced to £48,000,which was written offat the end of the year.

The Comptrollerand Auditor Generalreported that the newChief Executive hadtaken prompt actionto address theproblems he hadinherited and variousparties to the contractwere continuing towork together toensure the systembecame fullyoperational in1999–2000.

9 62nd Report1997–98

The Purchase of theRead Codes and theManagement of theNHS Centre for Codingand Classification

In March 1990 theNHS Executivepurchased thecopyright to a clinicalcoding system fromDr Read – the ReadCodes – for £1.25m,and in April 1990they established theNHS Centre ofCoding andClassification todevelop the codes foruse across the NHS.The system isdesigned to enableclinicians and otherdata users to recordthe details of clinicalcare on acomputerised record,share and exchangecomputerised clinicalinformation and

We considered it wasa serious failing thatthe NHS Executivedid not prepare a fullbusiness case,including a costbenefit analysis orinvestment appraisal,to assess the benefitsand risks of differentoptions to justifyinvestment in theclinical termsprojects.

In addition, wenoted that theExecutive had set theobjectives for theproject in 1992, butdid not set outcriteria for measuringwhether the keyobjective had beenachieved until July1994.

The NHS Executivebelatedly agreed to afull evaluation of theRead Codes beforeimplementation.

By March 1998 theExecutive had spent£32 million, and weconcluded that itwould cost muchmore to implementthe project in full.

We expressedconcern that eightyears after the Codeswere purchased andthree years after theclinical terms projectsended, Version 3 ofthe Codes was beingtested and used inonly 12 NHS hospitalsites. We alsocommented that ifthe benefits of theCodes were as good asthe Executivesuggested, progresshad been verydisappointing.

The Executive toldus that the version foruse in hospitalswould requirecontinuous

Sound projectappraisal mustinclude a rigorousassessment of costsand benefits, and arealistic assessment ofany risks. Theseshould be containedin a properlystructured businesscase.

If departments areto secure theconfidence of users insuch projects andovercome anyscepticism about newideas and technology,independentevaluations should bea core requirement ofany majordevelopment project.

It is important thatdepartments do notfeel locked into usingprojects because theyhave already spent alot of money onthem.

continued . . .


retrieve and analyseclinical informationheld in clinicalinformation systems.

development, andthat it would onlyfunction effectivelywith the appropriateclinical systems inplace. Provided thiswas achieved it wouldtake five years toimplement, becauseimplementation waslinked to widerdevelopments ininformationtechnology. TheExecutive noted thata clear managementand accountabilityframework had beenput in place at theCentre, and internalauditors had endorsedthe new controls.

10 58th Report1997–98

Benefits Agency:Jobseeker’s Allowance

During our hearingon the AppropriationAccounts 1996–97(Administered SocialSecurity Benefits andOther Payments) in1998, the BenefitsAgency explainedthat when theyintroduced theJobseeker’s Allowancein October 1996,there were a numberof difficulties with thenew computersystem.

The systemexperienced a numberof teething problems.For example, theinterface with otherbenefits failed to workproperly in the firstmonths of operation.

The computerproblems led to theinitial high numberof clerical cases –25,000 – with agreater risk of error inthe awards processed.

High levels of erroron Jobseeker’sAllowancecontributed to theComptroller andAuditor Generalqualifying hisopinion on thisaccount.

There were alsomistakes because79,000 staff had to betrained over a longperiod. Implementingthe new benefit was ahuge challengeinvolving staff in twoAgencies across twoDepartments.

Although theAgency advised usthey were initiatingaction to assess and

Introduction of newsystems may have anadverse effect onperformance in theinitial stagesfollowingimplementation.


continued . . .

10Appendices


measure the currentscale of error in theaccuracy of clericalawards, theComptroller andAuditor General hadreported that arounda third of theestimated value oferror in the account(£46 million) wasexplained by errors inawards calculatedmanually, which hadbeen necessary as aresult of computerproblems.

11 58th Report1997–98

Benefits Agency/PostOffice CountersLimited: BenefitPayment Card

In 1996 the BenefitsAgency, inpartnership with PostOffice Counters Ltdand a private sectorsupplier (ICLPathway), began theinitial phase ofimplementing benefitpayment by paymentcard at post offices,with a view to fullimplementationwithin the next fewyears. This was aPrivate FinanceInitiative projectaimed at delivering afraud free method ofpaying benefits,developing a systemthat met recognisedaccountancypractices, enabled thePost Office CountersLtd to improvecompetitiveness andincrease efficiencythrough automation,and provided animproved level of

Trials of the cardstarted at the end of1996 and wereextended to 205 postoffices.

The project sufferedconsiderable delaysand setbacks, and amajor review wascommissioned todecide the wayforward.

In May 1999, theDepartment of Tradeand Industryannounced a revisedagreement with ICLto remove themagnetic strippayment card fromthe project. Given thedelays, this was nowan outdated concept,with clearing banksalready movingtowards the use ofsmart cards.

Building onbanking technology,POCL and DSS/BAwill be working onplans to introduce thenew arrangements in2003, withcomputerisation ofthe Post Office

The problems haveresulted in delays tothe implementationof one of the BenefitsAgency’s majorprojects to tacklefraud.

Estimated fraudsavings from theautomation of benefitpayments at postoffices, if the projecthad been completedon schedule, wouldhave been about £190million a year(including OrderBook Control Servicesavings that wouldgradually have beensuperseded byPayment Card savingsduring roll out).

Delays inimplementingprojects place them atrisk of beingovertaken bytechnologicaldevelopments.

continued . . .


service to customers.The project had anoriginal target datefor national roll outstarting in April 1999,subject to successfulcompletion of trials.

network by the endof 2001.

12 52nd Report1997–98

Intervention BoardExecutive Agency:Integrated Accountsproject

The InterventionBoard implemented anew integratedaccounting system inMay 1996. Thisfollowed previousCommittee of PublicAccounts concernsabout the Board’smanagement andaccounting systems in1990.

In implementing allthree phases of itsnew integratedaccounting system,the Board experienceddelays and significantcost overruns.

The final phase wasimplemented in asingle step withoutparallel running asthe Board judged thatit was not technicallyfeasible to do sowithout significantcosts. In addition,there was only alimited fallbackfacility to enable theBoard to revert to itsold system in theevent of problems.The Board advised usthat it was on thebest advice thenavailable that theydid not adopt parallelrunning.We were veryconcerned that anoff-the-shelf softwareproduct should havedeveloped faults sosoon afterimplementation.

We were also verydoubtful as to thevalue provided by theconsultants whoadvised the Board andwere surprised thatthey werereappointed to assistwith resolving theproblems. The Boardfelt that criticism of

There weresubstantial cost over-runs as a result ofextra consultancytime arising from thedelays. The outturnwas roughly doublethe estimated cost.

Because of theproblemsencountered in theimplementation ofthe system, they wereunable to completeessentialreconciliationsbetween certainaccount balancesrecorded in thegeneral ledger andsubsidiary accountingrecords at the yearend.

In the absence ofreconciliations, theComptroller andAuditor General wasnot able to obtain allthe information andexplanationsconsidered necessary,and thereforequalified his opinionon the accounts for1996–97. In addition,the implementationof the project costroughly twice theestimated cost.

There are significantrisks in failing toundertake parallelrunning or havinginsufficient backup. Afallback positionshould be maintainedfor a sufficiently longtime to establish thatthe new system isworking satisfactorily.

The introduction ofa major newaccounting systemmust be accompaniedby provision ofproper deskinstructions andtraining for staff.


continued . . .

12Appendices


the consultants wasnot wholly justifiedsince they completedtheir work inaccordance with theircontract.

The Boardencountered anumber of problemsincluding under-performance of thesystem which led todiscrepancies betweenthe accountsmodules; non-closureof accounting periodswhich led to incorrectpostings; softwareproblems whichresulted in postings toincorrect accountingperiods and codes;unreliable accountingreports which wereproduced as a resultof mispostings andthe incorrect linkingof account codes; andcash received whichcould not be matchedto invoices issued.

13 27th Report1997–98

Department of SocialSecurity: Measures toCombat HousingBenefit Fraud

In 1997–98 theeffective delivery ofHousing Benefit stilldepended on theexchange of over 22million pieces ofpaper between localauthorities and theBA. In 1993–94 theDepartment of SocialSecurity piloted theuse of remote accessterminals which gavelocal authoritiesdirect access to theIncome Supportcomputer system.

The introduction ofterminals improvedliaison and providedlocal authorities withinstant access toinformation, but onlya few terminals hadbeen installed at thetime of our hearing.

We considered itunacceptable thatmore than four yearssince first pilotingthese terminals,further piloting wasnow only underway,with the aim ofmaking terminalsavailable nationallyfrom April 1998.

In May 1998 theDepartment offered

The effective deliveryof Housing Benefithas remaineddependent on theexchange of millionsof pieces of paper.

Opportunities forsharing informationhave been missed.

Delays in theintroduction of ITsystems can have anadverse impact on thedevelopment ofbusiness.

continued . . .


terminals to all 409local authorities andover 350 applied forthem to be installed.The Departmentplanned to installthem by the end ofApril 1999.

The Departmenttold the Committeethat they weredetermined to addressthe difficulty inexchanginginformation betweenthe Benefits Agencyand local authoritiesby a series ofmeasures. Within thecontext of theACCORD project theyare considering aninformationtechnology strategyfor Housing Benefit.

14 33rd Report1997–98

Crown ProsecutionService

In 1989 the CrownProsecution Servicetold our predecessorsthat a new casetracking computersystem, which wasplanned to replace avariety of outdatedsystems, would be itstop informationtechnology priorityand would beimplemented by1993–94. The newsystem was intendedto improve efficiencyby capturing andmanipulatinginformation on casesmore efficiently andby generatingmanagement andperformanceinformation.

In 1997, theComptroller andAuditor Generalreported that, by theend of that year, thesystem had beenimplemented in justover half of CPSbranches, and asubstantial amount ofperformanceinformation still hasto be producedmanually.

The slippage wascaused partly bymanagement effortbeing directedtowards otherpriorities such as theintroduction ofteamworking and theneed to rescheduleimplementation totake account ofchanges in theorganisation of CPS.

The delays inimplementing acomprehensive casetracking system to theplanned timescalehampered theefficient and effectiveoperation of theCrown ProsecutionService.The originalspecification wasovertaken by changesin working practicesand new technologyand, mainly as aresult of these, in1997 the system wasexpected to cost£15.9 million, twiceas much as theoriginal estimate.

In 1997 the CPSceasedimplementation ofthe project on thegrounds that thetechnology wasoutdated. The

Long delays inimplementation canlead to projects beingovertaken bytechnologicaldevelopments.

The CPS must setkey milestones for thenew project and aclear timetable fordelivering the systemto all local staff.

Sufficient flexibilityneeds to be built intothe new system toallow for thedevelopment of dataexchange andcommunication linkswith other criminaljustice agencies andfor future changes incriminal justicelegislation.


continued . . .

14Appendices


Committee welcomedthe overdue decisionto do this anddevelop a new systemvia a PFI project.

A PFI contract for anew system is nowexpected to befinalised in autumn2000, withimplementation to allCPS branches thenexpected to take twoyears.


The HospitalInformation SupportSystems Initiative

By the late 1980s,many acute hospitalshad developed theirown computersystems. They werenot linked togetherand as a result therecording ofinformation was slowand inefficient. TheNHS Executivelaunched the HospitalInformation SupportSystems Initiative(HISS) in 1988 toexplore the costs andissues involved inimplementingintegrated systems inNHS hospitals inEngland. TheComptroller andAuditor Generalexamined six of thesixteen projectsfunded under theInitiative.

In 1996 ourpredecessors wereconcerned about theprogress of theinitiative. They notedthe gap between theExecutive’s plans andachievements inimplementingintegrated systems,and looked to theNHS Executive toconvince those trustsnot already involvedof the value of thesystems.

The Executive wentahead with oneproject despite highcosts and thesignificant risksinvolved. The factthat two majorsuppliers did notbelieve it was feasibledid not act as awarning.

Our predecessorsnoted that the NHSExecutive hadselected the threepilot projects underthe Initiative withinthe very short periodof two months.Subsequently, each ofthe projects sufferedproblems and delays.

Our predecessorsconsidered these

They noted that allsix projects examinedby the National AuditOffice hadexperienced delays,which theyconsidered were likelyto have had anadverse effect on thequality of care thosehospitals couldprovide.

It is essential thatdepartments learnfrom the lessons ofprevious projects.

The commitment ofusers such asclinicians is crucial tothe success of suchprojects. All usersneed to be involvedin the developmentof these systems.

There areconsiderable dangersin trying toimplement projectstoo quickly and notpreparing sitesproperly.

Projects should notproceed without firstestablishing thatthere are soundbusiness cases fordoing so, and withoutundertaking fullinvestment appraisalsand risk analyses.

The need toconsider evaluationmechanisms at anearly stage is integralto all initiatives ofthis kind.

continued . . .


delays may havestemmed, at least inpart, from theExecutive’s failure toprepare the hospitalsto run their projects,and that they mighthave obtained bettervalue for money hadthey taken more timeto ensure hospitalswere fully prepared.The Executive arguedthat in view of theinnovative andcomplex nature ofthese projects allreasonable steps hadbeen taken to managethem effectively.

Our predecessorswere concerned thatprojects proceededwithout soundbusiness cases beingestablished. Althoughthe aim was to learnlessons to inform thedevelopment ofintegrated systems inother hospitals, ourpredecessors weresurprised that thedevelopment offormal evaluationmechanisms was onlystarted four yearsafter the start of theinitiative. TheExecutive replied thatfull business cases forearly pilot sites, asdefined by today’sstandards, were notrealistic given thedecision to invest inorder to understandthe issues.


continued . . .

16Appendices


16 HC 11-v1996–97

Northern IrelandVehicle SystemReplacement Project

In the early 1990s theDriver and VehicleLicensing Agency(DVLA) decided toreplace the NorthernIreland vehicle systemat a cost of £3.93million, forimplementation byMarch 1994. In 1997the Comptroller andAuditor Generalreported on the writeoff of £3.7 million offruitless expenditureincurred on theproject.

Work began inOctober 1992 on aproject definitiondocument to developa detailed systemdefinition. Thecontractor, DVOIT,requested only ahigh-level userrequirement as thereplacement systemwas intended to be aconversion of theexisting system plusfixes of existingfaults.

Over time,amendments to theuser requirement wereneeded to correctmisunderstandings,and changes werecited as reasons forincreasing costs.

In 1993 DVOITincreased their costestimate fordevelopment stafftime from £2.3million to £3.4million, citingchanging userspecifications andprevious mis-estimates as reasons.The project cost roseand DVLA repeatedlysought details of costsincurred to date fromDVOIT. Informationwas not forthcoming,partly because theDVOIT projectmanager was changedthree times.

In December 1993,the contractor,DVOIT, was sold toEDS. In February1994, EDS informedthe project board thatthe additional workrequired to completethe project would putback theimplementation date

In March 1996 theproject wasabandoned, andfruitless expendituretotalling some £3.7million written off.

In November 1995CCTA reported coststotalling £3.5 millionhad been incurred onthe project toNovember 1995. Thecompletion date hadslipped from March1994 to November1996, and totalproject costs wereforecast to exceed by71 per cent (£2.78million) the originalbusiness caseapproved by theTreasury.

A new system wasbeing developed atthe time theComptroller andAuditor Generalreported.

Business cases mustbe based on a clearunderstanding of userrequirements andidentify clearly andrealistically the costof individualcomponents of theproject.

Contracts should,wherever possible, beawarded on a fixedprice basis and shouldnot be open-ended.This transfers risk tothe supplier andwould prevent costoverruns.

It is essential thatthere are clearlydefined roles andresponsibilities for theparties to thecontract.

continued . . .


from March 1994 toJanuary 1995. Theyalso revised theestimate of the totalproject cost to £5.95million.

Following ameeting with EDS inFebruary 1995, theproject board askedCCTA to review theEDS proposal and costestimates. CCTAidentified projectmanagement as asignificant problem. Itwas cumbersome andinefficient. Inaddition, projectmanagers had toadapt to the changingnature of therelationship with thecontractor from in-house supplier, toexecutive agency, toexternal commercialsupplier. Lack ofcontinuity of keyproject staff was alsoa problem.

17 24th Report1996–97

Inland Revenue-Payand File

In October 1993 theDepartmentintroduced newprocedures forassessing andcollecting corporationtax known as Pay andFile. These requiredcompanies to payover corporation taxbased on their owncalculation ofliability, and to filethe tax return onfixed dates. The newarrangements weredesigned to

Our predecessorsreported that the newcomputer system tosupport Pay and Filehad been introducedto time and budget.

The system wasdescribed by theDepartment asperhaps the mostcomplex they had sofar introduced.

The Departmentadvised ourpredecessors that inthe early days therewere teething troublesand in the availabilityof the system to staffwas in the low

The availability of thesystem was less thanexpected for a whileafter introduction.

It is important tokeep an expert teamin being some timeafter the systembecomes operationalso that any teethingproblems can be putright as quickly aspossible.

Carefulconsideration needsto be given to thetype of trainingavailable to staffusing new systems.


continued . . .

18Appendices


streamline theadministration of taxby reducing the needfor estimatedrequirements andconsequent appeals.The Departmentintroduced a newcomputer system tosupport Pay and File.

nineties, as against 99per cent they hadhoped to achieve.This improvedsubsequently andreached 100 per centat times.

The training for thenew system did notgo as well as they hadhoped. TheDepartment told ourpredecessors that theymisjudged the speedand facility withwhich someinspectors would taketo computer training,and had relied toomuch on distancelearning, and notenough on tutor-ledtraining.

In retrospect, theyacknowledged that ithad taken some timeto develop the rightblend of training.Lessons learnt herehad been applied tothe introduction ofIncome Tax Self-Assessment.

18 15th Report1995–96

Department forEducation andEmployment –Teachers’Superannuation scheme

Teachers in both thestate andindependent sectorscan belong to theTeachersSuperannuationScheme, administeredby the Teachers’Pension Agency, anExecutive Agency ofthe Department forEducation andEmployment. In 1991the Departmentdecided to invest in a

The GovernmentActuary reviews thescheme every fiveyears and makesrecommendations oncontribution rates.

The Departmenthad expected that thenew IT system wouldenable them toprovide theinformation requiredstraight from the newdatabase. However,the system had failedand was the subjectof litigation at thetime of ourpredecessors’ hearing.

The Agency hadhad to go back to the

The review by theGovernment Actuarycovering the period to1991, was delayedprincipally bydifficultiesexperienced by theDepartment andAgency in providinghim withinformation. At thetime of ourpredecessors’ hearingthe review had notbeen completed.

The Agency advisedour predecessors thatthey now collectedinformation on a yearby year basis so thatat the time of the

continued . . .


major new computersystem for thescheme.

original database andapply interrogationprograms to it.However, these hadnot been ready andhad neededupgrading.

next review theywould not have to gothrough five year’sinformation fromscratch.


Department ofEducation andEmployment: Computersystems for trainingand enterprise councils

In 1988 theDepartment ofEmployment decidedto introduce anintegrated computersystem – the FieldSystem – into theirregional and areaoffices responsible fordelivering trainingand enterpriseprogrammes. Laterthat year theGovernment createdTraining andEnterprise Councils(TECs). TheDepartment decidedto press on withimplementation inorder to meet the ITneeds of TECs whenthey started in 1990.

The Departmentadjusted the design ofthe Field System tomeet the core needsof TECs, and theyexpected TECs to usethe system well intothe 1990s.

The Departmentexperiencedsignificant problemsin developing andimplementing thesystem, which in theview of many TECs,did not adequatelymeet their needs.

Following a reviewof TECs informationtechnology needs, theDepartment ceased toprovide informationtechnology systemsand services directlyto TECs, whoassumed thisresponsibility fromApril 1993. TheDepartment arguedthat the system wasnever intended tomeet all TECs’ needsand it was designedto enable them todevelop their ownsystems as theiroperatingrequirements becameclearer.

The cost of theredesigned systemwas estimated in thebusiness case as £71million. By 1993 theDepartment had

The Departmentspent £48 million onthe Field System butmost TECs consideredthat it had notenhanced theirperformance. TheDepartmentdisagreed, believingthat the systemconsiderablyenhanced TECs’performance. Itprovided them withtheir core accountingand managementsupport systems,without which, forexample, their abilityto handle moneyfrom the Departmentwould have beenweakened.

The Departmentdid not share theCommittee’sconclusions aboutThe Field System,which they stated wasdelivered withinbudget andsubstantially to time.They stated thatplanned savings hadbeen secured andmost of the expectedbenefits secured.

Full involvement ofprospective users isessential if projectsare to meet fully userneeds. Systematic riskanalysis is essentialbefore embarking ona high risk project.

Projectmanagement staffmust have thenecessary backgroundand experience.

Departmentsshould not engageconsultants in ahaphazard manner.


continued . . .

20Appendices


spent £48 million, ofwhich about £19million was onhardware.

20 27th Report1993–94

Ministry of Defence:Disposal by Sale ofDefence SurplusEquipment and Stores

In April 1991 theDepartment installeda new system to aidthe efficiency of theSales Directorate.

The Departmentinstalled a newcomputer system inApril 1991 to aid theefficiency of theDirectorate, but thecosts of the systemrose substantially andnearly three yearslater it was notfunctioning properly.

Problemsexperienced includedhardware lock-ups, alack of propertrunking and cabling,inadequate trainingand insufficientprofessional support.

One problem withinstallation of thecomputer system hadbeen a lack ofappreciation of theDirectorate’srequirements. Therewas an internal‘disconnect’ betweenthe Directorate andthe Department’scomputerorganisation; theyhad not got it rightbetween them, sowhat had beenimplemented hadbeen inadequate.

The Departmentaccepted that therewere substantialproblems associatedwith theimplementation andthat they hadunderestimated thescale of the task.

As a result theDirectorate did nothave an adequatecomputerisedinformation system,and were relying on alargely manualdatabase, whichhindered the timelyextraction ofinformation formanagementpurposes.

The Departmentacknowledged to ourpredecessors that thiswas not a large,complex system, butit was absolutelyessential to theprovision of adequatemanagementinformation on thedisposals operation.

The cost of theproject had overrunby 43 per cent.

Departments mustensure that theircomputerrequirements areclearly understood.Clear definition ofrequirements is abasic tenet of goodpractice and thereshould be good co-ordination betweenIT experts and users.

Departments mustassess carefully thesize of the task andensure that they havean adequate system ofproject management.

continued . . .


21 63rd Report1992–93

Wessex Regional HealthAuthority – RegionalInformation SystemsPlan

In 1984 the Authoritylaunched theirregional informationsystems plan. Thiswas intended toprovide computersystems which wouldoptimise the use ofinformation toimprove clinical andother health services.In April 1990 theplan was abandonedwith at least £43million having beenspent.

In July 1992 theappointed auditorreported on seriousfailures in themanagement of theproject.

These included afailure to control theactivities ofconsultants uponwhom the region washeavily reliant. Therewere serious failingsin contract, financialand managementcontrols, such as theawarding of acontract following atendering processwhich did not enablemeaningfulcomparisons to bemade.

There were seriousconflicts of interest ata senior level withinthe authority.

Given theambitious nature ofthe project and therisks that moneywould be wasted if itdid not succeed,appropriate targetsand penaltyprovisions wouldhave encouraged thecompany to work forits success and securea measure ofprotection for thetaxpayer.

Our predecessorsstated that theserepresented a seriousfailure on the part ofthe Regional HealthAuthority to secureaccountability fromthe then RegionalGeneral Manager andfailure on the part of

After expenditure ofsome £43 millionover a period of sixyears, the project wasabandoned in April1990 without anysignificant benefithaving accrued to theregion.

The NHSManagementExecutive considered£20 million waswasted between 1984and 1990.

Bodies should avoidundue reliance onconsultants.


continued . . .

22Appendices


the NHS ManagementExecutive to act withsufficient urgency.

22 57th Report1992–93

West MidlandsRegional HealthAuthority

Our predecessorsreported that in April1990 the RegionalSupplies Division ofthe West MidlandsRegional HealthAuthority enteredinto an arrangementwith a majorcomputing firm tocarry out preparatorywork for thedevelopment of anelectronic tradingsystem. The businesscase anticipateddevelopment costsover the first fiveyears of £5.3 million,offset by royaltiespaid by thecontractor, estimatedat £3.9 million.

Development startedin May 1990 andcontinued untilJanuary 1992, whenwork was halted,following the settingup of the NationalHealth ServiceSupplies Authority. ByJanuary 1992 thecontractor had billedthe Regional HealthAuthority for £7.3million.

Our predecessorswere advised that thecontractor produced aworking system inline with theAuthority’s changingrequirements, andthat it was in partialuse at four sites untilDecember 1992,when the Authoritydecided not toproceed with thedevelopment.

The project was notviable becauseinformationcontained in thebusiness plan wasspeculative andunrealistic.

Proper marketresearch was notcarried out andsuppliers were notconsulted. Estimatesof supplier take upwere significantlyoverstated. Potentialcustomers were notconsulted and theroyalty projectionswere unrealistic.

Losses made herewere part of the wasteof at least £10 millionas a result of seriousshortcomings inmanagement, controland accountabilitywithin the HealthAuthority.

Business plans mustbe realistic andsoundly prepared.

continued . . .


23 50th Report1992–93

Northern IrelandEducation and LibraryBoards InformationStrategy

In 1984 theDepartment ofEducation forNorthern Irelandbegan to develop acommon IT strategyfor administrativefunctions within thefive Education andLibrary Boards.Expenditure ondevelopment andimplementation costswas £15 million by1991.

In the absence of anyexpertise in IT on thestrategy SteeringGroup, they werewholly dependent onconsultants. TheGroup decided not toseek CCTA’s servicesbut rely onconsultants’ ownmethodology forprocurement.

Because the Groupdid not adequatelyspecify the Board’srequirements forthree priorityfinancial systems, thesupplier had notprovided hardwaresizing calculations oran undertaking thatits proposed hardwaresolution would satisfythe Board’s needs andthe Steering Grouphad not challengedthe supplier’sproposals, thecomputers purchasedwere not capable ofmeeting the Board’sneeds.

The supplier wasnot able to provide afully integratedsystem and offeredseparate payroll andsoftware packageswhich were to belinked to allow forthe transfer of data.The linking of thetwo packages provedto be a critical andpersistent problem.

There weredeficiencies in theproject managementmethodology,including the absence

The Committee wereconcerned at poorvalue for money froma strategy thatbetween April 1985and March 1991 costmore than £15million.

Care should be takento specify userrequirements in asmuch detail aspossible.

Purchasers shouldavoid being toodependent onconsultants.

There must be aclear statement ofobjectives and theestablishment ofeffective projectmanagement at thestart of any project orprogramme.

There must be aclear statement ofwhat has actuallybeen achieved againstobjectives at the endof the project.

Evaluations ofprojects are veryimportant in enablinglessons to be learnedfor the managementand development offuture projects.


continued . . .

24Appendices


of detailed costmonitoring. Only alimited number ofproject managementevaluations wereundertaken and theywere not regarded asadequate.

24 13th Report1991–92

Ministry of Defence:Support InformationTechnology

The Ministry ofDefence use IT formanagement andadministration, andfor planning andconducting militaryoperations. TheNational Audit Officeexamined theirperformance indelivering IT systemsand improving theplanning andmanagement ofinformationtechnology.

Our predecessorsrecognised thecomplexities involvedin implementing ITin a largeorganisation such asthe Ministry ofDefence, butconsidered the cost ofthe learning processwas unacceptablyhigh.

There were anumber of problemswith the LANDSCAPEproject. It sufferedfrom successive delaysdue to changing userrequirements, thecontractor’sachievement on thesoftware wasimperfect and thehardware wasunsuitable for theproject.

Fundamentalmisjudgements weremade on the SEMAproject which led to anine-fold increase inthe developmenteffort required.

User involvementin IT had beeninsufficient to ensurethe systems werecapable of meetingbusiness needs.

The 1988 ITstrategy identifiedproject managementweaknesses as a factorin the failure to fullyrealise the benefits ofinvestment in IT.

All nine systemsexamined hadsuffered delaysvarying from fivemonths to two years,postponing theachievement ofpredicted benefits.

Of four systemssubjected to postimplementationreview, only one hadachieved all intendedfinancial andoperational benefits.

The LANDSCAPEproject had resultedin a loss of some £6million.

In the mid-1980sthe Departmentrecognised the needfor coordinatedplanning and in 1988approved a strategyfor support IT.

Clear definitions ofuser requirementswere important beforegoing ahead withprojects.

The Departmentrecognised the needto break projectsdown into shortertranches and applystrict control overrequirement changesduring development.

Post-implementationreviews are crucial inensuring thatexpected benefitshave been achievedand in identifyinglessons for the future.

continued . . .


25 HC 163-II1990–91

Foreign andCommonwealth Office– AppropriationAccounts

The Foreign andCommonwealthOffice implemented anew computerisedaccounting system.

In 1987 the Foreignand CommonwealthOffice decided toreplace itscomputerisedpayment andaccounts system.

The Departmentemployed consultantsto study theDepartment’s book-keeping system anddefine futurerequirements. In 1988they made a firmrecommendation fora package, which thedepartment accepted.

The Departmentaimed to start parallelrunning from autumn1988. As their IT staffdid not have the timeand the FinanceDepartment did nothave the experience,the Department askedthe consultants toundertake the testing.The software couldnot be delivered totime and thecompany ran intofinancial difficulties.Eventually theydelivered the finalpart of the softwarebut went intoliquidation and couldnot deal withproblems arising.

The Departmentbegan parallelrunning in November1989 but identifieddiscrepancies in theaccounting data.Shortly afterwards theold computer brokedown and could notbe repaired. TheFinance Department

Because of difficultiesin implementing anew computerisedaccounting system,the Comptroller andAuditor Generalreported that theForeign andCommonwealthOffice were unable toproduce their fourAppropriationAccounts for 1989–90to the agreed auditand publicationtimetables.

The accounts weresigned by thestatutory date, butthe Department hadbeen unable tobalance their booksacross the combinedaccounting recordsproduced by the newcomputerised system.

Expenditure on thenew system to theend of September1990 amounted tosome £937,000, two-thirds more than theoriginal estimate. Thecost over-run was duealmost entirely to theextra cost ofconsultants’ feesarising from problemsexperienced duringthe extendedimplementationperiod.

It is essential thatbodies draw upcontingency plans tocover the risk that thesystem will not bedelivered on time.


continued . . .

26Appendices


had no option but torun the new systemeven though it hadnot been fully testedand was known tohave faults.

Problems persistedincluding hardwaredifficulties andtechnical problems.By May 1990 it wasapparent that thediscrepancies couldnot be resolved. Staffwere drafted in toundertake a majorreconciliation.

Source: http://www.publications.parliament.uk/pa/cm199900/cmselect/cmpubacc/65/6509.htm (Prepared 5January 2000 – ® Parliamentary copyright 1999)


APPENDIX 3: INTERNET AND E-MAIL POLICIES AND GUIDELINES

The following is an example of the kind of E-mail and Internet usage policywhich employees should be made aware of and comply with (taken fromM. Hart, ‘Internet Law’, Computer Law & Security Report, Vol. 14, No. 4,1998).

Important Guidelines and Warnings for Use of E-mail and Voice-mailThe guidelines and warnings listed below are of critical importance and

non-compliance could in certain circumstances constitute a serious dis-ciplinary matter.

1 Beware what you say in E-mail or voice-mail. Improper statements cangive rise to personal or company liability. Work on the assumption thatE-mail messages may be read by others.

2 Never send abusive, sexist, racist, or defamatory messages.3 Never send strictly confidential messages via the Internet.4 Never import non-text files or unknown messages onto your system

without having them scanned for viruses. If you have not been properlytrained to scan for viruses never import such items.

5 Always remember that E-mail or voice-mail messages, however con-fidential or damaging, may have to be disclosed in court proceedings orin investigations by competition authorities/regulatory bodies if relevantto the issues.

6 Do not create E-mail congestion by sending trivial messages or unneces-sarily copying E-mails and do not advertise by E-mail or send messagesfor missing items unless genuinely urgent for business reasons. Usebulletin boards.

7 Always make hard copies of E-mails which you need to retain for recordkeeping purposes.

8 Ensure that you obtain confirmation of receipt of important messages.9 Do no download, copy or transmit to third parties the works of others

without their permission as this may infringe copyright.10 Take care and obtain legal advice before entering into contractual com-

mitments by E-mail or voice-mail.11 Do not view or download offensive or pornographic literature on office

equipment.

APPENDIX 4: THE INTERNET AND HOW IT CAME INTO BEING

The early years – late 1950s early 1960sOn 15 October 1957, the Union of Soviet Socialist Republics (USSR), alsoknown as Soviet Russia, launched Sputnik One, the world’s first man-madesatellite, into space. A month later, they launched Sputnik Two. The USpresident at the time, Dwight D. Eisenhower, was a strong advocate ofscientific research, believing it to be crucial in maintaining the upper handin the Cold War of the period. The launch of Sputnik was the main catalystfor the allocation of budgets and facilities to set up government agenciesdedicated to the development of new technology. Never again did theAmericans want to be behind in discovering the latest technologies. Two ofthe new government agencies formed as a result of the decision byEisenhower were called the National Aeronautics and Space Administra-tion (NASA)1 and the Advanced Research Project Agency (ARPA).2

The history of the Internet centres around ARPA, which was set up in1958 with a staff of seven people and an annual budget of US $150 million(the remaining US $1.85 billion of the US $2 billion budget going toNASA), which later rose to $250 million. In an environment that wasobsessed with nuclear warfare and attack by the enemy, this technologywas developed with the underlying need to design a multi-node com-munications system that was not centrally controlled and could withstanda nuclear or other enemy attack or ‘normal’ system failure without dis-abling the entire communication network. Paul Baran, a Polish emigre,working for the US RAND3 Corporation, published his ideas in ‘On dis-tributed communications’ in the 1960s. In this he described the concept ofminicomputers using packet switching4 communication over low-costtelephone line links, a ‘network of unmanned digital switches imple-menting a self-learning policy at each node, without need for a central andpossibly vulnerable control point, so that overall traffic is effectively routedin a changing environment’.5 The network would be assumed to beunreliable at all times and so all the nodes in the network would be equalin status to all other nodes – each node with its own authority to originate,pass and receive messages. Electronic messages would be divided intosmaller packets, each packet separately addressed would begin at somespecified source node and end at some other specified destination node.Each packet would find its way to its final destination, selecting the mostefficient route. If a large part of the network no longer existed, packetswould simply either re-route or be transmitted again.

The same concept was independently thought up a few years later byDonald Davies at the National Physical Lab (NPL) in Britain, who proposeda countrywide packet communications network. The term ‘packet’ and‘packet switching’ was taken from Davies’s work. Baran had called it

‘message block’ and ‘distributed adaptive message block switching’. Barannot only conceived the essential technical features of the Internet, he alsoprophesied the economics of the exponential growth in transmission ofdigital data and relatively low network costs that would make the experi-mental network a universal infrastructure.

Experimental networking – mid-1960s to early 1970sIn the mid-1960s, the director of IPTO,6 Bob Taylor, was sitting in front ofthree computer terminals at ARPA and wondered why all three computerscould not be connected together with one password and code language,instead of three different languages and passwords. It was Bob Taylor whofirst had the idea of networking computers together. The NPL in Britain setup the first test network on these principles in 1968. Shortly afterwards,ARPA decided to fund a larger, more ambitious project in the USA,intended as a means of linking computers at scientific laboratories acrossthe country so that researchers might share computer resources. TheARPAnet connected large mainframe computers together via smaller gate-way computers, or routers, known as Interface Message Processors (IMPs).The IMPs dismantled information into small chunks (packets); transmittedthe packets of information to a destination computer known by anaddress; and checked for transmission errors; retransmitted damaged pack-ets and reassembled packets at the destination sites. In order for imps andhost computers to be able to communicate together, ARPAnet researchers(one of whom was Vint Cerf, later to be known as the ‘father of theInternet’) created network communication protocol (NCP).7 The very firstARPA network (ARPAnet) consisted of four nodes or IMPs at the Universityof California, Los Angeles (UCLA); Stanford Research Institute (SRI); Uni-versity of Utah, Salt Lake City (UUSLC); and the University of California,Santa Barbara (UCSB). The four computers could transfer data on dedicatedhigh-speed transmission lines; they could be programmed remotely fromthe other nodes; and they could share one another’s computer facilities bylong distance. The first characters transmitted over the new network, were‘L, G and O’.

The ARPAnet continued to grow and develop, and by 1971, it hadgrown to 20 nodes and 30 university sites across the USA, using theNetwork Communication Protocol. In 1972, Ray Tomlinson in the USAinvented an e-mail programme for exchanging messages with other userson the network. He needed a way to separate the name of the user from themachine the user was on, in the e-mail address. Looking at his keyboard,he selected a character that would not be part of any name: ‘I got there firstso I got to choose any punctuation I wanted, so I chose the @ sign!’8

30Appendices

Hypertext was invented by Ted Nelson, a computer scientist in the late1960s, who wanted to be able to look at a number of related documentswhile he was reading one.

Discipline specific research – mid-1970s to mid-1980sThis stage of development was filled with intense experimentation inlinking different kinds of networks (radio, satellite and international).Throughout the 1970s, ARPA’s network grew and the project was trans-ferred to the US Department of Defense, becoming DARPA. The decen-tralised structure of the network made expansion easy and the networkbecame international, with France and England adding their networks,which were similar to the early ARPAnet.

During 1973–4, Vint Cerf and his colleagues were working on aprotocol to enable different networks to communicate and link to eachother coherently. This protocol was known as Transmission Control Proto-col (TCP), a critical part of networking today. By 1978, further research anddevelopment had advanced to create a more sophisticated protocol thatseparated routing and addressing packets, and so TCP/IP was created. In1983, there was a transfer from the original ARPAnet protocol to TCP/IP.The size of the network by then was a few hundred hosts large and thenetwork was becoming heavily used, particularly by universities, and itbegan to overload. A new network was created – MILNET – servicing onlymilitary sites.

General research networking – mid–end 1980sThe Internet as we know it today was now being born. In 1984, theadministration of ARPAnet became the responsibility of the US NationalScience Foundation (NSF). The system for assigning names to computerson the network (domain name system – DNS) was also introduced.

The NSF initiated a programme where five supercomputer centreswould be set up with a high-speed network (T1 operating at 1.544Mbps)connecting them to create a faster network based on the preceding tech-nology and protocols. This enabled the academic community to access thesupercomputers. In 1988 a graduate student at Cornell University unlea-shed the first Internet virus affecting 3,000 computers. By 1989 theInternet was becoming more commercialised and it was increasingly diffi-cult for ARPAnet to keep up with new technology and continue beingfunded. In 1990, ARPAnet was officially decommissioned and NSFnet

Appendix 4: The Internet and how it came into being31

inherited its role as the research and education communities’ backbonenetwork.

Privatisation and commercialisation – early 1990sIn the early 1990s, NSF lifted the restrictions on commercial use andfunding from the network, and corporations such as UUNET and PSInetbegan to develop Internet services. During this period, Tim Berners-Lee, anOxford University graduate working at CERN (the European Particle Phys-ics Laboratory in Geneva), developed an information system using a clientprogram (browser) to retrieve and view hypertext9 documents stored oncomputers everywhere. Hypertext, the concept of linking a large numberof documents together via links within each document, was the mainconcept of this new system, which Berners-Lee called the World Wide Web.An undergraduate student at the University of Illinois later developed aWeb browser – Mosaic (later known as Netscape) – enabling users to accessand view multi-media Web content. Gopher, a search program, was alsodeveloped at this time. All of these early Internet pioneers allowed free andopen access to their inventions, and business and the media in the USA, inparticular, began taking an interest in the Internet infrastructure that wasdeveloping, exploring how it could be exploited commercially.

High-performance computing and communications – mid-1990sThis stage of development continued the evolution toward a commerciallyself-sustained Internet. In 1995 NSFnet was decommissioned and the trafficrouted through the new very high-speed Backbone Network Service(vBNS), running at speeds of 155 Mbps, with a new architecture based onNetwork Access Points (NAP).10 This vBNS was now administered by aprivate telecommunications company (MCI). At this time, other privatetelecommunications companies were also developing vBNS in the USA,across Europe and the Far East, using the latest technology to provide high-speed Internet access.

National information infrastructure – mid-1990s–presentAt this stage the infrastructure has been developed and the access tonetworking is being made ubiquitous and international. New consumerapplications are being developed with potential convergence of comput-ing, entertainment, telecommunications, the Internet, cable TV, wireless

32Appendices

telephones and information provider industries. New markets and syner-gies are still emerging.

Notes1 www.nasa.gov2 www.arpa.gov3 A not-for-profit research and development organisation.4 The key idea of packet switching is the division of each communication into

individual, equal-sized packets. These packets are then sent individually totheir destination through the network, and the entire message is reassembledwhen all the packets arrive. There are a range of procedures for retransmissionof packets that might get lost in the network.

5 Paul Baran, ‘On distributed communications’: http://www.rand.org/publications/RM/RM3420/index.html (accessed December 2001).

6 Information Processing Techniques Office, a computer research programme atARPA.

7 An agreed-upon format for transmitting data between two devices. Theprotocol determines the type of error checking to be used; data compressionmethod, if any; how the sending device will indicate that it has finishedsending a message; and how the receiving device will indicate that it hasreceived a message.

8 Ray Tomlinson, K. Hafner and M. Lyon, Where Wizards Stay Up Late: TheOrigins of the Internet. Touchstone Edition, 1998. p. 192.

9 A special type of database system, invented by Ted Nelson in the 1960s, inwhich objects (text, pictures, music, programs, and so on) can be creativelylinked to each other. (www.webopedia.com)

10 Originally, four NAPs – in New York, Washington, DC, Chicago and SanFrancisco – were created and supported by the National Science Foundation aspart of the transition from the original US government-financed Internet to acommercially operated Internet. NAP is one of several major Internetinterconnection points that serve to tie all the Internet access providerstogether. The NAPs provide major switching facilities that determine howInternet traffic is routed. (www.whatis.com)

Appendix 4: The Internet and how it came into being33

APPENDIX 5: WHO MANAGES THE INTERNET?

The following is the hierarchical structure of bodies ‘managing’ theInternet:

● Internet Society (ISOC)1 – a non-profit, non-governmental professional-membership organisation that coordinates the use of numerous Inter-net applications and protocols. The founding and current membersinclude organisations such as CISCO, France Telecom, CERN, Intel,Microsoft, Novell, Nippon Telecommunications and Hewlett Packard.

● Internet Architecture Board (IAB)2 is a technical advisory group for ISOC,responsible for defining the overall architecture of the Internet andproviding direction for the IETF. The IAB website categorically statesthat ‘The days when the IAB could be regarded as a closed bodydominated by representatives of the United States Government are longgone’.3 However, of the 12 nominated IAB members seven are US based,with one each in Australia, Canada, Britain, The Netherlands andSwitzerland.

● Internet Engineering Task Force (IETF)4 improves the Internet’s technologystandards. The Internet protocol suite, as defined by the IETF and itssteering group (IESG), contains definitions of numerous parameters,such as Internet addresses, domain names, protocol numbers, portnumbers and many others. The IETF consists of Internet administrators,designers, vendors, and researchers interested in the evolution of theInternet architecture. The IETF consists of ten working groups, each ofwhich is responsible for a different part of the Internet. Their websitelists the area directors, all of whom are from US-based organisations,including CISCO, IBM, SUN, Lucent Technologies, MIT University andHarvard University. The IETF also facilitates technology transfer fromthe Internet Research Task Force, and provides a forum for the exchangeof information between Internet vendors, users, researchers, contractorsand managers.

● Internet Research Task Force (IRTF)5 – the mission of the IRTF is toconduct research into the long-term future of the Internet. The IRTF iscomposed of a number of small research groups that work on thedevelopment of Internet protocols, applications, architecture and tech-nology. It is composed of members that serve for extended periods, butas individuals and not as representatives of organisations. The Chairs ofthe groups are dominated by representatives from US organisations,including CISCO, Nortel Networks, Information Science Institute (US),GST, AT&T, Network Associates. Any technologies developed as a resultare brought to the Internet Engineering Task Force working groups.

● Internet Corporation for Assigned Names and Numbers (ICANN)6 managesthe domain-name system and the allocation of Internet Protocol num-bers. Up until 1998, the technical infrastructure of the Internet had

been run by US government agencies, such as DARPA and the NationalScience Foundation. However, as the Net began to grow into a world-wide resource, the US government began to look for a way to transferthese administration functions to the private sector. To achieve thisgoal, it signed a Memorandum of Understanding between the USDepartment of Commerce and an organisation called the ICANN on 25November 1998. ICANN describes their goal as being to ‘preserve thecentral coordinating functions of the global Internet for the publicgood’. ICANN has responsibility for the assignment of Internet protocolparameters, oversight of the domain-name system, allocation of IPaddresses and management of the root-server system.

● Internet Assigned Numbers Authority (IANA)7 manages the Internet Proto-col numbers for ICANN. It has the responsibility for ensuring thatInternet parameters and protocol values are assigned uniquely andcorrectly. It is the central coordinator for the assignment of IP addressesand manages the Root Domain Name Service.

● Network Solutions (NSI) – from 1993 to 1999, under contract with theNational Science Foundation to be the sole provider of domain-nameregistrations in the three public top-level domains, ‘.com’, ‘.net’ and‘.org’. The NSF paid for all registrations until 1995, and then allowedNSI to charge users when the number of registrations began to sky-rocket. On 6 November 1998 NSI registered its three millionth domainname – lizzybee.com, for Bozart Toys, Inc. A year later it had registeredmore than six million domain names.

In 1999, ICANN chose a list of Accredited Registrars as alternativesuppliers to Network Solutions to register domain names (hence thecross on the box in Figure 2.8). Network Solutions has implemented aregistry site to be shared with all of the accredited registrars, and eachregistrar must pay Network Solutions a fee for its use. Network Solu-tions was recently acquired by Verisign Inc. and still manages thecentral database.

● Accredited Registrars8 – the current list of international domain-nameregistrars accredited by ICANN. Any of these registrars can provide thesame domain-name registration services as any other site, and socompete on price and service.

Notes1 www.isoc.org2 www.iab.org3 Brian Carpenter, former IAB Chair, writing in 1996: http://www.iab.org/

connexions.html (accessed December 2001).

Appendix 5: Who manages the Internet?35

4 www.ietf.org5 www.irtf.org6 www.icann.org7 www.iana.org8 www.internic.net/alpha.html

36Appendices

APPENDIX 6: GUIDELINES FOR DATA PROTECTION

The Data Protection Office1 issues a number of guidelines for data con-trollers using the Internet,2 for example:

● Obtaining consent from individuals before publishing their personaldata on a website or processing data obtained from a website.

● Informing users who the organisation is, what personal data is beingcollected, processed and stored and the purpose before a user gives anyinformation, when they visit the website.

● Making visible the privacy policy or statement on the website.● Informing users when ‘cookies’ or other covert information about them

is used.● Only collecting or retaining personal data if it is strictly necessary for

the organisation’s purpose. For example, a person’s name and fulladdress is not required to provide an on-line quotation. If extrainformation is required for marketing purposes, this should be madeclear and the provision of the information should be optional.

● Designing systems to avoid or minimise the use of personal data.● Protecting sensitive or valuable information, such as financial details

(during collection and storage), by using reliable and new encryptiontechnologies.

● Ensuring that data can be corrected, changed or deleted upon the user’srequest, and informing third parties to whom the original informationwas communicated.

● Regularly deleting out of date or unrequired data.● Using personal data collected on-line for marketing purposes, only

when the user has already been told how their information is to beused. Individuals should always be given the opportunity to opt in orout of the use of their data for marketing.

Notes1 http://www.dataprotection.gov.uk/dpr/dpdoc.nsf2 ‘Internet: Protection of privacy–data controllers’, Version 4, January 2000:

http://www.dataprotection.gov.uk/dpr/dpdoc.nsf/ed1e7ff5aa6def30802566360045bf4d/bfde81c19f939c878025689200302798?OpenDocument

appendices - sagepub.com · appendices appendix 1: osi reference model 1 ... £100 a week. in...

Documents