It's because they're procured based on verifiable requirements, and yet there's no way to specify a verifiable requirement for user interaction.
Security is almost the same. 'Must be secure!'. Unless they procure and schedule independent penetration testing and code audit (if they even get the code), the vendor is able to deliver insecure code with a horrible UI and still be 100% within the terms of the contract.
The reason government doesn't do more agile is because the politics of the stakeholders can get crazy, with the end result being constantly shifting goal posts and nothing delivered. So they require Commercial Off The Shelf (COTS - give us something that already works), and yet due to the requirements... there's always significant customization required. I wish someone in government understood this : P
Security is almost the same. 'Must be secure!'. Unless they procure and schedule independent penetration testing and code audit (if they even get the code), the vendor is able to deliver insecure code with a horrible UI and still be 100% within the terms of the contract.
The reason government doesn't do more agile is because the politics of the stakeholders can get crazy, with the end result being constantly shifting goal posts and nothing delivered. So they require Commercial Off The Shelf (COTS - give us something that already works), and yet due to the requirements... there's always significant customization required. I wish someone in government understood this : P