The National Audit Office report published yesterday denigrates GOV.UK Verify to ‘yet another government IT failure’ and permits commentators to lament GDS failing to live up to its promise. The report fails to consider the enormity of the digital identity problem that GOV.UK Verify aims to address or the complexity of implementing almost any solution across independent government departments. While the ‘hard hitting’ has captured news headlines, it shed little light on the complex subject or what government policy should be.
It is hard to see how the National Audit Office report creates the environment for progress when it writes without context and balance. Politicians, privacy advocates and private sector businesses deserve a better critique of the Government Digital Service innovative approach to addressing a weakness in the digital infrastructure that now supports money laundering and criminal finance estimated to account for 3 – 8% of world GDP. It is an audit that fails to account for the cost of doing nothing.
In contrast, the recent TechUK paper calls for action on digital identity. As a non profit, technology agnostic membership organisation representing key stakeholders in the UK identity ecosystem, Open Identity Exchange can help, and indeed is helping, government to drive forward the recommendations outlined in the paper:
“Recommendation 1: The UK government should establish a policy to facilitate the creation of a fully functioning digital identity ecosystem, which operates across public and private sectors.” For over seven years, Open Identity Exchange has helped governments understand the identity needs of the private sector, providing a route to expertise on private sector Identity standards, schemes and signals so that identity can be secured and privacy protected.
“Recommendations 2 is that that one point of contact should be nominated within the Government as lead on digital identity.” Open Identity Exchange, whose board of directors includes includes representatives from HSBC, Barclays, Timpsons, British Airways and others, could be leveraged as a single point of contact to reach across the private sector participants through its diverse membership.
“Recommendations 3 is that the Government should publicly release plans now for the future development of Gov.UK Verify, towards the creation of a framework of standards, which can be used by all players.” OIX is already part of a broad consultation group on the way government is improving the standards framework to allow more ways for more citizens to get a secure Digital ID. In parallel OIX is working on a paper to explore how this standards framework can be leveraged for the finance sector to create IDs that will be easily interoperable government, either without further ID proofing being required, or through a step up process that leverages the ID proof points obtained to date. .
“Recommendation 4 we further ask that the Government provide plans for the further opening up of Government data (e.g. DVLA; HMPO; lost, stolen and fraudulently obtained documents, through services such as the Document Checking Service.” OIX members are keen to leverage these data sources to provide improved identity proofing services to the private sector to allow more users to be simply verified online, thus removing barriers to taking up online services in the UK and creating economic growth. OIX could help government produce the economic benefit case for these services in the private sector.
“Recommendation 5: Enable examinations, membership and utilities bodies to issue attributes digitally to enable thin file consumers to build up a track record of their activities: e.g. their qualifications, memberships, employment and paying customer status.” A recent OIX project on the sharing of “events” that can be used in online proofing sets out a framework for how this could be achieved. OIX would be more than willing to work with government to help define how this framework could be applied to various UK public and private sector bodies.
“Recommendation 6: Recognise approved digital age and identity verification methods on an equal footing with paper based and face-to-face verification. Consistency is required in terms of online and offline.” The upcoming Anti-money Launder legislation (AMLD5) creates the ability for financial services to rely on an EIDAS notified ID scheme, such as GOV.UK Verify, as proof of ID for opening an account. OIX members are keen to see this adopted into UK regulation, and our white paper on standards interoperability across government and finance will make reference to this.
“Recommendation 7: the UK should set up a new lawful basis for processing biometric data for identity verification and authentication in order to support legislation such as the Digital Economy Act and recognise that biometrics are being used to increase security and combat fraud.” OIX is part of the review group for the new ID standards, which are embracing evolving biometric techniques. Many OIX members are at the forefront of biometric ID proofing and credentials.
“Recommendation 8: The Government should nominate a competent independent authority for digital identity.” The OIX membership collectively forms an “intellectual authority” on Digital Identity in the UK and could it evolve to meet this need.
“Recommendation 9: Plans should be put in place for government-led communications to raise public awareness of the importance of digital identity.” We have seen more blogs from GDS on the subject for Digital Identity in recent months, and OIX plans to add to this with a series of blogs that inform and move the Digital ID agenda in the UK forward.
In 2016, the European Identity & Cloud Award for the category Best Innovation in eGovernment / eCitizen went to UK Government Digital Services (GDS) for its GOV.UK Verify. The award reflected one of Machiavelli’s maxims, “There is nothing more difficult to take in hand, more perilous to conduct, or more uncertain in its success, than to take the lead in the introduction of a new order of things. Because the innovator has for enemies all those who have done well under the old conditions, and lukewarm defenders in those who may do well under the new.”
Chairman & President
Open Identity Exchange
***Please note that these are Don Thibeau’s personal views and do not represent those of the Open Identity Exchange Board of Directors.