Prime minister Boris Johnson and his controversial special advisor, Dominic Cummings, are “secretly” working on a plan to gather citizen data from across Whitehall to be used for targeting communications to people in the run-up to Brexit, according to a report from Buzzfeed News.
Computer Weekly sources have suggested that Cummings and Number 10 have taken a particular interest in how Gov.uk Verify – the government’s troubled digital identity scheme – could be used to facilitate such a move.
Rumour has it that the Government Digital Service (GDS), which develops Verify, has not been unenthusiastic about an idea that could help to establish Verify, even as its support dwindles elsewhere.
Could such a plan work? If so, how? And is it legal? Below is an entirely speculative theory, but could it potentially happen? If anyone reading has further insights that add to or contradict any of this, I’d be happy to hear from you.
Let’s put aside the legal issues for a moment, and examine the technical infrastructure.
So, you visit a Gov.uk page, and a cookie is dropped that can identify to GDS the device / browser you used, and also to the department that runs the service you accessed, such as tax accounts or Universal Credit.
That cookie doesn’t know who you are – only that this browser has been here before. GDS uses Google Analytics to understand how people are using the website – pretty standard practice for any website (ComputerWeekly.com does this too).
This can tell No.10 what pages, and therefore what topics, are being read the most. Cookies are also used by commercial websites to target online advertising to returning browsers / users. Gov.uk does not run ads, but in theory it would be possible to pop up an advert for a government service, or for the “Get ready for Brexit” promotional campaign already underway.
Then there’s Verify. For all its problems, Verify now has nearly five million registered accounts. The system was designed with privacy in mind – part of its core rationale was to avoid the creation of a central identity database. Verify was created partly in response to the scrapping of Labour’s ID Cards programme – it has, since then, been politically unacceptable to create a citizen identity database, whether by stealth or virtually.
When you create a Verify account, all the data you provide is retained by a third-party identity provider (IDP), and not by the government service you wish to access.
However, when you access that service, the IDP provides a unique identifier to the relevant Whitehall department – which cannot be used to derive any personal information. But it also sends across a set of basic attributes – name, address, date of birth as a minimum – solely for the purpose of matching the user to data already held by the department.
For example, if you’re checking your tax records, HM Revenue & Customs will use those attributes to make sure you are the correct John or Jane Doe for which it already holds a record, so you don’t end up looking at someone else’s financial details.
The Verify data policy states that “You must not use the user attributes for anything other than matching. If you do, you may be in violation of the General Data Protection Regulation.”
Note, “may” not “will”.
It’s therefore technically possible to match a Verify user with the Gov.uk cookies on their device – which means No.10 could derive who is reading which web pages, for up to five million citizens who use Verify.
Once more putting aside the legalities, it would be technically possible to further match the information on who you are and what you’re interested in, with social media data to allow targeting of adverts on Facebook, for example.
That’s still “only” five million people.
GDS has a stated objective to achieve 25 million Verify users by 2020 – a figure that’s been recognised as over-ambitious. There have been attempts in the past to mandate use of Verify for digital identity across government, but these have been resisted. Could a more aggressive approach from No.10 overcome that resistance?
There are rumours that GDS wants to overcome negativity towards Verify by instead mandating that any Whitehall identity schemes conform to a standard called GPG45, upon which Verify is based. Presumably, the hope is that most departments would find that the only GPG45-compliant system available to them in the short term happens to be Verify.
That’s not going to change much between now and 31st October when the UK is currently due to leave the EU, but the Buzzfeed report refers to “a digital identity accelerated implementation plan”, and the prime minister has told departments to “to engage in that work urgently”.
Could Brexit, Boris Johnson and Dominic Cummings yet save Verify?
There are, of course, legal restrictions over data sharing, even between government departments. GDPR is relevant, but more pertinent is the Digital Economy Act (DEA) of 2017, which governs the circumstances under which public bodies can share data.
There are valid reasons for inter-departmental data sharing, which are set out in the Code of Practice for public authorities disclosing information, which is part of the DEA.
“Public service delivery is changing, due to increasing acknowledgement that services are more efficient and effective when they are joined up. Joining up services requires the sharing of information,” says section 55 of the code.
“The Digital Economy Act 2017 creates a mechanism for establishing clear and robust legal gateways which will enable public authorities to share relevant information on the individuals and families they are working with in compliance with the data protection legislation. The primary purpose of this power is to support the well-being of individuals and households.”
A number of situations are included in the code, relating to areas such as fuel and water poverty, debt recovery and fraud.
But the Act sets out the principles and processes for establishing new areas where data sharing can be justified – these are tightly controlled and require approval from Parliament, publication of a privacy impact assessment, and must be listed on the public register of information sharing agreements. There are currently 38 records in the register, mostly involving local authorities seeking data to help reduce council tax debt.
In theory, therefore, there is a mechanism to establish legal data sharing of internet activity data between departments – but it’s onerous, time consuming, and needs scrutiny and approval.
“The public service delivery power gives you the ability to gain access to the data you need to respond more efficiently and effectively to current and emerging social and economic problems. The power allows ministers in the UK government to set objectives in regulations,” says the code of practice.
If you can make the argument that Brexit is an “emerging social and economic problem,” it may just be possible (although proroguing Parliament doesn’t help).
What other sources of data might exist?
Let’s say you were one of the six million people who signed the online petition to revoke Article 50 and remain in the EU, or one of the 1.7 million who similarly petitioned against Johnson proroguing Parliament.
The e-petitions system collects and retains for up to 12 months your name, email address, postcode, the country you live in, and the IP address you use when starting or signing a petition.
Presumably, if you petitioned to revoke Article 50, then government policy on Brexit will be “relevant” to you – and this time they have your email address too.
Of course, it’s not as simple as that. Online petitions are run by Parliament expressly to demonstrate that the data is not being collected by or for the government. This is governed by a cross-party committee that has in the past pushed back hard on any attempts to use the data for any other purpose.
Given the current state of UK politics, it must be unlikely the committee would accede to requests from the government to access that data for Brexit-related purposes.
But nonetheless, it’s technically feasible. The only question is how far any prime minister or their government is willing to push the boundaries of political convention and legality to get access to all that data.
The Government Digital Service (GDS) has published details of the planned pilot project for opening up passport data to companies that wish to offer digital identity services.
GDS recently held a briefing for organisations that wish to participate in the forthcoming private sector trial of the Document Checking Service (DCS) that was first developed to support Gov.uk Verify, the government’s troubled digital identity scheme.
The briefing was attended by a variety of identity providers, standards bodies and suppliers, along with private sector firms – including IAG, the parent company of British Airways, according to sources.
The details of the pilot have caused a degree of consternation among some of those present, although GDS has asked for feedback on its proposals, so the plans may yet be revised.
The stated objectives for the pilot are:
- To test the industry demand for checking information given by a user against government data sources;
- To understand the different ways that organisations could use digital passport checks;
- To test the technical design that would make these checks possible;
- To capture consumer interest and experience of these checks, and perception of this use of passport data;
- To understand if this is commercially viable, for the government and the organisations taking part.
The pilot is intended to operate as follows:
The service offered is for a simple yes/no digital check as to whether a passport is valid, through an API request. Participants are told that they “must only check passport data to prevent or detect crime” and must obtain explicit consent from users for their passport data to be processed in this way.
The passport data check can only be used as part of a wider service – participants are not allowed to develop a service solely for checking passport validity.
That lack of service flexibility will be a concern for some interested parties.
The pilot will begin in April 2020 – after the time when GDS hands over Gov.uk Verify to the dwindling number of identity providers (IDPs) still supporting the service – and will last for up to 12 months.
The trial will be limited to a maximum of six million passport data checks, and the number of simultaneous checks will be throttled, presumably to prevent overloading ageing IT systems at the Passport Office. Companies must submit applications to take part, and specify the minimum and maximum number of passport checks they will make during the pilot.
The six million checks threshold may be too limiting for some. In Australia, a country of about 25 million people, a similar passport checking service attracts over 80 million checks per year.
Participants must conform to a series of legal, technical, security, data protection, records management and personnel checks by GDS, accept audits and demonstrate compliance to GDS’s satisfaction.
Perhaps controversially, participants will have to pay £15,000 up front as a one-off fee for access to the DCS. Each passport check will cost 50p.
It’s worth remembering that GDS has been told by HM Treasury it cannot spend any further money on Verify after March 2020, so it seems that, effectively, the pilot will be funded by the companies that take part.
I’m told there are mixed feelings about the up-front cost – some think it will deter smaller companies or startups, others think it’s not unreasonable but it would be a problem if it became an annual fee for DCS access after the pilot.
One source described the pilot details as a “starter for 10” at best – not awful, but not great. Others feel the limits on volume and data use are too restrictive – hardly an example of opening up a digital identity market that would grow the UK’s digital economy.
There is also no guarantee that the pilot will be taken forward into a live service – which makes developing a business case difficult.
There are also grumblings about the fact that existing Verify IDPs that already have access to DCS for online public services, had their development costs funded by GDS – but everyone else has to stump up £15,000 just to be in the game.
The pilot will only offer passport data checks – and not driving licence checks which are available through DCS for Verify IDPs. DVLA is believed to have refused to take part in the pilot.
Perhaps the most telling observation though, is that the information pack about the pilot that is being sent to interested parties – a detailed 15-page document that outlines the requirements for taking part – does not mention Verify even once.
The Government Digital Service (GDS) insists that its plans for Gov.uk Verify “remain on track” despite the withdrawal of three of the five remaining identity providers (IDPs) supporting the increasingly troubled programme.
GDS faces its March 2020 deadline to hand over the government’s flagship digital identity scheme to the private sector with only two IDPs still involved – and they are in effect only one IDP and a reseller.
The Post Office, which operates on the Digidentity platform, brings much more to the game than simply fronting the Digidentity technology, with its ability to potentially offer a face-to-face element to identity verification through its national branch network and its trusted consumer brand.
But it’s the loss of Experian that will damage Verify the most, and bring a huge additional financial burden to a project that is expected to have already cost £175m by the end of next March.
Do not underestimate the significance of Experian’s withdrawal.
The company has been involved with Verify from the start, one of its strongest supporters. Its director of identity and fraud, Nick Mothershaw, is chair of OIX, the identity standards body that has been largely funded by GDS to establish Verify as an international standard. Experian is serious about digital identity – but is no longer serious about Verify.
We cannot find out why Experian – or the other departing IDPs, Barclays and Secure Identity – decided to ditch Verify, because all the IDPs are gagged by GDS from talking about their contractual arrangements.
But we can work out what losing Experian will cost. Bear with me, there’s maths involved.
According to the National Audit Office (NAO), GDS currently pays to the relevant IDP about £20 for every new Verify account that is set up. These charges were renegotiated as part of the new IDP contracts agreed in October 2018 that last until March 2020, in the hope of reducing sign-up costs by introducing better volume discounts.
The NAO said that for Verify to become cost-neutral by April 2020 – the stated government goal – the cost of verifying identities needs to fall by 95%, which suggests the target is £1 per new user. It’s clear from the NAO’s March report that Verify is nowhere near that.
According to a McKinsey report produced for GDS in October 2017, Experian was the biggest IDP at that time, with 44% of all users. Post Office had 42% and Digidentity 9%. The other IDPs – all of which have now withdrawn – had only about 5-6% between them.
If those percentages are similar today, Experian would be responsible for over 2.1 million of the 4.8 million people signed up to use Verify. The company will continue to service those existing users for 12 months after March 2020, but will not take on new registrations.
This means that 2.1 million Experian account holders will have to re-register with either Post Office or Digidentity to continue accessing online government services after March 2021.
And at £20 per user, that means 2.1 million additional £20 charges – more than £40m in total – that will have to be paid by taxpayers on top of what Verify has already cost.
That’s a nice windfall for the Post Office – not to mention Digidentity, which will get a cut from every Post Office account registration too and have an effective monopoly of Verify users.
There’s a whole other issue to discuss – that a Dutch company will exclusively own the database of all the UK’s online public service users – but I digress.
Even if volume discounts kick in somewhere along the way, Experian’s withdrawal from Verify will mean tens of millions in additional costs. Considering that HM Treasury has already put a block on further spending for Verify, will government be willing to pay that bill?
And who knows, perhaps the tens of millions the Post Office stands to make from taking on all those homeless Verify users might even help to pay its ballooning costs in the High Court case examining its controversial Horizon branch accounting system.
Meanwhile, here’s the official GDS line: “Digital identity remains a key priority for government and we are currently undertaking a call for evidence seeking views on how to support the development of digital identities fit for the UK’s growing digital economy. We are working to create a flourishing, private-sector led marketplace for digital identity and our plans to do so remain on track,” said a spokesperson.
Gov.uk Verify – the government’s flagship digital identity system – faces a critical few months ahead. Again.
As the clock ticks down towards the end of March 2020, when further public investment in Verify ceases and the system is taken on by the private sector, significant questions remain over the viability of Verify.
In particular, three major issues need to be addressed:
- Rules of access to government-held data by external identity providers (IDPs) for non-government transactions;
- The cost of IDP services, once the Government Digital Service (GDS) no longer subsidises the fees paid by the Whitehall departments that use Verify;
- The role of Verify in the mooted digital identity ecosystem that GDS needs to stimulate to justify the £175m invested in the troubled programme.
There was a combination of relief and exasperation last month when GDS and the Department for Digital, Culture, Media and Sport (DCMS) announced a consultation and call for evidence on the future of digital identity in the UK.
Relief, from the private sector companies frustrated by their exclusion from Verify, and which believe that Verify’s problems have hindered their market growth. Exasperation, from digital identity experts who understandably ask why has the consultation been left so late, and what has GDS been doing all this time that it now needs to issue such a back-to-basics request for input?
You can’t escape the fact that a programme that’s been running for six years, has waited until less than nine months before it’s handed to the private sector, before publicly asking for advice on the respective roles of the private and public sectors in creating a digital identity market. And even that has only come about mainly because of pressure from DCMS.
At the same time, the longstanding leader of the Verify team, Jess McEvoy, has shifted sideways to a new role. While the Cabinet Office says she remains involved with Verify, her previous job as programme director has been taken on by Lawrence Hopper, formerly head of policy and strategy. Lisa Barrett, director of digital identity since March, is now senior responsible owner (SRO) for the Verify programme.
Further pressure mounted this month when the Infrastructure & Projects Authority (IPA), the government’s major projects watchdog, raised Verify’s status from “amber” to “red” in its latest annual report. “Red” is defined as having problems that are “currently impossible to manage or solve”.
The IPA rating is based on an assessment conducted in September 2018, only two months after an IPA review recommended that Verify be scrapped.
At an event in June this year, Barrett revealed for the first time that the IPA’s concerns related to doubts in 2018 over whether the existing IDPs would continue to support Verify. Subsequently, two of the seven IDPs decided not to, while five signed up to new contracts that should lead to the companies taking over Verify in April next year – theoretically mitigating the problems the IPA identified.
But it’s that critical role of the IDPs, and their commitment to the programme, that remains one of the big issues to resolve.
Access to government data
The most valuable part of the Verify system, as far as the remaining IDPs are concerned, is the Document Checking Service (DCS), a tool that allows them to check a user’s passport or driving licence against data held by HM Passport Office (HMPO) and the Driver and Vehicle Licensing Agency (DVLA).
Passports and driving licences are the highest standard of identity verification available, and as such are essential to the IDPs’ involvement in Verify. Without the ability to check against that data, the difficulties of assuring an individual’s identity are significantly higher – and the business risk for the IDPs is greater.
Computer Weekly understands that when the DCS was created, HMPO and DVLA agreed to allow access to their data to support Verify for the delivery of government services only. According to insiders, neither organisation has given permission for its data to be used in private sector transactions.
Therefore, if Verify is to be used to support private sector services – which GDS wants to happen, and which the IDPs expect to be allowed to do – HMPO and DVLA need to give their approval.
To that end, GDS is to run a small-scale pilot where HMPO data will be used for existing Verify users, operating through an existing IDP, who wish to re-use their Verify identity to access a commercial service, such as applying for a credit card. This will be an important milestone for the use of Verify in the private sector.
The trial may, or may not, eventually include testing the use of passport data for creating a new Verify identity for a non-government service.
Amazingly, the Cabinet Office told Computer Weekly that the design of the pilot will not be finalised until after the call for evidence has concluded in September – meaning that even the limited wider trial of DCS will not start until barely six months before the March 2020 deadline.
It’s also notable that DVLA is not involved in the pilot. Our sources suggest that DVLA is so far refusing to allow its driving licence data to be used for non-government services at all – not even for a limited trial.
This has major potential implications for the IDPs. Only two of those IDPs really matter – the Post Office and Experian, which between them are responsible for over 80% of all the existing Verify users.
The attraction for IDPs of working with Verify comes from customers that signed up to public services – such as Universal Credit or tax self-assessment, the two highest-volume digital services – being able to re-use their Verify identities for commercial transactions.
If, however, passport and driving licence data cannot be used for commercial services, then the ability to re-use a Verify identity is limited. IDPs would not be able to use the trust levels embedded in HMPO and DVLA data to assure those individual users – which means the assurance levels are likely to fall below acceptable criteria for the commercial service, such as a bank or e-commerce firm.
In such a situation, IDPs would need to rebuild those assurance levels from other sources – which is costly, time-consuming, and likely to be a terrible user experience. For a big IDP like Post Office or Experian, this could even undermine their entire business case for using Verify.
Note that Post Office has a further challenge, in that it is acting as a reseller for another of the Verify IDPs, Digidentity, which means the Post Office is probably operating with thinner profit margins. The loss of DVLA or HMPO data would most likely have a greater financial impact on Post Office than any other IDP.
Rumour has it that IDPs have an option coming up in the next few months to give GDS notice they will no longer be involved with Verify after March 2020. If that’s true, then the issues around access to passport and driving licence details could come to a head very soon.
Cost of user verification
Much of the budget for Verify has been spent on subsidising the cost of registering and maintaining users – according to the National Audit Office (NAO), that’s accounted for 38% of costs, which equates to about £60m so far. GDS has, in effect, been paying much of the private sector IDPs’ development costs.
A fee is charged by an IDP for every user successfully registered – about £20, says NAO – and then a lower annual fee for every user that remains active. The charges were renegotiated as part of the new IDP contracts agreed in October 2018 that last until March 2020, to reduce sign-up costs and introduce incremental price reductions as user volumes increase. The NAO said that for Verify to become cost-neutral by April 2020 – the stated government goal – the cost of verifying identities needs to fall by 95%.
However, the Whitehall departments whose online services use Verify, currently pay significantly less than the IDPs are paid. GDS subsidises the fees to make Verify cost-effective for departments, such as HM Revenue & Customs (HMRC) and the Department for Work and Pensions (DWP). Sources suggest that departments pay only £1.20 for the initial sign-up, with GDS funding the remaining £18.80.
It’s also not clear how IDPs are now paid for subsequent use of a Verify account – specifically, whether they charge a cost per login for existing users. GDS won’t discuss sensitive commercial details, but if such charges are being made, this highlights another important concern.
Imagine you’re a major department relying on Verify – such as DWP, where Verify is used as part of its Universal Credit (UC) welfare system – and you no longer have GDS subsidising costs. Benefits claimants on UC are encouraged to manage their account entirely online – requiring potentially numerous logins per month. If DWP has to pay £20 per user up-front, then a further fee for every subsequent login, that quickly starts to become very expensive, especially when UC is rolled out to millions of people.
Verify is set to reach an important milestone soon – five million registered accounts. That’s a decent number – one which could have been seen as a success, were it not for how poorly GDS managed expectations for Verify in its early days and in the 2015 business case, and set a massively over-ambitious target of 25 million users by 2020, against which success has instead been measured.
It’s a chicken-and-egg conundrum for Verify – GDS needs to increase user volumes enormously to reduce IDP fees by 95% to make the system affordable for government after March 2020. But Universal Credit roll-out has been delayed, and as of the NAO report in March, only 4% of HMRC tax self-assessment users opted for Verify over HMRC’s longstanding Gateway login system.
In a recent blog, GDS touted the January 2019 tax deadline as “having the most Verify users during a self-assessment peak”. Let’s see what that means.
According to GDS figures, in the five weeks leading to the deadline, an average of 50,145 users signed up per week. In the five weeks after the deadline, the weekly average was 45,986 – just 4,159 less. That suggests only an additional 20,000 Verify users during the five-week self-assessment peak – an improvement over previous years for sure, but not exactly a figure to generate hyperbole about.
Since then, about 40,000-45,000 new users have signed up with Verify each week – surely not enough to increase volumes to a level that will cut IDP fees by 95% in the next six months. And especially not if DWP were to waver in its commitment to Verify – on which topic, read on…
Verify and the private sector
There has been a noticeable change of language from GDS recently. Where once we were told that Verify would become a national digital identity system across public and private sectors, now we hear that Verify is simply one implementation of the technical standards, known as GPG45, which will underpin the wider ecosystem.
That £175m programme cost seems even more money if its main outcome is agreement on an industry standard and little else.
Already, there are other digital identity schemes starting to emerge from the private sector that may make Verify redundant. The banks, in particular, are finally working together on identity standards in support of open banking and PSD2 regulations. Banks also have to consider rules around money laundering and “know your customer” (KYC).
When McKinsey was brought in to review the Verify programme in 2017, the consultancy concluded that one of Verify’s biggest failures was its lack of involvement from the big retail banks. McKinsey recommended that for Verify to be a success, it would need to be integrated into multiple banking services and attracting new users through those banks, by the end of 2019. Clearly, that hasn’t happened.
While GDS is engaged with the banks on their identity schemes, the aim is interoperability – for a digital identity created by a bank to be re-usable for government services, and vice versa. It’s not about using Verify as part of the banks’ ID schemes.
So that would leave Verify as the technical implementation of GPG45 used within UK central government. But how long would even that last?
We already know that only a single-digit percentage of HMRC users prefer Verify to Gateway. So what about DWP, and the potentially millions of Universal Credit users?
DWP recently announced a procurement exercise intended to “to reduce its reliance on current identity solutions”. For Universal Credit, users first establish a UC login, and then their identity is assured using Verify – with users subsequently encouraged to use the UC login once they are registered on the system.
According to sources with knowledge of the new procurement, DWP wants to further abstract UC login from the underlying ID assurance system used to prove the identity of benefit claimants – currently Verify. This could allow DWP to quickly plug-in alternative digital ID schemes, to eliminate its dependence on Verify. Existing Verify IDPs and other commercial ID providers could then offer their services in support of Universal Credit.
DWP is also understood to have another issue caused by Verify. When the new IDP contracts were set up last year, and two of the previous IDPs dropped out, that disconnected approximately 380,000 Verify users from the IDP through which they signed up.
Verify uses what’s called a “double-blind” approach to protect users’ privacy. This means that an IDP does not know which government service a user wants to access, and the government department doesn’t know which IDP the user has registered with.
Users who originally registered with the two IDPs that dropped out of Verify will be supported by those IDPs for 12 months – after which they will need to re-register with another IDP. Most likely, those users have no awareness of this fact.
For DWP, this potentially means tens of thousands of benefit claimants who may suddenly find their Verify account no longer works. And because of the double-blind privacy, DWP has no way of finding out who are the affected users, nor even how many of them there are.
Imagine what might happen, if large numbers of those disconnected users can no longer access their UC account, even temporarily, and the strict rules around UC mean their benefit payments get sanctioned or suspended?
If other IDPs pull out, especially those with even more registered users, that becomes a massive issue for Universal Credit. Could anyone blame DWP for wanting to mitigate against such an outcome, with all the negative publicity it would bring?
And without those Universal Credit users, what would be left for Verify?
It’s traditional upon the coronation of a new Prime Minister to write a list of all the things they need to address in the tech and digital sectors. It would be a long list – digital skills, IT education, broadband, 5G, the impact of artificial intelligence, tech startups, e-commerce, regulation, privacy, data protection, digital identity, fake news, social media, and so on. Please, feel free to add your own.
For all her many faults and failures, former PM Theresa May did oversee perhaps the most tech-friendly government there’s been. For all his many faults – let’s see about failures – Boris Johnson is unlikely to diminish his administration’s support and promotion of the digital economy.
Behind his campaign promise to “insert high-speed broadband into every orifice of every home”, there lies the reality and appreciation that the only future for the UK economy is one built on a thriving tech sector and a digitally enabled citizenry. The intent is there – the question marks will continue over delivery, but that would be the same whoever was in charge.
Inevitably, the single most important issue for everyone in technology – as it is for everyone else – is Brexit. The threats to our digital economy from a no-deal Brexit are real – if data flows dry up, it would devastate any UK business that operates overseas. If our ability to sell digital services to the EU is constrained, our digital skills base could be shattered.
But we all know Brexit is the number one for priority for PM Johnson – even if we don’t yet know what that will mean in practice. The only certainty these days is uncertainty.
So what’s the message the tech sector and IT professionals should be sending to Johnson, should he wish to listen?
The next decade will bring greater social, cultural and business changes as a result of the digital revolution, than we have seen even in the last 10 years. All the short-term policies we need are obvious – see the list above – and even the most technophobic minister will understand that.
But with Brexit and the potential for another general election looming, who’s going to think about the long term? Who is going to reshape the education system for a world where children can find out the date of the Battle of Hastings online quicker than a teacher can write it on a whiteboard? Who is going to find the next generation of digitally literate teachers to prepare those kids for a rapidly changing world?
What about transforming the wider skills base to be ready for the wave of automation that will remove thousands of white-collar jobs? Who’s going to ensure that the vast data collection from internet of things devices is harnessed for our greater good and not simply to boost profits?
Who is going to devise a regulatory system that anticipates, not reacts too late, to new technologies and their implications? When our everyday activities are being governed and influenced by a real-time data economy that can work beyond the confines of nation states, who’s going to make sure the average citizen’s needs are looked after?
Here too, you can add your own.
We’re on the cusp of a radical change in the way we live and work. And we need a government that’s preparing for that. We need a prime minister with his or her head up, looking ahead and able to deliver a vision of a digital society that works for everyone.
Our question to the new PM should be: is that you, Mr Johnson?
The latest select committee report by MPs into the progress of digital government in the UK has resurrected a question that has reared its head on several occasions in the past – do we need a unique single identifier for every citizen, to be associated with our online presence?
This debate was most recently quashed in 2010 with the advent of the coalition government that quickly scrapped the outgoing Labour administration’s ID cards scheme and its associated central database. It was widely accepted that the concept of a physical card to prove who we are was a step too far in terms of individual liberty and personal rights.
That political decision led directly to the creation of Gov.uk Verify, the troubled digital identity scheme that has gone out of its way to avoid having a single identifier, instead working on a federated model.
While most experts agree that federated identity is the ideal solution, it’s hard to deliver on a national scale – as Verify has proved.
A single identifier has many benefits, say supporters – it makes identity verification easier, and it could allow citizens to quickly associate all the data government holds on them, to check it is correct and even enable some form of personal control over that data.
Critics, however, point out that a unique identifier could just as easily be used by government to connect personal data together in negative ways – for example, look at how the Home Office used health records to identify immigrants as part of its controversial hostile environment policy.
This is to some degree a peculiarly British debate. Most European countries have a single identifier for citizens – often in the form of a physical card – and the success of digital identity schemes in the Nordic countries is at least in part down to the existence of a unique identifier. The Science and Technology Committee report cited Estonia as a successful digital identity scheme, based also on a unique identifier.
It’s true to say that Scandinavians tend to trust their governments more than we do in the UK – which not an insignificant difference in this debate. And Estonia, as a former Soviet country, has very different cultural attitudes to the issue.
But it’s also relevant to point out that we already have a unique identifier in the UK – two in fact – in your national insurance (NI) number and NHS number.
The NI number, however, is not considered secure enough to use – it’s too easy for people to have multiple NI numbers, and there are more NI numbers in existence than there are people in the UK, partly thanks to historic IT system problems in the past.
The National Health Service in England is using the NHS number as part of the digital ID system it is developing for patients. It’s fair to say the NHS is a lot more trusted by citizens than the wider public sector.
Of course, the reason why MPs on the Science and Technology Committee suggested opening up this topic for discussion is because of the failure of Verify, and the way it has impeded the development of a wider commercial market for federated digital identity systems in the UK. If Verify worked, we wouldn’t be having this debate all over again.
While it’s generally agreed that a single unique identifier is not the right way forward in the long term for digital identity, we nonetheless find ourselves in a position where it is right to have this debate again. Let’s hope it’s for the final time.
Three months ago, the Government Digital Service (GDS) appointed the first ever director of digital identity, Lisa Barrett – tasked with taking on the troubled Gov.uk Verify programme.
Barrett arrived just as the National Audit Office found that “it is difficult to conclude that successive decisions to continue with Verify have been sufficiently justified”.
Barely two months later, MPs on the Public Accounts Committee branded Verify as “failing its users”, not delivering value for money, and added that its leaders have not accepted “proper accountability” for the programme and its difficulties.
Well, now it seems Barrett is going to be accountable. Good luck with that.
On 7 June, she made her first public appearance, at the Think Digital Identity in Government conference in London, to offer an update on what’s next. Clearly, in a short space of time, she has made an impact.
Other speakers described her as “a breath of fresh air”, and welcomed the way she has been reaching out to the many and varied stakeholders in the UK digital identity sector. In her talk, Barratt said that GDS needs to “tell a better story” around Verify, which is certainly true.
She laid out the priorities for Verify and digital identity policy, emphasising the importance of standards and collaboration between public and private sectors to accelerate the use of Verify and other compatible digital ID products. She identified the need for a “clearer set of rules” around digital identity to encourage more private sector investment. She said the user experience for Verify needs to be improved.
Heads nodded around the gathered digital identity experts. There was nothing to disagree with in her talk. The problem – which is nothing to do with Barrett – is that her predecessors could have (and possibly did) give exactly the same presentation at any time in the past five years.
There remain more questions than answers. But Barrett hinted that could change soon – in response to a query from Computer Weekly, she said there were “things that can’t yet be announced”. Which, given the earlier goal of telling a better story, did seem to frustrate her. It’s a shame she wasn’t able to use the occasion to make some of those announcements to a room full of people desperate to hear them.
As an example of the greater openness she wants to establish, Barrett also became the first person from GDS to publicly acknowledge that the government’s Infrastructure and Projects Authority (IPA) recommended in July 2018 that Verify be scrapped. When Computer Weekly revealed this fact, in September last year, GDS declined to comment and has not done so since.
Barrett explained that the reason for the IPA decision was down to doubts whether the existing identity providers (IDPs) involved in the programme would continue to support Verify. Subsequently, two of the seven IDPs decided not to, while five signed up to new contracts. That seems an important piece of information for wider stakeholders to know, and it’s a good example of how badly GDS has communicated about Verify in the past.
The heart of the challenge now facing Verify was clear when the event heard from Martin Edwards, managing director of identity services at the Post Office – one of the two largest Verify IDPs. He listed the four things he needed to see from government:
- More PR and communication – “Be less embarrassed about Verify,” he said – to promote the brand and its purpose. Edwards called for more visible ministerial backing, adding that too many people have never heard of Verify or don’t know what it does, which is a hindrance for a project that once intended to reach 25 million users by 2020.
- Align regulations for identity behind the Verify standards – for example, Edwards pointed out that much government regulation still specifies that people need to give a written signature, which is clearly incompatible with digital solutions.
- Better access to data sources – one of the biggest reasons Verify has performed so badly is the limited datasets available to establish a citizen’s digital footprint, especially for those who don’t have passports, driving licences, credit cards or mortgages. The Post Office is involved in a trial at the London Borough of Tower Hamlets, which looks at ways to use local authority data to assure a digital identity.
- More co-ordination and much faster user take-up across Whitehall – Edwards highlighted the fact that even some of the 19 online public services that do offer Verify, only do so as one option. The attraction for the IDPs involved with Verify was always to get at the millions of users of online tax services such as self-assessment, and Universal Credit. So far, only 4% of HM Revenue & Customs’ (HMRC) online users opt for Verify over the well-established Government Gateway; while the Department for Work and Pensions continues to push back the roll out of its controversial welfare reforms.
These are all reasonable concerns, and none of them are new. But the issue here is that one of the most important organisations involved in promoting Verify and digital identity in general, is still asking these questions barely nine months before GDS hands Verify over to the private sector.
There are rumours that GDS may announce that Whitehall departments will soon be able to bypass GDS and deal directly with the IDPs – potentially a forerunner to allowing departments to choose other IDPs beyond those directly involved with Verify. Such a move would benefit the IDPs, but would remain to be seen if that’s enough of an incentive for the likes of HMRC to put its full weight behind Verify.
Notably, Barrett at times played down the importance of Verify in favour of government’s role in establishing a wider digital identity ecosystem. At one point, she referred to Verify as just “one technology implementation of the standards”. That’s a technology implementation that will cost taxpayers at least £175m, mind you.
GDS wants to broaden the conversation beyond Verify and highlight the goal of stimulating a digital identity market in the UK. That’s always been a worthy objective – but one that cannot be divorced from the widespread criticisms of Verify, not to mention that £175m of spending.
Very few people would complain if GDS were to become more open with its communications around Verify, and if Barrett can deliver on that she will have achieved an early win. Meanwhile, lots of key players are waiting to see what those secret announcements are going to be.
A couple of points mentioned during the event may be of interest to those following the progress of digital identity:
- The Post Office is looking at how it could use its branch network to help create Verify identities face-to-face, instead of purely online, for people with too limited a digital footprint for current digital-only methods.
- There are six digital identity pilots going through the Financial Conduct Authority’s sandbox programme, designed to test new finance-related products for regulatory compliance. If approved, that potentially promises a big boost to the idea of using banking products, and open banking technologies, to enrol millions of people into digital identity schemes.
Gov.uk Verify is the Theresa May of digital government.
The embattled Prime Minister faces calls to quit from all around – her own Conservative MPs, grassroots Tory activists, the right-wing press and more. Yet she refuses to go until she delivers Brexit, oblivious to the criticism, convinced of the validity of her actions, blinkered by determination to prove to everyone she is right.
The embattled digital identity programme has been similarly slammed from every angle.
The Infrastructure and Projects Authority – the government’s own major projects watchdog – recommended Verify should be scrapped.
The National Audit Office (NAO) – the official financial watchdog of Whitehall spending – said “it is difficult to conclude that successive decisions to continue with Verify have been sufficiently justified” and “the performance of Verify has consistently been below the standards set out in each of its business cases”.
And now MPs on the Public Accounts Committee – the parliamentary body that provides oversight to government spending – has added its view that Verify “is failing its users”. It goes on: “Key government departments do not want to use the system and members of the public are facing problems signing up.” And the MPs didn’t stop there, adding that the project has been “characterised by poor decision-making by the Cabinet Office and GDS” that was “compounded by their failure to take proper accountability”.
But, like Theresa May, GDS is unperturbed. In a statement to the press following the PAC report, the Cabinet Office and GDS said: “Verify has saved taxpayers more than £300m and is a world-leading example of how to enable people to use services securely online. The PAC report reflects that this has been a challenging project – but challenges like these are to be expected when the government is working at the forefront of new technology. Verify is now at a point where it can be taken forward by the private sector, so people will be able to safely and securely access both private and public online services.”
Like a statement by May on her next set of deadlines for Brexit, even this cannot be taken at face value.
“Verify has saved taxpayers more than £300m”?
According to the NAO, “On the evidence made available to us, we have not been able to replicate or validate the benefits estimated by GDS.”
“Challenges like these are to be expected when the government is working at the forefront of new technology”?
According to the PAC, “Verify clearly demonstrates many of the failings we see all too often on large government projects: expectations were over-optimistic from the start, key targets have been badly missed and results simply not delivered.”
“Verify is now at a point where it can be taken forward by the private sector”?
According to the PAC, “The Cabinet Office and GDS have no meaningful plan for what will happen to Verify post-2020,” when the system is handed over to the private sector.
As with May, only two outcomes are possible from here. Perhaps GDS will be proved right, and Verify will become a triumphant example of public sector innovation stimulating a valuable new market for digital identity. Perhaps the Prime Minister will get her Brexit Withdrawal Agreement through Parliament too.
Or perhaps every expert body that has assessed the situation will be proved right instead. Perhaps the phrase, “When you’re in a hole, stop digging,” might be proved accurate once more.
The sacking of defence minister Gavin Williamson is another indication of how technology is influencing politics, and vice versa. While his crime was to leak details from a national security meeting, the fact the discussions were about Huawei technology is significant.
The fears over Huawei’s links to the Chinese government’s intelligence and security services are political, not technological. The networking supplier has been part of the UK’s telecoms infrastructure since 2005, when BT awarded a contract to supply equipment for its 21CN project – a major initiative to overhaul BT’s core transmission network and move from old Public Switched Telephone Network (PSTN) technology to internet protocol on a digital infrastructure.
The decision to choose Huawei had political implications even then – BT dumped the ailing British supplier Marconi in favour of the Chinese firm, which effectively led to the demise of one of the oldest and most famous names in UK technology.
Acknowledging concerns over Huawei’s position, the UK government subsequently made unprecedented stipulations to maintain oversight of Huawei’s products. The company had to set up the Huawei Cyber Security Evaluation Centre (HCSEC) in 2010, which is now overseen by a board chaired by Ciaran Martin, the GCHQ lead for cyber security and chief executive of the National Cyber Security Centre (NCSC).
Huawei has to open up its products, specifications, source code and even allow assessment of the capabilities of its technical staff. No other tech supplier undergoes such intense scrutiny – a reflection of the significant role its products play in the UK’s critical national infrastructure.
Any problems uncovered by the HCSEC oversight board are publicly declared – as they were earlier this year, via a report to the UK National Security Advisor regarding concerns about technical deficiencies in Huawei’s software engineering processes which “exposed new risks in UK telecoms networks”.
The NCSC remains publicly comfortable with Huawei’s current position in UK telecoms. The concerns from the UK’s security partners in the Five Eyes network, especially the US, are political – a distrust of the Chinese government and disbelief that Huawei would not accede to demands from the state to use its equipment for spying or to disrupt UK infrastructure.
Of course, China is not the only country that makes such stipulations of its technology companies. The US has very similar laws, and the Snowden revelations showed that big US tech firms have been forced to place backdoors in their products. Imagine the furore if China banned, say, Cisco because of alleged closeness to the US security services.
Huawei is not the first and will not be the last example of the growing intersection between politics and technology. But on this sort of trajectory, there is only one inevitable outcome – that the tech sector splits between products and suppliers that the US approves of, and those which China and perhaps Russia approve of. Such a split would make things easier for politicians, but would polarise the tech industry in ways that surely nobody wants to see.
The digital transformation of government and public service delivery is well under way and is by now – hopefully – unstoppable. It’s taken longer to get here than it should have, and it will take longer to fully embed the new public sector practices and technology than it needs to, but it should get there.
This leads us inevitably to the area of public life that remains almost entirely untouched by the 21st century – when will we see the digital transformation of politics?
There’s an appetite for it – six million people signing an online petition, regardless of what it’s for, is a sign that large parts of the citizenry want to have new and better ways to engage with their elected representatives. The dismissal of that petition by the government shows the disdain with which such digital engagement is held by politicians.
I’ve written before how Brexit can be seen as a symptom of the societal changes being brought about by the digital revolution. We’re entering a period of backlash against the way technology is breaking down hierarchies and replacing them with a networked society – a shift that represents a huge threat to individuals and organisations whose power is derived from their position at the peak of those old 20th century hierarchies.
Have we now reached the pinch point, where politics itself is reacting to this change and will inevitably do whatever it can to resist?
In the UK, we hear the phrase “will of the people” increasingly bandied around to suit ideological needs. It’s a phrase born of hierarchies – by politicians who reluctantly allow citizens to engage with them once every five years in a general election, knowing in all but the minority of swing seats that the outcome is pretty much guaranteed in the incumbent’s favour.
How threatened would those politicians and the parties supported by our 19th century first-past-the-post voting system feel, by the idea that the will of the people can be expressed in real time, thanks to technology? That the will of the people can be measured and monitored at a granular level on the issues that mean the most to voters? How different, for example, would climate change policy be if there were a reliable way to ascertain the will of the people, other than marches, rallies, protests and petitions?
This is a challenge for the European Union too. Seen as remote, bureaucrat and unaccountable, would the EU be able to change perceptions across the continent if it pioneered new digital concepts for outreach and engagement that allow people to overcome the sense that Europe is undemocratic and over-reaching?
It will happen – society will change, and will force politics to change. But it’s going to take a generation at least, for the will of the people to force it through – unless there’s an enterprising, digitally savvy group of politicians willing and able to start a process that could see the old, tired orthodoxies that underpin so much of the Brexit debate swept away.