Computer Weekly Editor's Blog

Jun 7 2019   3:36PM GMT

‘A breath of fresh air’ for Gov.uk Verify?

Bryan Glick Bryan Glick Profile: Bryan Glick

Tags:

Three months ago, the Government Digital Service (GDS) appointed the first ever director of digital identity, Lisa Barrett – tasked with taking on the troubled Gov.uk Verify programme.

Barrett arrived just as the National Audit Office found that “it is difficult to conclude that successive decisions to continue with Verify have been sufficiently justified”.

Barely two months later, MPs on the Public Accounts Committee branded Verify as “failing its users”, not delivering value for money, and added that its leaders have not accepted “proper accountability” for the programme and its difficulties.

Well, now it seems Barrett is going to be accountable. Good luck with that.

On 7 June, she made her first public appearance, at the Think Digital Identity in Government conference in London, to offer an update on what’s next. Clearly, in a short space of time, she has made an impact.

Other speakers described her as “a breath of fresh air”, and welcomed the way she has been reaching out to the many and varied stakeholders in the UK digital identity sector. In her talk, Barratt said that GDS needs to “tell a better story” around Verify, which is certainly true.

She laid out the priorities for Verify and digital identity policy, emphasising the importance of standards and collaboration between public and private sectors to accelerate the use of Verify and other compatible digital ID products. She identified the need for a “clearer set of rules” around digital identity to encourage more private sector investment. She said the user experience for Verify needs to be improved.

Heads nodded around the gathered digital identity experts. There was nothing to disagree with in her talk. The problem – which is nothing to do with Barrett – is that her predecessors could have (and possibly did) give exactly the same presentation at any time in the past five years.

There remain more questions than answers. But Barrett hinted that could change soon – in response to a query from Computer Weekly, she said there were “things that can’t yet be announced”. Which, given the earlier goal of telling a better story, did seem to frustrate her. It’s a shame she wasn’t able to use the occasion to make some of those announcements to a room full of people desperate to hear them.

As an example of the greater openness she wants to establish, Barrett also became the first person from GDS to publicly acknowledge that the government’s Infrastructure and Projects Authority (IPA) recommended in July 2018 that Verify be scrapped. When Computer Weekly revealed this fact, in September last year, GDS declined to comment and has not done so since.

Barrett explained that the reason for the IPA decision was down to doubts whether the existing identity providers (IDPs) involved in the programme would continue to support Verify. Subsequently, two of the seven IDPs decided not to, while five signed up to new contracts. That seems an important piece of information for wider stakeholders to know, and it’s a good example of how badly GDS has communicated about Verify in the past.

The heart of the challenge now facing Verify was clear when the event heard from Martin Edwards, managing director of identity services at the Post Office – one of the two largest Verify IDPs. He listed the four things he needed to see from government:

  • More PR and communication – “Be less embarrassed about Verify,” he said – to promote the brand and its purpose. Edwards called for more visible ministerial backing, adding that too many people have never heard of Verify or don’t know what it does, which is a hindrance for a project that once intended to reach 25 million users by 2020.
  • Align regulations for identity behind the Verify standards – for example, Edwards pointed out that much government regulation still specifies that people need to give a written signature, which is clearly incompatible with digital solutions.
  • Better access to data sources – one of the biggest reasons Verify has performed so badly is the limited datasets available to establish a citizen’s digital footprint, especially for those who don’t have passports, driving licences, credit cards or mortgages. The Post Office is involved in a trial at the London Borough of Tower Hamlets, which looks at ways to use local authority data to assure a digital identity.
  • More co-ordination and much faster user take-up across Whitehall – Edwards highlighted the fact that even some of the 19 online public services that do offer Verify, only do so as one option. The attraction for the IDPs involved with Verify was always to get at the millions of users of online tax services such as self-assessment, and Universal Credit. So far, only 4% of HM Revenue & Customs’ (HMRC) online users opt for Verify over the well-established Government Gateway; while the Department for Work and Pensions continues to push back the roll out of its controversial welfare reforms.

These are all reasonable concerns, and none of them are new. But the issue here is that one of the most important organisations involved in promoting Verify and digital identity in general, is still asking these questions barely nine months before GDS hands Verify over to the private sector.

There are rumours that GDS may announce that Whitehall departments will soon be able to bypass GDS and deal directly with the IDPs – potentially a forerunner to allowing departments to choose other IDPs beyond those directly involved with Verify. Such a move would benefit the IDPs, but would remain to be seen if that’s enough of an incentive for the likes of HMRC to put its full weight behind Verify.

Notably, Barrett at times played down the importance of Verify in favour of government’s role in establishing a wider digital identity ecosystem. At one point, she referred to Verify as just “one technology implementation of the standards”. That’s a technology implementation that will cost taxpayers at least £175m, mind you.

GDS wants to broaden the conversation beyond Verify and highlight the goal of stimulating a digital identity market in the UK. That’s always been a worthy objective – but one that cannot be divorced from the widespread criticisms of Verify, not to mention that £175m of spending.

Very few people would complain if GDS were to become more open with its communications around Verify, and if Barrett can deliver on that she will have achieved an early win. Meanwhile, lots of key players are waiting to see what those secret announcements are going to be.

Side notes:

A couple of points mentioned during the event may be of interest to those following the progress of digital identity:

  • The Post Office is looking at how it could use its branch network to help create Verify identities face-to-face, instead of purely online, for people with too limited a digital footprint for current digital-only methods.
  • There are six digital identity pilots going through the Financial Conduct Authority’s sandbox programme, designed to test new finance-related products for regulatory compliance. If approved, that potentially promises a big boost to the idea of using banking products, and open banking technologies, to enrol millions of people into digital identity schemes.

2  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Mikeduncombe
    Personally, I like Verify; I like the idea and I like the implementation. It, or something like it, is a necessity. £175m is a rounding error in the government accounts, and its something we cannot afford to be without if we are to fully benefit from digitisation of government and commercial services requiring secure authentication. Only government can lead on this issue, because it is unlikely that a digital id service is going to be profitable - after all its free in the physical world, so it should be free in the digital world or people won't use it.

    A digital identity service needs to be trusted by government and commerce, and preferably independent of both. I don't see why there shouldn't be more than one id provider, but obviously we don't want too many, unless some scheme of mutual trust can be established. And, very, very importantly, the needs of those without bank accounts, driving licences and passports (of which there are a surprisingly large number) need to be taken into account. A role here for local government, Credit Unions and other non-profit, trusted, organisations. 
    0 pointsBadges:
    report
  • Commenter101
    Here is what couldn't be announced: Cabinet Office to set up Digital Identity Unit https://bit.ly/2XGWahO
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: