The Government Digital Service (GDS) has said it will learn from mistakes made with its identity platform GOV.UK Verify, when building its new digital identity service.
The new single sign on (SSO) and digital identity assurance system – which has the working title of ‘One Login for Government’ – is scheduled to pilot with a small number of government services by next Spring.
Speaking at THINK Digital Identity for Government, Martyn Taylor, director, digital identity at GDS admitted that Verify has “not been able to achieve its ambitions” in several areas.
“Most of government’s existing digital identity solutions have been designed, developed and operated in departmental silos, with a focus only on meeting each department’s own needs,” he said. “For users, this is a confusing and frustrating picture of government is expensive and opens the door to fraud and error.”
Referring to Verify, Taylor said that “in some ways, it was a little ahead of its time and scope; it was too ambitious.
He said the rollout was executed “in a relatively heavy handed way across government that just didn’t really work. It didn’t provide the degree of flexibility needed for a lot of services so it’s quite a binary level of assurance. That sort of wholescale outsourcing to a third party to provide the identity verification is something we won’t be doing. It hasn’t worked as we wanted it to.”
Taylor said one key area that failed was in sustaining genuine cross government buy-in to GDS’ vision and rollout. This, he said, is where the new project is substantially different in approach.
“It is a genuine cross government initiative, which is led by and coordinated from within GDS. But it is a joint venture with departments, including HMRC, DWP, the Home Office, Transport and others who are involved at each level of the design and decision making process. With departmental colleagues becoming embedded with us and with a number of strands to be set jointly with departments, for example, with HMRC on third party agent access and DWP on increasing inclusivity.”
Taylor noted that the new programme has strong political support, and “the expectation has been set that there will in time, be just one single sign on for government, with people needing just a single key to access the services they need, providing their information, just once.”
“A single sign on system will be better able to detect and tackle suspicious behaviour across government, departmental boundaries. And this will reduce the risk of fraud. And this is of the utmost importance given the eight billion pounds of estimated cost of identity fraud to the UK economy,” he added.
Hand in hand with SSO, Taylor said that GDS is developing a more effective way for users to prove their identity online.
“We’re learning the lessons of Verify and other digital identity systems and government. We’re using the best bits, where appropriate, and capitalising on the work already done on Gov.UK accounts,” he said.
You might also like
“The ambition is to make adoption by government services as easy as it currently is for them to connect to some other GDS services such as GOV.UK Pay and GOV.UK Notify. Existing services will only be integrated, absorbed or turned off when the new system has been tested thoroughly, and everyone is happy that it works as it needs to.”
However, Taylor did defend Verify’s role during COVID-19. He said it “has provided millions of people with relatively easy access to multiple services. This is especially important since the start of the pandemic last year, with over two million new accounts created, in large part, as a result of the surge in Universal Credit applications. It has proven to be robust, secure and reliable.”
Last month the Cabinet Office announced it is to extend Verify for another two years.
Taylor also said it was important to meet the needs of people who don’t have a passport or driving licence and “increasing inclusion is very much at the heart of our new service.”
“We need to address the 20 percent of users who don’t have a driving licence, or a passport, and that increases to 30 percent for Universal Credit claimants, by bringing onboard more data sources and providing more and better access routes.”
One way he said GDS is addressing this is to digitise key life event data such as births, marriages and death records held by the general record records office – even though a huge number are still held on microfiche.
He also said the government acknowledges it needs the right legal, standards and ethics framework.
“We’re working with our colleagues and DCMS on the trust framework and exploring the legislative changes we might need to better enable the sharing of data across government,” he said. “But we’re also working with privacy and inclusion partners in civil society, to ensure we hear and respond to those critical and concerned voices.”
“Well-functioning digital identity service”
Asked whether he anticipated a “world-leading” digital identity system, Taylor said he “would be delighted if we had a really well-functioning digital identity service” that worked not just for people who are equipped to navigate a mobile app, or to do a near field communication scan of their passport.
“People who don’t have those canonical documents that we currently rely on in order to create identities, for them to be able to do it and get an identity in an easy way without having to take paperwork to a job centre, it might be that kind of a smooth path, something that really works. I’m not going to shoot the stars and massively miss them.”
Taylor also said that while the focus was on Central Government initially, there were plans to “go well beyond that” and to develop SSO services for other areas of the public sector.