Government cries for help over floundering ID scheme

The government is failing to get enough help from the private sector to make its next generation identity scheme work at full speed.

It has tried to gathering details of about people’s use of social media to make up a deficit of data its needs to operate its next generation identity scheme. And it has been talking with mobile phone companies about taking part in its ID scheme as well.

David Rennie, head of industry engagement for Verify, the private sector ID scheme the Cabinet Office is building to replace last decade’s dreaded, “big brother” public sector ID Card, said it had launched a public consultation to find out where it was going wrong.

“The biggest challenge – and the one that surprised us – is we have difficulty verifying identities to a high standard – all the way across the spectrum,” Rennie told a conference last week.

“That’s because we haven’t got a data ecosystem where we can actually get to trustworthy sources of data,” he said.

Verify was designed to rely on the private sector to prove who people where. Its operation would depend on companies putting little bits of evidence of people’s daily activities – such as bills paid, transactions completed – into a sort of personal data market. Verify would throw a net into this sea of data and pull out a life history so detailed it would be tough for a forger to make it up. But private companies have not been prepared to give the data up.

“That’s our biggest challenge,” Rennie told private sector IT specialists at the Identity Summit conference in London.

“How do you explain that they need to make that data available to their users, to verify an identity that will allow them to use that identity to go to a competitor?

“We have found it’s actually difficult getting trustworthy data that meets the high government standard.

“So we’ve done projects looking at social network data, for example. Could that be used as part of the evidence?” he said.

Cabinet Office had meanwhile been relying on the Home Office passport database to verify basic credentials such as people’s date of birth and passport number. But Government Digital Service, part of the Cabinet Office developing Verify, said last month it would on its launch in 2016 only be able to meet a standard of proof called Level 2: less than necessary to guarantee someone’s identity beyond reasonable doubt. It was expected to be useful only for low security transactions. It has been providing ID services at that level to 300,000 people already under a pre-launch beta-phase prototype system.

Rennie said GDS had been working with mobile phone operators and banks to get its data ecosystem set up. It reckoned that mobile data, banking data and social media data would between them cover the three areas where it expected to find what it needed to prove someone’s identity.

“We talk to the banks a lot. And there are some very rich data sources there. So we are working with the mobile network operators to understand how mobile plays into identity. It’s a very interesting proposition when you start juxtaposing government data, banking data and mobile data, with the user’s consent and control. So there’s some very interesting possibilities,” he said.

But the Cabinet Office still wasn’t making enough progress: “So we need to engage with the private sector around where their pain points are, and where the government should be working with the private sector to address their pain points. So to that end we are doing a consultation, so we have a comprehensive understanding of how government and private sector should work together to address this problem.”

Cabinet Office had always expected Verify would have difficulty establishing the identities of people “at the perimeter”, or the fringes of society, because corporate records of the “financially excluded” would be scant. But it was having as much trouble getting hold of data for everyone else as well.

“It is the intention that we should get the private sector to engage in this and realise the benefits of making their data available for users. So the more data points you can go to the better.

“No two users are going to have the same profile of data points. 80 per cent of people have passports. A very high percentage of adults have mobile phones, so that’s why we’ve been particularly interested in getting to that data source, and have been speaking to mobile operators,” Rennie told the conference.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Seriously? The UK Government wants to ID&V citizens through knowledge-based authentication. All its commercial ID providers ultimately rely on Experian or other bureaux and some citizens don't have enough of a footprint there. And the Government is saying that it doesn't know where to turn to find other sources of data about its citizens. I would gently suggest that the Government itself just might possibly have some data sources it could leverage.

Cancel
@slabman: Sure the Government has some data sources, even some authoritative ones, but I can understand how it was considered too hard to integrate and expose those data sources. I think the two issues here are the business model and culture. There is a long-game argument about ecosystem development that the private sector might buy into, if they could be incented to start with. Because om the face of it, why would business care? I think GDS did offer some incentives to 'prime the pump' as it were, which is why you have the providers that are there today. But some banks hold a cultural position that customers who use its services (logon for electronic banking etc) should be doing it just for their services. Of course other banks don't - BankID in its various guises in Europe, SecureKey Concierge in Canada, and those banks that have signed up to MiiCard are examples. But not all banks agree on this approach. If it was me, I would approach it slightly differently, and 'open' the technology platform with stubs and APIs, so pretty much anyone can easily integrate whatever parts they want, to do their business - and have the Trust Framework operate around the players' use of the platform. I think the barrier would be lowered that way, with correspondingly more velocity. Cheers

Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close