On 14 March 2021, we will mark the tenth anniversary of the official approval for the development of a single government-wide digital identity system. Save the date in your diaries.
Intended to replace the ageing Government Gateway, implemented back in 2000, the new system – which would eventually become known as Gov.uk Verify – was intended to be the standard way into online public services for all citizens, businesses and their authorised representatives.
It’s bound to be quite a party next March, because they can invite developers from – at last count – nine different digital identity systems now being set up across the public sector.
To make it a real celebration, there’s a new programme in place to add yet another digital identity system to go along with Verify, the Identity and Attributes Exchange (IAX – Verify’s successor), NHS Login, the Home Office’s EU Settled Status scheme, DWP’s Confirm Your Identity, the Scottish government’s Digital Identity Scotland scheme, the second iteration of the Government Gateway, and an identity verification system rumoured to be underway at HM Revenue & Customs (HMRC).
(If they’re really generous they could invite some of the private sector digital identity initiatives being discussed under open banking rules, too.)
Say hello to the Department for Business, Energy and Industrial Strategy (BEIS), which wants to join the party with its Digital Business Identity programme.
In May, BEIS completed the first phase of this initiative, intended to create a single online profile for businesses to use in all their dealings with the government.
You know, a bit like the Government Gateway profile that businesses use in all their dealings with HMRC.
It’s not the same as the business profile that was planned as part of the initial justification for Verify, because the Government Digital Service (GDS) eventually decided in 2014 they wouldn’t include businesses in Verify. Perhaps the email took a while to reach BEIS.
Computer Weekly was told that the new BEIS system will improve companies’ access to government business support measures (typically run by HMRC, which owns the Government Gateway), such as small business grant funds and R&D Tax Credits, and make it easier for smaller businesses to bid for government contracts.
The Digital Business Identity could apparently also be used in the private sector – a phrase that will again sound familiar to long-term Verify watchers – by providing firms with control and ownership of their personal data, significantly reducing the need to hold data in government systems and limit the amount of data needed to complete transactions, according to a background briefing given to Computer Weekly.
And it’s important not to forget, the BEIS system will help to reduce the potential for fraud and errors across the public sector – a phrase that could have been taken straight out of the business case for Verify.
Consultants from KPMG worked with BEIS on the first phase of the project, with additional support from Layer 7 IT Security. KPMG got as far as creating a prototype, details of which can be found on Github.
BEIS says it has not yet decided whether to continue the programme into a second stage, and is discussing policy around digital business identities with GDS (which owns Verify) and the Department for Digital, Culture, Media and Sport (DCMS), which owns overall policy on digital identity.
Jerry Fishenden, a long-time technology advisor to government and formerly chair of the Privacy and Consumer Advisory Group – set up by then Cabinet Office minister Francis Maude to provide outside expertise to the 2011 digital identity plan – has written an extensive history of digital identity approaches in UK government, dating back to 1997.
He diligently records the multiple attempts to create a federated identity system for one of the few European countries that doggedly avoids having national identity cards or any form of standard personal identifier, which is a key factor in all the European nations that have successful government digital identity systems.
Fishenden quotes from government policy documents, such as:
In 2000: “[The policy] looks to the establishment of a range of authentication services by central and local government and the private sector, and for public sector bodies to use these.”
In 2011: “Our intention is to create a market of accredited identity assurance services delivered by a range of private sector and mutualised suppliers.”
In 2018: “The government expects that commercial organisations will create and reuse digital identities, and accelerate the creation of an interoperable digital identity market.”
There’s good Zoom pub quiz potential for digital identity geeks from mixing up all those policies and seeing if anyone can match them to the year, given they all say pretty much exactly the same thing.
But back to the latest addition to the UK government’s extensive canon of digital identity programmes. The question is, will the second phase of the BEIS initiative go ahead?
Well, we’ll see – but you wouldn’t want to miss a good party, would you?