The subtle clues that show UK government is taking digital identity seriously at last (cough...)
The UK government has finally unveiled its response to the digital identity consultation that concluded a year ago this month, and along with that announced a new Digital Identity Strategy Board to drive policy going forward.
For these things, we should be grateful, in the way you would be grateful for an apple if all you had eaten for a year were oranges.
What does government tend to do when it knows it needs to be seen to be doing something?
Well, it sets up some new body or organisation to oversee what needs to be done. We know that, because last year Whitehall set up the Digital Identity Unit (DIU) to drive forward policy and action in this important area.
And we know this was a good move, because after a year of people wondering what on earth the DIU was doing, the government has – yes, you’ve guessed it – set up a new body to oversee what needs to be done.
This time, it’s called the Digital Identity Strategy Board, which sounds a lot more posh and official and powerful.
The DIU was not a pointless exercise though. Oh no! It still “exists informally as a collaboration” between the Cabinet Office, responsible for digital identity within government, and the Department for Digital, Culture, Media and Sport (DCMS), responsible for policy everywhere else.
Given the in-fighting between those departments reported by insiders, that quote is stretching the word “collaboration” and quite possibly also the word “exists” as far as they will go. The use of “informally” is taken to mean “whenever they bump into each other in the corridor,” of course.
We know, however, that the new board is a serious proposition because it comes with a set of six principles “to strengthen digital identity delivery and policy in the UK”.
Principles are important. We know that because in 2014, the government set up a new body, called the Privacy and Consumer Advisory Group (PCAG), which established a set of principles to govern the use of digital identity in the UK. Strangely, the PCAG principles are not at all dissimilar to the new ones. Who’d have thought, eh?
So, what will this important new Digital Identity Strategy Board do? Well, it will consult.
Yes, after waiting a year for the results of a consultation on digital identity, the next action is to… consult.
Specifically, the board will consult on “developing legislation for consumer protection relating to digital identity” as well as “appropriate privacy and technical standards”, which is good, because nobody has talked about privacy and technical standards for digital identity before. (For the reader new to this topic: They have. Lots.)
The government also “plans to update existing laws on identity checking to enable digital identity to be used as widely as possible.” No word yet on which laws need to be updated. Perhaps there’ll be a consultation.
The official response to the call for evidence is especially interesting to long-term watchers of digital identity in the UK. The document summarises the 148 responses received, and as such acts as an excellent overview of all the things the private sector has been saying the government has been getting wrong on digital identity for the last five years or more.
If only they had told the government all those things before! If so, you can be sure the Gov.uk Verify team would have taken any such criticism on board. (New readers to this topic – you probably get the idea).
The response does, however, probably, finally, give as much of an official signal that Verify is dead as we’re likely to get. It acknowledges that, “Looking beyond Gov.uk Verify, departments have committed to using standards-based digital identity”. Which is a nice way of saying, departments are all doing their own thing now anyway.
Unless there are secretly some departments determined to use non-standards-based digital identity of course. (New readers? I’ll shut up).
The composition of the Digital Identity Strategy Board is further evidence of the irrelevance of Verify to the future – in addition to the regulars from DCMS and Cabinet Office, it adds every other department that is already developing its own digital ID system, namely the Home Office, the Department for Work and Pensions, HM Revenue and Customs, the Department for Health and Social Care, the Department for Transport, Business, Energy and Industrial Strategy, along with HM Treasury, which has to approve funding for all this and has for some time considered Verify a waste of money.
The government describes the response to the call for evidence as “just the beginning of an ongoing, and open, dialogue”. Nearly 10 years after then Cabinet Office minister Francis Maude first announced plans for digital identity, it’s good to see the government is beginning a dialogue about it. Strong move.
It is clear from the response also – even if it is coded rather than explicit – that after years of industry criticism, the government is basically saying to the private sector: go on then, you do better.
If the private sector were to write its six principles for the new board to follow, they would be pretty simple:
- Give us access to passport and driving licence data
- Give us legislation that will protect consumers and offer them confidence to use digital identities
- Give us regulations that stipulate who is liable for fraudulent use of a digital identity
- Tell us what standards we need so that our customers can use their digital identities for online government services
- Scrap Verify and never mention it around us again
- Get out of the way
Privately, government has been saying to identity providers for a few weeks that they are going to get what they want. The only remaining question is, how soon?
But don’t worry – there’s bound to be a consultation to give us the answer.