The great and the good of the digital identity sector gathered in London yesterday (13 February) for the Think Digital Identity for Government conference – a popular bi-annual event that always attracts the key players in the community to hear updates from their peers and a chance to catch up on the latest developments.
Many came along to hear the morning’s keynote speaker, Lisa Barrett, director of digital identity at the Government Digital Service (GDS), to find out the latest updates on the troubled Gov.uk Verify scheme and wider plans for private sector engagement.
Her talk was described on the event website and in its official programme as discussing “the real deal with Verify and how digital identity is now scaling in the public sector and plans for the private sector and beyond”.
Things started badly when it was announced that Barrett would not be taking questions. Computer Weekly attended another event, the Government ICT conference in Westminster, last month, where the keynote GDS speaker there, chief operating officer Fiona Deans, was also not allowed to take questions – so perhaps it shouldn’t have been a surprise.
I asked several delegates after Barrett’s talk what they thought of it, and the common response was, “She said absolutely nothing”. One delegate commented that she was talking so fast it was like she couldn’t wait to get off the stage.
On two or three occasions during her talk, Barrett said, “I wish I could tell you more.” It was clear to everyone that the lack of new information in her presentation was a source of frustration for her, as much as for those listening. Most of the presentation could have been given by any of her predecessors running Verify, at any time in the past five years – positive statements of intent and strategy, but no detail on the many problems Verify has faced and caused, and no clarity on future plans.
Let’s be clear – nobody should point a negative finger personally at Lisa Barrett. She took on a poisoned chalice when she took up the role a year ago. She has been described as a “breath of fresh air”, and everyone Computer Weekly has talked to speaks highly of her. She has brought a can-do attitude, confidence and an understanding of the challenges of digital identity. But GDS won’t let her say anything meaningful outside of a controlled, closed environment. Computer Weekly has asked to interview her on several occasions, but the powers that be at GDS have so far refused.
To her credit, during her talk, Barrett acknowledged that Verify is “not perfect” and that its design is “not intuitive” – a rare public acknowledgement from anyone involved with Verify that it’s in any way problematic. But the previous speaker at the event repeatedly referred to Verify as a “failure”, which more accurately summarises the way the digital identity sector views the system.
Barrett concluded her talk by saying that use of digital identity will be considered “normal” 10 years from now – which is, hopefully, correct, but ignores the fact that GDS has been working on Verify for seven years already.
There were many questions that Computer Weekly and others would have liked to ask, such as:
- What happens in April, when government funding for Verify will cease?
- What happens in April, when most of the identity providers that support Verify withdraw from the scheme?
- What were the responses to the digital identity consultation, which were due to be published before the end of 2019, but have been put back until an unspecified date in “spring 2020”? Barrett said the consultation had received 148 responses, which underlines the fact there are many stakeholders in need of more details about what’s going on.
- When will the pilot project to open up the Document Checking Service to the private sector begin, and who is involved?
- What interaction has taken place between government and the banking sector, which is actively working on its own plans for digital identity in support of open banking regulations?
- What risk assessment has been made for the fact that, from April, the only identity provider left taking new registrations is based in the Netherlands, and what impact does Brexit have on that? (The company in question is Digidentity, which is also the service used by the only other remaining identity provider, the Post Office).
- What is the remit of the proposed Digital Identity Unit, set up to combine GDS’s responsibility for Verify, and the Department for Culture, Media and Sport’s responsibility for digital identity policy as it relates to the private sector? Has the unit been established and what is it doing?
- How will the government’s digital identity policy encompass the multiple systems in use or being developed across the public sector for the same purpose – such as Verify, the NHS’s ID system, the Scottish government, and the longstanding Gateway system used by HMRC?
- What is GDS’s response to the criticisms made by the National Audit Office and the Public Accounts Committee last year – and in particular, justifying the value for money for the £175m spent on Verify?
But alas, we did not have the luxury of asking, let alone finding out the answers. GDS does itself no favours with its secrecy and lack of communication. The Verify team has long talked about the importance of developing an ecosystem for digital identity, with government taking the lead. It’s difficult to lead without openness and transparency. The mood among the private sector players at the event that Computer Weekly talked to remains cynical and gloomy.
It seems inevitable that the government must make some form of announcement around Verify and digital identity policy in the coming weeks, before the critical end-of-March timeline for future plans. The upheavals in the government and the frequent changes of ministerial responsibility in the Cabinet Office haven’t helped. But at some point soon, someone is going to have to stand up in public and explain what happens next.
Let’s hope they will be allowed to take questions.