Computer Weekly Editors Blog

Who knew? How Starmer kept his digital ID plan secret for months

Bryan Glick
Bryan Glick
Editor in chief

When prime minister Keir Starmer announced on 26 September that the government was to introduce a mandatory national digital ID scheme, it came as a surprise to many people – not least those in the tech sector who had been engaged in an ongoing dialogue around the digital identity market for a few years and had no idea this was coming.

But Computer Weekly has learned that within the Department for Science, Innovation and Technology (DSIT), the Government Digital Service (GDS), the Home Office and the Cabinet Office, the announcement was the result of months of discussions that had been successfully kept quiet from their private sector partners and from the media.

This week saw the latest developments in the programme, with Starmer trying to retake the initiative after the policy was widely criticised and rapidly seen as a political liability in many quarters – including by some Labour MPs.

Starmer took part in a stage-managed visit to a Brighton branch of Barclays bank, where he explained to customers and employees how digital ID will make their lives easier. It seemed to be an attempt to reframe the narrative from his initial focus on the scheme as a tool to tackle illegal immigration. If that means he has been listening to the many critics who felt that initial messaging threatened to undermine years of slow-but-steady progress in educating people to the benefits of digital ID, then maybe it was a positive sign.

The prime minister also announced a small but important change to the machinery of government. DSIT is no longer responsible for the digital ID scheme – GDS will continue to lead on “technical design, build and delivery,” but all “policy, legislation and strategic oversight” has moved to the Cabinet Office.

No rationale was given for the move, which will see Starmer’s chief secretary Darren Jones given ministerial responsibility for the scheme. As a member of the former interministerial group set up to oversee digital governance across Whitehall – along with then DSIT secretary Peter Kyle and then Cabinet Office minister Pat McFadden, both of whom have since been shuffled out to other jobs – Jones has at least been involved with the formulation of this government’s digital strategy since the beginning.

The quotes above came from Jones’ statement to the House of Commons on 23 October, in which he promised to “build the foundations of a modern British state that delivers better public services for people across the country, and digital ID will play a part in that work”.

It’s not clear why responsibility was shifted away from DSIT – most likely, it’s simply because Starmer wants to keep central control over a policy that will eventually have an impact across every department, and to mitigate against the differing priorities that could emerge from inside Number 10, DSIT and the Home Office.

It also seems to have come as a surprise to many in GDS.

Since Computer Weekly revealed earlier this year a series of serious security and data protection concerns around the One Login system that will sit at the heart of the digital ID scheme, there have been rumours that officials have recognised One Login requires greater scrutiny. There have been changes in the IT security management team within GDS too.

MP David Davis recently wrote to the National Audit Office demanding an investigation into One Login, calling the system “scandalously insecure” and “fatally vulnerable to hackers” – citing a number of issues raised in Computer Weekly’s stories, in particular the “red team” penetration testing exercise that showed One Login was vulnerable to hackers accessing code without being detected.

When Starmer announced the machinery of government changes, GDS chief product officer, Christine Bellamy, wrote to staff to explain what it meant for them.

“The chief secretary to the Prime Minister, Darren Jones, will have overall responsibility for the new digital identity scheme, working alongside our secretary of state [Liz Kendall] who remains responsible for the technical design, build and delivery. They will work together to build the foundations for a modern state, where new technologies such as digital ID can be used to provide more convenient and more efficient services,” she wrote, in an internal email seen by Computer Weekly.

Bellamy highlighted three key points that offer some insight into what’s been going on behind the scenes:

“We retain responsibility for the One Login programme and for delivering the outcomes in its standalone business case… We retain responsibility for the Gov.uk Wallet and for delivering the ambition to digitise government credentials/proofs by 2027,” she told staff, adding: “Gov.uk One Login and the Gov.uk Wallet are important parts of the UK’s identity ecosystem but they are not the same thing as the UK’s digital ID scheme, or shorthand for the new programme.”

The messaging seems to reinforce the differences between the digital ID programme and the previously announced plans for One Login and the digital wallet, both of which will be essential elements of the ID scheme – One Login for verifying your identity in the first place, and the wallet for housing the digital credentials needed for the digital ID on your smartphone.

The One Login team, as far as GDS is concerned, remains focused on “its standalone business case,” which was first produced in 2022. That business case centres One Login (as the name suggests) as a login tool, describing it as “a single, ubiquitous way to log in to any government service, with anyone who is required to prove their identity able to easily do so”.

Bellamy said there will be few changes within GDS as a result. “A small number of policy staff” from DSIT will be moving to the Cabinet Office – potentially including Hannah Rutter, previously CEO of DSIT’s Office for Digital Identities and Attributes, who is understood to be taking a leading role in digital ID policy development.

“We have clarity on how the government wants to treat ministerial oversight of this ambitious and exciting work. And that clarity means we can now more formally organise around clear lines of accountability and delivery between departments, and enabling programmes,” said Bellamy.

She also highlighted some of the challenges that have been faced by those involved with the programme to date.

“Many teams across GDS and DSIT, with our partners in the Home Office, have been doing exceptional work in the run up to the original announcement, and since. I want to thank everyone who has been running hard at this to get us to this point. Those working on digital ID so far know it has been a challenging few months of ambiguity, sporty timelines and high expectations,” she told staff.

Starmer’s announcement seems to have distributed that ambiguity around MPs, the tech sector and the wider public, given the negativity of the subsequent reactions.

The government faces a huge task to reverse that negativity. Is digital ID simply a “dead cat” strategy, as some have suggested? A deliberate distraction from other problems, to get people talking about a policy that may eventually prove to be neither mandatory nor national? It’s too early to tell.

What’s clear is that months of secrecy within Whitehall as the plans have been developed will now lead to years of scrutiny for the digital ID scheme and all its associated systems, such as One Login and the Gov.uk Wallet. This is likely to be the biggest challenge yet for Starmer’s promise to digitally modernise the state.