Cabinet Office begins procurement for next stage of Gov.uk Verify

The Cabinet Office has submitted a tender notice for a £150m three-year framework for the provision of identity assurance services

The Cabinet Office has published a tender notice for a £150m three-year framework for the provision of identity assurance services.

Through the Gov.uk Verify platform the government is providing a new way for people to prove their identity when accessing digital services. A framework is now being procured by the Cabinet Office for use by the Government Digital Service (GDS) to expand the identity assurance services market.

The Cabinet Office is calling for 10 providers to enter the £150m framework – a significant increase from the £25m contract procured by the Department for Work and Pensions for Universal Credit in 2012. The new framework will last for three years with an option of a one-year extension.

“The aspiration is for central government, together with the providers under this framework agreement and others, to work together to develop, broaden and stimulate the market for identity assurance services,” read the tender. “This aspiration is initially focused on the wider public sector, with potential expansion into the private sector and other countries to follow.”

Contracts are expected to be awarded by April 2015.

The framework will allow citizens to prove they are who they say they are to a defined level of assurance (LoA). Initially the contracts will only be awarded for the mid-level of assurance – LoA2, which is the level Verify provides and is said to be sufficient for most government transactions. 

The tender notice states GDS is expected to procure additional services which may include LoA1 and LoA3. LoA3 is required when the relying party needs to know beyond reasonable doubt who the user is and that they are a real person, while LoA1 is for when a relying party needs to know that it is the same user returning to the service but does not need to know who that user is. 

There is also a higher LoA4 where a biometric profile is captured at the point of registration, but this is not being used by the Verify platform. 

Overcoming citizen database concerns

Gov.uk Verify is designed to overcome concerns about the government setting up a central database of citizens’ identities to enable access to online public services. Similar criticism led to the demise of the hugely unpopular identity card scheme set up under the Labour government.

The system will require users to register their details with one of several independent identity assurance providers – certified companies which will establish and verify a user’s identity outside government systems. When the user then logs in to a digital public service, the Verify system will electronically ask the external third-party provider to confirm the person is who they claim to be.

The first digital identity assurance system went live in September 2014 as a public beta after 18 months of user testing and seven months in private beta. A thousand users started testing the system in February 2014 on HM Revenue & Customs’ revamped PAYE service.

The service uses open standards approved by the Open Identity Exchange to ensure interoperability between government and third-party providers. Companies signed up as identity assurance providers include the Post Office, Digidentity, Experian, Mydex and Verizon. 

Government services using Verify by 2016

The government's aim is that all the central government services that need identity assurance for individuals will be using Gov.uk Verify by March 2016, but it hopes as many as 600,000 people could register to use Gov.uk Verify by the end of 2014. 

But problems with the beta system became apparent within weeks when people tried to prove their identities on the Department for Environment, Food & Rural Affairs website.

Gov.uk Verify has been incorporated in the rural support online service Common Agricultural Policy (Cap), which allows farmers to submit information about how land is used to claim subsidies. 

However, several users have been unable to register with Experian – the only company currently certified to confirm identity – meaning those users risk not receiving their Cap payments.

Farmers used the Cap reform blog to express their anger. One commenter, Davina Emmett, said: “This couldn’t be more complicated if you tried. We are farmers not computer experts.”

Read more on IT for government and public sector

CIO
Security
Networking
Data Center
Data Management
Close