arturas kerdokas - Fotolia

GDS wants to take 'hands off control' on digital identity, says Verify boss Verify boss Nic Harrison says GDS wants to take its “hands off the controls” of identity, as he confirms target of 25 million Verify user accounts “won’t all be created by government”

The government wants to work with the private sector to grow digital identity creation and drive uptake of Verify as it aims to become a consumer of identity, instead of a provider. 

Speaking at a media briefing during Sprint 18, Nic Harrison, director of service design and assurance, digital identity at the Government Digital Service (GDS), said the government is actively pursuing opportunities to “take our hands off the control” of identity services.

The government’s identity assurance platform has struggled with delays and low uptake, and identity experts have strongly suggested that Verify needs a major overhaul.

However, despite the problems, the government has been firm in its target to have 25 million user accounts by 2020. Although numbers have grown from 2 million users to 2.2 million users in a couple of months, and moved from 1.7 million transactions to 6 million in the past six months, Harrison conceded that the numbers “still aren’t stellar”, but that there is an “acceleration going on”.

It’s no secret that the government has struggled to get departments on board with Verify, which has led to tension, and some departments have taken matters into their own hands.

Computer Weekly previously reported that the NHS is creating its own identity platform, and HM Revenue and Customs (HMRC) is ploughing on with Government Gateway.  

Harrison said there has never been any kind of fight going on between departments and GDS on Verify.

“That was never the case. It was more that there were very real reasons why departments found it hard to use Verify on its own, or to just switch to Verify. There were very sound operational reasons,” he said, adding that at HMRC, for instance, the online tax accounts platform is “one of the biggest generators of Verify identities”.

He added that the financial situation government found itself in after the 2015 spending review, “combined with Brexit now, means departments aren’t doing a lot of back-office transformation”. 

“They’re worrying about EU exit, so we are frankly just not going to get hundreds of new services being digitised in the next year to bring on Verify.” 

Work with private sector 

So how does the government plan to get to its ambitious target of 25 million accounts by 2020?  

“Those 25 million user accounts won’t all be created by government services, they will come from other places as well,” Harrison said, adding “that has always been the strategy”, but that it has become one “we’re now more actively pursuing”.

Under current arrangements, Verify works by asking users to set up an account with one of a selection of third-party identity providers (IDPs), such as the Post Office, Experian and Barclays. These providers currently have exclusive access to public sector users. However, this could all change in the future.  

“What we are trying to do and what we’re discussing with our partners at the moment is more about what government can do to take its hands off the control,” Harrison said.

“At the moment, we have very strongly through the contractual arrangements controlled the use of accounts that are created. We want to stop having all that control, because ultimately the direction of travel for Verify, and in fact for digital identity more generally, is that we want it to be a thing that the government is a consumer of, not an owner and curator of.” 

Interoperable identity hubs

Maintaining that this has always been the plan, Harrison said what the government wants “is a ubiquitous digital identity for service users both for public and private sector”, which would be “Verify compliant” by following a set of standards. 

“In an ideal world, they would be truly interoperable. Interoperability and standards based is the key for us,” said Harrison. 

He added that there are already lots of companies going down the personal data store type approach. 

“What we would really like is everyone to coalesce around the same standards. Ultimately, the role of government, at least in the near term, is to be the arbiter of those standards so that we can all interoperate. If somebody was to set up their own hub and follow standards of Verify, then I would like to think they would be interoperable,” Harrison said.

“Obviously there are contractual arrangements we have with the current IDPs and we’d have to look at how you did that from a contract point of view. But certainly our end state is one or more hubs operating interoperably of which government just ends up being a consumer.”

Read more about digital identity

Read more on IT for government and public sector

Data Center
Data Management