arturas kerdokas - Fotolia

Ex-government privacy advisor calls for 'fundamental review' of Verify identity scheme

Former Cabinet Office privacy group co-chair says the Verify identity assurance programme needs 'honest and fundamental reset'

The government’s flagship digital identity service, Verify, needs to be reset and subject to a “fundamental review” to avoid a failure of the public sector’s whole approach to online identity assurance, according to a former government privacy advisor.

In an article for Computer Weekly, Jerry Fishenden writes that Verify “is displaying the worrying and familiar symptoms of a troubled government programme,” and is “running significantly behind schedule and de-scoped, and possibly over budget”.

Until this month, Fishenden was co-chair of the Cabinet Office’s Privacy and Consumer Advisory Group (PCAG), set up in 2011 by then Cabinet Office minister Francis Maude to provide independent advice on government’s approach to online identity assurance and data privacy. PCAG established the principles that are meant to govern the approach to developing Verify.

Fishenden resigned from PCAG at the start of May, citing a lack of ministerial support and slamming government officials for failing to ask for or take advice on board.

In his Computer Weekly article, he said that Verify needs to be reviewed to avoid a costly failure that risks undermining the wider aim of providing a standard identity assurance mechanism for online public services.

“It’s time that the Verify platform, other ‘competing’ initiatives such as the updated Government Gateway, and the underlying work on an identity assurance framework are subject to an open, honest and fundamental reset,” he said.

“A significant amount of money, time and resource have been sunk into the Verify platform in particular, but without delivering the results desired or the success repeatedly promised.”

Identity framework

Fishenden said that it’s important to differentiate between the online identity assurance framework set up to guide the approach to digital identity, and the physical platform built by the Government Digital Service (GDS). He said that the problems lie with the latter – the Verify digital service being developed by GDS.

A recent NAO report highlighted ongoing delays and missed targets during the Verify programme.

“In 2014, GDS expected over 100 departmental services to be using Verify by 2016. In October 2016, GDS predicted that 43 services would be using Verify by April 2018. In February 2017, 12 services were using Verify. None of the nine services that were in the pipeline for connecting to Verify during the remainder of 2016 was ready to do so by that date,” said the NAO report.

“Nine of the 12 services using Verify can now be accessed using both Verify and a department’s chosen way of allowing users to log-in to services. This parallel access undermines the current business case and risks creating confusion for service users.”

Read more about Verify

The government transformation strategy, launched in February this year, set a target of 25 million Verify users by 2020, but Fishenden pointed out that currently, six years into the programme, there are fewer than one million verified users.

GDS is hoping to extend the reach of Verify by working with local authorities and private sector firms such as banks.

However, according to a report in this week, more than half of the 19 councils who signed up to a trial of Verify have pulled out of the project, with some saying they underestimated the amount of work required.

GDS is working on trials with un-named financial services firms, but has been reluctant to discuss progress in public.

Earlier this year HM Revenue & Customs (HMRC) published a blog that said the department was intending to use a redeveloped version of the existing Government Gateway service instead of Verify. However, after journalists queried HMRC and the Cabinet Office, the blog post was amended to remove that section, with the department instead saying it “is committed to Verify as the single identification service for individuals and is fully focused on delivering this”.

Sources suggest that HMRC is still a reluctant user of Verify, because the GDS platform does not offer identity assurance for companies or intermediaries, such as accountants filing tax returns on behalf of clients. The Government Gateway will continue to be used for companies and intermediaries by Whitehall departments even as Verify is further rolled out for individuals.

Poor user experience

In his article, Fishenden said that Verify continues to have problems even for those citizens that do try to use the service.

“Many users’ experience of Verify remains poor, and they fail to prove their identity to the commercial providers,” he said.

Verify’s own performance dashboard shows that just 55% of users succeed either in creating an account, or in re-using an account they have already created. The service dashboard reveals that only 44% of those users then successfully access a service, following the creation or re-use of a verified account with a certified company.”

Fishenden called for “credible leadership” and a “viable strategy” to ensure the worthy goals set for the Verify programme can still be achieved.

“Making the hard decision to do a fundamental review and reset of identity assurance and the various competing approaches and platforms is the right thing to do,” he said.

“The viability of online services and establishing digital trust between public and private sectors is dependent on getting this right. It would also represent a welcome return to GDS’s original principles of working in the open, being transparent, and learning from mistakes.”

Fishenden has been an independent advisor to various government and parliamentary bodies, including GDS. He worked as an advisor to former GDS chief technology officer Liam Maxwell, and was appointed co-chair of PCAG by minister Francis Maude.

He was a co-author of the seminal report led by Maxwell, Better for less, which formed the basis of the Conservative Party technology manifesto in 2010, and which helped establish many of the IT spending rules introduced by the coalition government thereafter. He is also co-author of the book. “Digitizing government: understanding and implementing new digital business models”.

A Cabinet Office spokesperson said: "The Government Transformation Strategy, released earlier this year, is clear in terms of Verify - it continues to be a key priority for the Government Digital Service."

Read more on IT for government and public sector

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Dr Fishenden makes some good points about the Verify programme, not least the slow progress with delivery and the continuing lack of functionality.  If GDS had been a commercial organisation contracted to deliver Verify it is quite possible that it would by now have been in commercial dispute.  From a lay person’s perspective, GDS does not appear to be being held accountable for this major spend of public money. 

However Verify’s slow development and implementation and failure to replace Government Gateway should not be surprising as the primary functions of the Government Gateway and Verify are fundamentally different. 

The original Government Gateway procurement statement of service requirement (SSR) states that:

The Government Gateway will link the widest possible range of government services and information. It will provide a standardised interface through which a multiplicity of delivery channels can provide services, connected to a multiplicity of back office processes throughout Government and beyond. It will also provide value-added services such as transaction management, data standardisation and third party authentication for the citizen to Government departments.”

This is a very different intent from Verify’s purpose to provide federated identity assurance.  The SSR further states that:

“The Gateway is the centrepiece of "joined up" Government, and it is expected that all services that are to be "joined up" in this manner will use the Gateway to facilitate the needed cross Governmental interaction.

The gateway will act as an intelligent hub, providing a common access point for a number of service & delivery channels to a number of back office governmental services, and a transaction engine, with application functionality to provide services such as audit, authentication and security. …

The Gateway is being procured separately from for several reasons.

- Gateway, as a major piece of HMG infrastructure, requires a different development skill set than the customer facing internet based

- The management and control of the service will have different requirements to that of

- The eventual ownership of the two procurements may differ.

- Gateway must support multiple services and multiple front-ends, not just

- The presentation layer needs to be supervised and focused on the citizen whilst the Gateway is focused on providing an industrial strength architecture for security, authentication and transaction services.

Describing the Government Gateway as a federated identity hub is misleading. The Government Gateway was not designed as a federated identity hub but as an industrial strength, intelligent hub containing a federated authentication hub providing registration and enrollment services together with a transaction hub for specific inter-Departmental services. By comparison, Verify has been designed as an identity assurance service to authenticate individuals against potentially multiple digital identities held by third parties.

In addition, the Verify concept is flawed. Identity is socially constructed and not unique. In the physical world it is possible to relate multiple identities in different social contexts to a single instance of a physical entity such as a person. In the digital world there is no equivalent single instance of an entity, just multiple digital identities. A digital identity can never be tied unequivocally to a unique physical individual, although there may be a preferred and sufficiently trustworthy digital identity that is accepted in a given social context such as credentials provided for interactions with a specific government department, or digital credentials provided for an employee to access the employer’s IT systems. It follows mathematically that attempts to tie an individual’s preferred credentials for government (which are held by a commercial third party under the Verify model) to a physical individual by algorithmically investigating and comparing that individual’s multiple online identities will automatically result in a significant proportion of failures, however much digital personal data is collected. In other words the unacceptably high proportion of failures observed is a direct and automatic consequence of Verify’s design. It should therefore not be surprising that Verify has not delivered "the results desired or the success repeatedly promised."