arturas kerdokas - Fotolia

Ex-government privacy advisor calls for 'fundamental review' of Verify identity scheme

Former Cabinet Office privacy group co-chair says the Verify identity assurance programme needs 'honest and fundamental reset'

The government’s flagship digital identity service, Verify, needs to be reset and subject to a “fundamental review” to avoid a failure of the public sector’s whole approach to online identity assurance, according to a former government privacy advisor.

In an article for Computer Weekly, Jerry Fishenden writes that Verify “is displaying the worrying and familiar symptoms of a troubled government programme,” and is “running significantly behind schedule and de-scoped, and possibly over budget”.

Until this month, Fishenden was co-chair of the Cabinet Office’s Privacy and Consumer Advisory Group (PCAG), set up in 2011 by then Cabinet Office minister Francis Maude to provide independent advice on government’s approach to online identity assurance and data privacy. PCAG established the principles that are meant to govern the approach to developing Verify.

Fishenden resigned from PCAG at the start of May, citing a lack of ministerial support and slamming government officials for failing to ask for or take advice on board.

In his Computer Weekly article, he said that Verify needs to be reviewed to avoid a costly failure that risks undermining the wider aim of providing a standard identity assurance mechanism for online public services.

“It’s time that the Verify platform, other ‘competing’ initiatives such as the updated Government Gateway, and the underlying work on an identity assurance framework are subject to an open, honest and fundamental reset,” he said.

“A significant amount of money, time and resource have been sunk into the Verify platform in particular, but without delivering the results desired or the success repeatedly promised.”

Identity framework

Fishenden said that it’s important to differentiate between the online identity assurance framework set up to guide the approach to digital identity, and the physical platform built by the Government Digital Service (GDS). He said that the problems lie with the latter – the Verify digital service being developed by GDS.

A recent NAO report highlighted ongoing delays and missed targets during the Verify programme.

“In 2014, GDS expected over 100 departmental services to be using Verify by 2016. In October 2016, GDS predicted that 43 services would be using Verify by April 2018. In February 2017, 12 services were using Verify. None of the nine services that were in the pipeline for connecting to Verify during the remainder of 2016 was ready to do so by that date,” said the NAO report.

“Nine of the 12 services using Verify can now be accessed using both Verify and a department’s chosen way of allowing users to log-in to services. This parallel access undermines the current business case and risks creating confusion for service users.”

Read more about Verify

The government transformation strategy, launched in February this year, set a target of 25 million Verify users by 2020, but Fishenden pointed out that currently, six years into the programme, there are fewer than one million verified users.

GDS is hoping to extend the reach of Verify by working with local authorities and private sector firms such as banks.

However, according to a report in this week, more than half of the 19 councils who signed up to a trial of Verify have pulled out of the project, with some saying they underestimated the amount of work required.

GDS is working on trials with un-named financial services firms, but has been reluctant to discuss progress in public.

Earlier this year HM Revenue & Customs (HMRC) published a blog that said the department was intending to use a redeveloped version of the existing Government Gateway service instead of Verify. However, after journalists queried HMRC and the Cabinet Office, the blog post was amended to remove that section, with the department instead saying it “is committed to Verify as the single identification service for individuals and is fully focused on delivering this”.

Sources suggest that HMRC is still a reluctant user of Verify, because the GDS platform does not offer identity assurance for companies or intermediaries, such as accountants filing tax returns on behalf of clients. The Government Gateway will continue to be used for companies and intermediaries by Whitehall departments even as Verify is further rolled out for individuals.

Poor user experience

In his article, Fishenden said that Verify continues to have problems even for those citizens that do try to use the service.

“Many users’ experience of Verify remains poor, and they fail to prove their identity to the commercial providers,” he said.

Verify’s own performance dashboard shows that just 55% of users succeed either in creating an account, or in re-using an account they have already created. The service dashboard reveals that only 44% of those users then successfully access a service, following the creation or re-use of a verified account with a certified company.”

Fishenden called for “credible leadership” and a “viable strategy” to ensure the worthy goals set for the Verify programme can still be achieved.

“Making the hard decision to do a fundamental review and reset of identity assurance and the various competing approaches and platforms is the right thing to do,” he said.

“The viability of online services and establishing digital trust between public and private sectors is dependent on getting this right. It would also represent a welcome return to GDS’s original principles of working in the open, being transparent, and learning from mistakes.”

Fishenden has been an independent advisor to various government and parliamentary bodies, including GDS. He worked as an advisor to former GDS chief technology officer Liam Maxwell, and was appointed co-chair of PCAG by minister Francis Maude.

He was a co-author of the seminal report led by Maxwell, Better for less, which formed the basis of the Conservative Party technology manifesto in 2010, and which helped establish many of the IT spending rules introduced by the coalition government thereafter. He is also co-author of the book. “Digitizing government: understanding and implementing new digital business models”.

A Cabinet Office spokesperson said: "The Government Transformation Strategy, released earlier this year, is clear in terms of Verify - it continues to be a key priority for the Government Digital Service."

Read more on IT for government and public sector

Data Center
Data Management