No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.
IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.
You are a careers advisor. A young person approaches you clutching a situations vacant ad. What do you advise?
The Government Digital Service seeks to appoint a Privacy Officer, closing date for applications one week today, 10 September 2015:
Government Digital Service
We are seeking an experienced Privacy Officer to lead the data protection and privacy aspects of the GOV.UK Verify [RIP] programme, both within GDS and across our delivery partners ...
Interviews week commencing: 21/09/2015 ...
Who knows but you might advise as follows.
Each move you make in your career affects your subsequent opportunities. You could take your experience to GDS. Would that be wise? Perhaps. The world looks like a Privacy Officer's oyster at the moment, in the public sector and beyond – there are other employers and other users who need you.
"The strategy is delivery" is one of GDS's old mottos. It doesn't bear inspection. They promised that GOV.UK Verify (RIP) would go live in the spring of 2013. It didn't. And two-and-a-half years later it still hasn't.
The currently promised live date is March 2016, six months away. Will they deliver on time? If they don't, it's not going to look good on your CV.
As long as you're very junior and on short notice in your present job, you could join GDS in October. That will give you less than six months to knock GOV.UK Verify (RIP) into shape data-protection-and-privacywise. Is that feasible? You need to decide.
You're going to have your work cut out:
- GDS have always promoted usability ahead of security. They have also promised that the public can have confidence in the security of GOV.UK Verify (RIP). You're going to have to educate GDS. And the public.
- The identity hub that glues GOV.UK Verify (RIP) together was written by GDS themselves. A team of US and UK academics assessed the hub and declared it full of holes. Despite their claim to build trust by being open, GDS have stayed remarkably tight-lipped about these allegations. You will have to be genuinely open.
- You may assume that one of your first jobs is to assess the GOV.UK Verify (RIP) liability model. It isn't. They haven't got one. Unlike the banks, who compensate you if your account is hacked, GDS make no mention of compensation and the so-called "identity providers" (IDPs) limit their liability to derisory levels. Good luck with that one.
- The IDPs are paid a pittance by GDS so you won't have much traction there. GDS are in bed with an outfit called OIX and it doesn't help that OIX have just published a white paper saying that the IDPs can't do their job. What GOV.UK Verify (RIP) really needs is the banks, not IDPs.
- Actually, they've published two white papers to that effect. In the second one, Reducing fraud and improving online safety through IDP signal sharing, OIX make it clear that as things stand there are no standards for monitoring account activity in GOV.UK Verify (RIP) and no established procedures to follow when exceptional events are detected. The banks, by contrast, have had that buttoned down for years.
- In their white paper, OIX acknowledge "the risk that a Shared Signals system might be incorrectly perceived as a surveillance tool that could undermine some users’ confidence in GOV.UK Verify [RIP]". Signal sharing between IDPs is the opposite to what the public have been promised with GOV.UK Verify (RIP). The IDPs are meant to be independent, not colluding. People's data is meant to stay where it's put, not be transmitted all over the place. And any use to which it's put is meant to be undertaken by consent, which in this case it hasn't been. You're going to be very busy over Christmas ...
- ... and thereafter, because GDS's relationship with the central government departments and agencies, the "Relying Parties" as they're known (RPs), the RPs that the public is trying to communicate with through GOV.UK Verify (RIP) is fragile. Fragile or non-existent. Non-existent with the National Health Service, for example, and with the Department for Education. Fragile with the Department for Work and Pensions, who are believed to have banned GDS from their premises, ... some little local difficulty with Universal Credit. Fragile with the Electoral Commission, to whom GDS gave an application system to register to vote which omits identity assurance. Fragile with the Department for Environment Food and Rural Affairs where the GDS system had to be abandoned in favour of paper and pen. And fragile with Her Majesty's Revenue and Customs, who have had to remind people that GOV.UK Verify (RIP) isn't their system, it's GDS's.
- Diplomacy will be the name of the game when it comes to dealing with the RPs. Your diplomacy. It will have to be yours because GDS have spent years telling the world that the rest of Whitehall is useless, traditional policy-making has broken down and the guiding principles of public administration need a revolution. Why would these much-maligned parties now rely on GOV.UK Verify (RIP)?
- And why would the public rely on it? The public want their data kept safely and only used for limited purposes. Meanwhile, GDS cheer on every step towards open data without ever trying to distinguish between public data and personal data. GDS's previous boss described the laws constraining data-sharing as "myths". You'll need to provide solace to the public. You've got your comforting answers ready, of course, haven't you?
But you won't see him for long. He's off on 30 September to pastures new. As are all the other senior staff/prophets. The organisation you join is not the organisation you will work for.