No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.
IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.
The Government Digital Service (GDS) have contracted with nine so-called "identity providers" or "certified companies" to register all us Brits and to supply us with on-line identities, ready for the brave new digital-by-default world.
one day (in April 2016?) to use public services via GOV.UK Verify (RIP). That's the idea.
GDS are more diffident about this but, later on, these on-line identities may allow us to use private sector services, too.
Safran Morpho is one of GDS's "identity providers":
Safran Morpho offer a product called "SecureIdentity".
GDS promised in the past that all "identity providers" would be certified by tScheme, an independent body, expert in measuring trustworthiness. That's meant to give the public confidence in GOV.UK Verify (RIP).
Safran Morpho applied for certification for SecureIdentity on 19 November 2015. These things take time. SecureIdentity may or may not be certified in the end but it doesn't appear on tScheme's roll of trust yet.
Your mobile phone then becomes part of your identity. That may imply that your existence is interrupted, as far as Safran Morpho are concerned, when you change phones.
Long-time DMossEsq readers will know that downloading apps onto your mobile phone is indistinguishable from inviting in a virus.
The SecureIdentity app has the features shown in the mobile phone screenshot opposite.
If you are convinced that you understand what they all mean and if you are happy to give SecureIdentity house room, fine.
If not, there are five other "identity providers" to choose from today – Barclays, Digidentity, Experian, the Post Office and Verizon – to which you should soon be able to add GBGroup, PayPal and the Royal Mail.
You had better read, learn and inwardly digest Safran Morpho's terms and conditions for SecureIdentity and their privacy and cookies policies. They estimate 10 to 15 minutes for registration. Good luck with that.
To register with Safran Morpho, you have to tick the box that says you've read all these documents and you may then be deemed to have freely given your informed consent.
Answer, your consent to a lot of personal information about you bouncing around the world's telecommunications networks, in the UK and overseas, between Safran Morpho, unnamed credit referencing agencies, unnamed sub-contractors, government departments, law enforcement agencies, tax authorities, Zendesk, DoubleClick, YouTube and Google, because that's who GDS use for their analytics.
De-registration, by the way, takes at least seven years. That's the minimum length of time Safran Morpho will keep any information they have about you.
Safran Morpho clearly envisage an intimate relationship with you, including your life in the social media. Not to mention anything that the SecureIdentity app can glean from your sleepless mobile phone, the accounts on it and the network(s) it is attached to.
1.2 The types of personal data that Morpho may collect and hold
Personal data that Morpho may collect include:
- Your full name;
- Your date and place of birth
- Your postal address;
- Your email address;
- Your telephone number;
- Your user ID (application store account)
- Your gender
- The data necessary to identify the date, time and duration of a communication
- Your static or dynamic IP address
- Characteristics of your software platform (Operating System, Browser)
- Your passport details
- Your Driving License details
- Your Marriage Certificate details
- Your Birth Certificate details
- Your Poll Card details
- Your bank account number
1.3 How does Morpho collect your personal data
Morpho usually collects personal data directly from you. For that purpose, Morpho may require you to complete a consent form to acknowledge that you are fully aware of the collection and processing of your personal data.
Morpho may also check your personal data against publicly available information and information already present in our partner companies' databases in order to verify your identity and ensure that you are the person you' re claiming to be.
Personal data that Morpho may check, include:
- Your Credit Record History
- Your Electoral Roll History
- Your financial court orders records (CCJ, IVA, DRO, Bankruptcy)
- Your record in the Land Registry …
- Your Directors Register record
We might in certain circumstances verify if you are active on social networks.
Morpho may collect personal data about you because Morpho is required or authorised by law to collect it.
In the course of that intimate relationship, Safran Morpho can't help collecting a lot of personal information about you:
GOV.UK Verify (RIP) has been designed by GDS. Their pre-eminent design principle is: "start with needs – user needs, not government needs". That's what they started with and somehow you've ended up handing over reams of the personal information that defines you, beyond your control, to a lot of strangers.
1.5.1 Disclosure of personal data by Morpho
Morpho may share personal data with:
- Government Digital Service (GDS): the DVLA, the HMPO [Her Majesty's Passport Office] and any other relevant HMG Department in connection with the provision of the Evidence Checking Services
- Its subcontractors (including without limitation third party fraud-prevention agencies and credit agencies) to verify your identity during the SecureIdentity registration process and to provide customer care.
Morpho will not sell, rent or otherwise disclose your personal data to third parties without your informed consent.
Morpho may also share your personal data if it is required to do so by virtue of any legal obligations (such as law enforcement, tax), or in order to enforce Morphoâ€™s [sic] terms and conditions (a copy of which can be seen at www.secureidentity.co.uk/help).
1.5.2 Overseas disclosure by Morpho
Morpho is part of the Morpho Group of Companies ("Morpho Group") which is a global organisation; for the purposes explained in this policy, your information may be transferred to the head office of the Morpho Group, Morpho SAS based in France ...
1.5.3 Marketing communications
Your information may be used by SecureIdentity (Morpho UK) for marketing purposes in connection with the service provided ...
And all you wanted to do was to obey the law by submitting your tax return. That was the user need. You didn't previously feel the need to help the "identity providers" with their marketing, did you?
You've been able to submit your tax return on-line for years via the Government Gateway. Why do you now also have to send your credit history to all these strangers?
Something, somewhere along the line, has gone wrong. It's all got out of hand. GOV.UK Verify? RIP.