Thursday 14 December 2017

What does the BBC mean by "control"?

A charming email arrived from the BBC the other day. They want to make it easier for DMossEsq to sign in to his account. And they want him to be able to sign in orally – no more fuddy-duddy typing.

So the subject of the email is "Talk your way into the Beeb"? No. It's "Important changes to the BBC Privacy and Cookies Policy".

Bit boring. But let's take a look:
Hello,

We’ve made some changes to the BBC’s Privacy and Cookies Policy. We’ve done this so that we can introduce new features, while protecting your data and putting you in control of what happens to it.

You can view the updated Privacy and Cookies Policy by going to bbc.co.uk and searching for our Privacy and Cookies Policy or by clicking on the link below.

View updated Privacy & Cookies policy

...
The BBC Privacy and Cookies Policy turns out to be 5,000 words long and to comprise 20 clauses.

Clause 4 lists 11 uses to which the BBC may put DMossEsq's personal information. Most of these are unimpeachable.

For example, the BBC may use DMossEsq's personal information for analysis and research to assist with marketing and strategic service development. DMossEsq has no objection to this use of his personal information. But it is odd to describe this as a case of him having "control of what happens to [his personal information]".

It would make sense for the BBC to say "thank you, DMossEsq, for providing us with the data to help us with our strategy". It makes no sense to say that DMossesq is "in control of that data".

On those rare occasions when the hermit DMossEsq leaves his mountaintop eyrie in Merton and goes abroad, the BBC warn him at clause 4 that he may be subjected to "online behavioural advertising". Which suggests that the BBC are forever monitoring his behaviour so that they are ready to offer him appropriate advertisements as soon as he is overseas. DMossEsq has no control over that monitoring. The BBC know that and it is silly of them to pretend that he has.

Clause 7 says that the BBC "may use information which we hold about you to show you relevant advertising on third party sites (e.g. Facebook, Google, Instagram, Snapchat and Twitter)". And clause 8 says "we may share [some data] with third party sites (e.g. Facebook, Google, Instagram, Snapchat and Twitter)".

DMossEsq can opt out of this sharing. Good. But hang on a minute. Facebook, Google, Instagram, Snapchat and Twitter don't display advertisements for free. They like to be paid. Presumably by the BBC. Are they being paid with money taken from DMossEsq's licence fee? Or with DMossEsq's personal information? Or both? And what else are Facebook, Google, Instagram, Snapchat and Twitter doing with his personal information?

Clause 13 assures DMossEsq that he can always find out what personal information of his is held by the BBC on the sole condition that he give them even more of it. Specifically his passport details, driving licence details, birth certificate, ..., and £10. It's hard to see any way round this. But again it seems peculiar to describe it as DMossEsq being in control.

Clause 15 tackles cookies. The BBC's own cookies. And third party cookies:
To support our journalism, we sometimes embed content from social media and other third party websites. These may include YouTube, Twitter, Facebook, SoundCloud, Vine, Instagram, Pinterest and Flickr. As a result, when you visit a page containing such content, you may be presented with cookies from these websites and these third party cookies may track your use of the BBC website. The BBC does not control the dissemination of these cookies and you should check the relevant third party's website for more information.
"The BBC does not control the dissemination of these cookies". Oh good. DMossEsq isn't in control and neither is the BBC.

DMossEsq could delete these cookies. If he remembered to. And had the time. But then the service wouldn't work, more than likely. Or it might work today but not in a year's time.

DMossEsq's "control" could rely on not having a BBC account at all. But then what does he do when the BBC say, as they inevitably will, that, in order to protect the children or stop tax evasion, DMossEsq can only avail himself of BBC services if he has an account?

Perhaps there's no alternative. But that's not the point. The point here is that DMossEsq is obviously not in control of his own personal information whereas the BBC say that he is.

"Aha", says the bright girl in the second row, "you can use the do-not-track (DNT) option in your web browser, that'll put you in control". Nice idea but no silver star – the BBC tell us at clause 16 that "this website does not currently respond to DNT requests".

Mind you, that could change. As we learn at clause 18. In fact the whole privacy and cookies policy could change at any time, "so you may wish to check it each time you submit personal information to the BBC". Very amusing. DMossEsq wants to search iPlayer for an hour or two of Lucy Worsley but before doing that he'll just quickly plough through 5,000 words looking for any changes since the previous version. Who is controlling whom?

Does anybody remember where we started? It seems hours ago but the BBC wanted to tell DMossEsq how to log in more conveniently.

----------

Updated later that same day, 11:37

As per the above, someone in the BBC sent all us accountholders an email saying "we’ve made some changes to the BBC’s Privacy and Cookies Policy. We’ve done this so that we can introduce new features, while protecting your data and putting you in control of what happens to it" whereas an examination of the BBC Privacy and Cookies Policy quickly establishes that we accountholders have no control over the personal information we give the BBC.

If that email had been written by BBC News DTrumpEsq would have been all over it. Control? Fake news.

"Control" is just the wrong word.

The BBC are not normally imprecise. What causes them to be imprecise in this case? Let's allow ourselves two guesses.

Firstly, the BBC want to sound nice. They're paying us the compliment of pretending to be controlled by us. Give it another day or two and, who knows, the BBC may go further and tell us that we have been "empowered" by handing over our personal information to them.

Second, almost everyone else pretends that their identity management scheme allows the user to be in control of their own personal information, so why shouldn't the BBC join in, follow the herd, take cover in the crowd and do the same?

Take Mydex, for example. It's been years since DMossEsq has bothered to look at Mydex. They never could answer the question how handing over your personal information to other people gave you control of it and they still can't but they still make that promise: "Complete control You decide what you store, see and share". Perhaps the BBC are copying Mydex.

Or take the Government Digital Service's GOV.UK Verify (RIP), for example. "Users are ... in control of when their information is passed to a government service" – no we're not. Nor are we in control of our own personal information when GOV.UK Verify (RIP)'s "identity providers" send our personal information all over the world to their subsidiaries and sub-contractors and agents. Perhaps the BBC are copying GDS.

GDS pretend that GOV.UK Verify (RIP) abides by the nine sets of privacy principles devised by the UK's Privacy and Consumer Advisory Group. In fact it flouts the lot of 'em. Including no.1, user control, "I can exercise control over identity assurance activities affecting me and these can only take place if I consent or approve them".

No-one can make good on that promise. Not Mydex. Not GDS. And not the BBC. So it's silly to make the promise in the first place. Control is not on the menu. Stop pretending that it is.

It's just as silly as GDS's other pretence that GOV.UK Verify (RIP) is, without qualification, "secure". It can't be and everyone knows that it can't. The pretence undermines confidence and trust ...

... like GDS's other other pretence, that "frictionless" means good. It doesn't. It means voluntary enslavement.

And then there's the other other other pretence that apps are good for you. They aren't. Not necessarily. A lot of the time, an app is just a virus by another name.

Our guesses as to the aetiology of the control promise may be wrong but the promise is anyway misleading and demeans the BBC. It's nearly Christmas. Can we look forward to a BBC retraction?

If the BBC want another example to follow, they could do worse than Barclays Bank, whose terms and conditions say:
If you, or someone with authority over your account, asks us to share your information with third parties, we're happy to do so, but it's important you know that we, as your bank, will have no control over how that information is used. You will need to agree the scope of use directly with the third party.
And the Barclays privacy policy, which says:
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
GDS and the BBC don't have much experience of managing personal information. Or of talking to their parishioners like grown-ups. They could learn a thing or two from Barclays, who do.


What does the BBC mean by "control"?

A charming email arrived from the BBC the other day. They want to make it easier for DMossEsq to sign in to his account. And they want him to be able to sign in orally – no more fuddy-duddy typing.

So the subject of the email is "Talk your way into the Beeb"? No. It's "Important changes to the BBC Privacy and Cookies Policy".

Bit boring. But let's take a look:
Hello,

We’ve made some changes to the BBC’s Privacy and Cookies Policy. We’ve done this so that we can introduce new features, while protecting your data and putting you in control of what happens to it.

You can view the updated Privacy and Cookies Policy by going to bbc.co.uk and searching for our Privacy and Cookies Policy or by clicking on the link below.

View updated Privacy & Cookies policy

...
The BBC Privacy and Cookies Policy turns out to be 5,000 words long and to comprise 20 clauses.

Wednesday 13 December 2017

Open banking, PSD2, GOV.UK Verify (RIP) and the end of civilisation as we know it

Open banking starts in the UK in four weeks time on Saturday 13 January 2018. The competition is keen. Who will be the first little old lady to be cheated out of her life savings? And can she lose the lot by close of play on Monday 15 January 2018 or will we have to wait until Tuesday?

What, we hear you ask in your millions, is DMossEsq talking about?

By way of an answer, consider this email kindly sent by Barclays Bank at 21:34 on 25 September 2017. You will have received similar communications from Barclays and other banks and ignored them:
...

Why are we making changes?
From time to time, we need to update our agreement to reflect changes in banking legislation, new technological developments, and changes to the way we use information. One example is the introduction of a number of new laws which are known as 'Open Banking'. This will enable you to share your data and make payments through third parties ...

Open Banking – new services are coming soon
Open Banking will enable you to share your bank account data with other companies if you give permission. This means you will be able to see multiple bank accounts and transactions in one place (for example on your Barclays Mobile Banking) even if they're from different banks. You will also be able to allow other companies to give payment instructions from your account. If you don't want to use these new services, you won't notice any differences in the way you bank, as you will always have to provide permission for the new services.

The safest way is to create a secure connection ...

An alternative option, is to share your bank account login details directly ...
Open Banking is a UK initiative promoted by the Competition and Markets Authority (CMA). People are paying too much for payments, the retail banks constitute a cartel, the market must be opened to competition from different organisations, innovation will drive prices down and quality up. That's the theory ...

... but.

Is it really a good idea for our little old lady to "share [her] bank account data with other companies"? Or to "share [her] bank account login details"? If she can "see multiple bank accounts and transactions in one place", who else can? What are they luring the old girl into? What have the CMA got against her?

Leaving those questions for another day, consider now the scale of what's happening. "I can’t stress enough just how big a deal the UK’s transition to Open Banking is", says the estimable Dave Birch. "Open Banking is 'a new way of dealing with the twenty-first century's most sought-after resource, personal data' ... Identity is the new money. Banks are about to be transformed from places that store Sterling into places that store Digital Identities ... [Banks could] let this slip through their fingers and hand digital identity to Apple, Facebook, Google, Amazon and Microsoft ... the internet giants who already have the customer relationships".

RIP IDA – if you've got nothing to say, say it
TUESDAY, 11 FEBRUARY 2014

When GDS's David Rennie spoke at the US Identity Ecosystem Steering Group conference in January, he said that the reason there are none of the big retail banks signed up to IDA [the old name for GOV.UK Verify (RIP)], the identity assurance programme, is that they've been too busy sorting out the aftermath of 2008's credit crunch (32'10"-32:35").

That's silly. Identity assurance is what retail banks do all day every day – they can't be "too busy" to do it.
It's not just Mr Birch and DMossEsq who think open banking is a major event. As noted the other day, so does Don Thibeau of the Open Identity Exchange.

Unlike us, Mr Thibeau believes that open banking is a great opportunity for the Government Digital Service's dead cat, GOV.UK Verify (RIP). Apple, Facebook, Google, Amazon, Microsoft and the other internet giant GOV.UK Verify (RIP)? No. Is Mr Thibeau revealed as one of the greater deadpan comedians?

And it's not just open banking. According to Payments UK: "The requirement from the CMA coincides with the EU legislation, the revised Payment Services Directive (PSD2), which requires all payment account providers across the EU to provide third party access". The EU, too, want our little old lady to use PISPs (payment initiation service providers, since you ask) and AISPs (account information service providers).

Payments UK ("We represent the payments industry in the UK") say that open banking and, by extension, PSD2 "will give customers more control over their data and will support an emerging market of new, exciting third party products and services, such as tailored price comparison websites ... It will keep customers safe and secure, enhancing the opportunities for enhancing customer propositions".

Finextra, the fintech house mag, write in even purpler prose: "After PSD2 ... open banking apps and services from third parties will flood the European market and offer users never-before-seen levels of choice and variety in payment, loyalty, behaviour-based and user-friendly data-oriented services".

The PSD2/open banking prospectus sounds like midata re-heated. PSD2 gives credence to the flaky mass consumer biometrics industry. If Don Thibeau isn't joking perhaps the UK's banks really will try to rely on GOV.UK Verify (RIP). That's all three lemons in a row. Jackpot. The pied pipers will be calling the tune.


----------

Updated 5.1.18

Just one week to go now before the start of Open Banking, please see above.

Who's in charge?

The Competition and Markets Authority (CMA). Who have set up an implementation entity called "Open Banking". Which has a trustee in charge, an Ernst & Young partner called Imran Gulamhuseinwala. OBE. Who gave a talk at the Open Identity Exchange's 17 November 2017 conference on the Economics of Identity:



It's only a short talk, 16½ minutes, and yet Mr Gulamhuseinwala manages three times – at 3'45", 5'30" and 12'45" – to tell us that Open Banking will allow people to take control of their own personal information. This we shall achieve by giving our personal information to strangers. The BBC understand how this amounts to taking control. The rest of us don't. To us, it looks like losing control.

Open banking relies on identity assurance. Identity assurance and Open Banking are converging, Mr Gulamhuseinwala says. How does this relationship between Open Banking and identity assurance work? It looks like something to do with the economics of identity but twice – at 2'55" and then again at 14'55" – Mr Gulamhuseinwala, the man in charge, tells us at length that he doesn't know, he's not sure, he hasn't got all the answers and that's not his job.

He does know that Open Banking will allow us to review our bank accounts and switch to better ones. Ditto energy accounts, mobile phone deals and insurance policies. He just doesn't know how. He also knows somehow that unnamed Open Banking apps (viruses) will securely review all our personal information and improve our well-being.

This is the hoary old midata prospectus, beloved of the LibDems who ran the Department for Business Innovation and Skills during the UK's 2010-15 coalition government. They promised that nanny-state-on-a-chip apps (viruses) would nag us to stop wasting money on take-away meals or some such. Vince Cable, Ed Davey, Norman Lamb and Jo Swinson could never convince anyone of midata's virtues.

Obviously it's not his job but good luck to Mr Gulamhuseinwala when it comes to explaining how the putative little old lady above's being cheated out of her life savings is all for her own good.


Updated 7.1.18

10 p.m. today, the Daily Telegraph newspaper warns its readers 'Open banking' revolution could lead to scams and pricing rip-offs, experts warn. Better late than never.


Updated 11.1.18 #1

Less than 48 hours to go. Soon Open Banking will be up and running in the UK. Without GOV.UK Verify (RIP).

As we were saying, please see above, "unlike us, Mr Thibeau [of the Open Identity Exchange] believes that open banking is a great opportunity for the Government Digital Service's dead cat, GOV.UK Verify (RIP)". Open Banking relies on on-line identities. GOV.UK Verify (RIP) can't provide them ...

... not in bulk, not for companies which might want to use Open Banking, not securely and not while preserving privacy.

Open Banking should have been GOV.UK Verify (RIP)'s great opportunity. As it is, all Open Banking does is to point up the failure of GOV.UK Verify (RIP).

Bryan Glick, the estimable editor of Computer Weekly magazine, writing last week in Five things in tech to watch out for in 2018, says: "Getting digital identity right is the key to unlocking so many online opportunities, from public service delivery to open banking. The government has tried to crack this with Gov.uk Verify [RIP], but has gone down a dead-end ...".

GOV.UK Verify (RIP)?

Dead.

End.


Updated 11.1.18 #2

After all the excitement on Saturday morning when Open Banking starts in the UK, the public jubilation here and the jealousy in the rest of the world, you may find yourself at dinner and in need of saying something knowledgeable about it.

Eighteen months ago the Open Data Institute published The open future of banking. There's your cribsheet.

"... an Open Banking Standard will help banks and innovators to collaborate and rise to the challenge of providing a first-class service that still keeps the regulators happy" – cue discussion of the need to keep regulators happy.

If the conversation flags, try "this is not just about open data, but other aspects of open such as open source, open culture and open innovation".

And if that doesn't do it, go for the jugular: "it’s not just the customer that will benefit: banks will also benefit from efficiencies in time and money. They will also encourage greater interactions from orthogonal areas (e.g. insurance, pensions, accountants)".

As dessert approaches, garnish with Google or Facebook or Apple or Microsoft ... or Amazon, Will Amazon Lending Disrupt, Displace, or Prop Up Banks?.

This is your chance to mention that the banks use artificial intelligence, AI, to process each accountholder's transaction data to calculate customised terms and conditions for loans and other financial products. If the banks no longer have access to that data because one of Mr Gulamhuseinwala's payment initiation service providers or account information service providers has got it instead, then the banks could fail, a warning issued by Dave Birch, who knows a thing or two, Forget banks, in 2018 you'll pay through Amazon and Facebook:
... AI in 2018 will be a kind of event horizon for financial services. No one can see what is on the other side. But when Google feeds all the data from someone's bank accounts into their advertising engines it's fairly certain that bank profits - based on information asymmetries, product friction and brand loyalties - will vanish.

... 2018 will be the start of a fundamental realignment as banks become heavily regulated pipes for tech giants to use for their profit.
You may never be invited to dinner again.


Updated 12.1.8

UK retail banks are exceptionally big and powerful. They may face some competition as a result of Open Banking. That competition is unlikely to bring them down.

You may not like the retail banks but that doesn't mean that you do like their Open Banking competitors. In fact you may find those competitors even more unpleasant.

The UK retail banks' Open Banking competitors may offer reduced costs for a while but that wouldn't last for long. Insert Facebook/WhatsApp, say, into your banking arrangements with Lloyds Bank and you may soon find that the financial benefit has evaporated and you're left worse off because Lloyds now charge more for their other services and because a lot of your personal information is now stored out of your control God knows where on the planet with an unregulated supplier operating beyond the jurisdiction of any UK ombudsman.

But suppose for the sake of argument that these titans, the UK retail banks, are hollowed out by Open Banking.

What then?

Among other implications, consider what might happen to the credit rating agencies.

At the moment the credit rating agencies enjoy several extraordinary and generally unremarked entitlements. They are allowed to collect all sorts of information about us and then sell it to interested parties, including political parties, please see Time for someone to take the personal information economy seriously.

Experian, Callcredit, Equifax et al collect a lot of their data from the retail banks. If Open Banking deprives the retail banks of that data, the credit rating agencies will be left high and dry. A political party wanting to identify floating voters with their good news message during a general election would have to approach Microsoft/LinkedIn instead of Experian. Ditto an entrepreneur looking to launch a new product who needs to know first how much demand there is and where it is.

The risks to the UK's retail banks posed by Open Banking are threats just as much to our credit rating agencies. That is a major issue. You may not like the credit rating agencies any more than you like the retail banks. That doesn't alter the fact that it would represent a major change, not necessarily for the better.

Less portentous, just think what would happen to poor old GOV.UK Verify (RIP). What is a person? According to GOV.UK Verify (RIP) a person is just a credit history. All the "identity providers" to GOV.UK Verify (RIP) need the credit rating agencies to do their identity proofing and verification (IPV). Except Experian. Which is a credit rating agency. No IPV, no GOV.UK Verify (RIP).

Open Banking could cause GOV.UK Verify (RIP)'s completion rates to plumb even more miserable depths.


Updated 1.10.18

It was 13 December last year, 2017, when DMossEsq brought the attention of its millions of readers to Open Banking, please see above. The revolution was coming one month later – 13 January 2018 was going to see the UK's payments infrastructure liberated, heralding a new dawn of hope for humanity with the UK in the lead.

13 January 2018 was 261 days ago and nothing's happened. No Open Banking. Why not? No answer. Lots of hype. Nothing to show for it. The squib is damp.

We noted the nexus between Open Banking and midata, the turkey farmed at the Department for Business Enterprise Energy and Industrial Strategy (BEIS). The DMossEsq millions were first advised of midata back on 16 November 2011. 2,511 days ago. Benefit of midata to the consumer so far? Nil.

Does this nexus exist? 28 September 2018, and what do we read in a government press release?  "The government’s recent green paper ‘Modernising Consumer Markets’ announced that the government will conduct a Smart Data Review ... [which] will build upon existing interventions such as Open Banking, midata, and the UK’s new data protection laws".

2,511 days into the midata project and already the busy bees have launched a review to see if anyone's interested. Smart.

What busy bees? On 29 March 2018, 186 days ago, the Prime Minister told us that "the data policy and governance functions of the Government Digital Service (GDS) will transfer from the Cabinet Office to the Department for Digital, Culture, Media and Sport (DCMS)".

So it's the busy bees at DCMS?

Yes, but not just DCMS. BEIS, too. The press release is issued jointly by BEIS and DCMS, with BEIS in the lead, we assume, given that "we encourage all organisations that would like to be involved in the Smart Data Review to register their interest at smartdatareview@beis.gov.uk".

midata needs national identity assurance. And midata is Open Banking. No national identity assurance, no Open Banking.

It was 13 September 2011 when Computer Weekly magazine published the government's promise to get national identity assurance working. Today, 2,575 days later, we still don't have GDS's national identity assurance. GDS's national identity assurance programme is GOV.UK Verify and GOV.UK Verify is dead, remember. RIP.

In Whitehall, this is what BEIS/DCMS/GDS call "modernising consumer markets". You may be able to think of another name for it.

Open banking, PSD2, GOV.UK Verify (RIP) and the end of civilisation as we know it

Open banking starts in the UK in four weeks time on Saturday 13 January 2018. The competition is keen. Who will be the first little old lady to be cheated out of her life savings? And can she lose the lot by close of play on Monday 15 January 2018 or will we have to wait until Tuesday?

What, we hear you ask in your millions, is DMossEsq talking about?

Friday 1 December 2017

RIP IDA – the Whitehall user research lab

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

"If Verify is the answer, what was the question?"

The Law Commission: "Verify does not currently ensure that the person entering the information
is in fact the person he or she is purporting to be;
rather it focuses on verifying that the person exists" (para.6.67/p.119)

The Government Digital Service (GDS) have a user research lab, in which they "carry out research into all the things we deliver [?], from guidance and standards to common components, such as GOV.UK Pay and GOV.UK Verify [RIP]".

Despite the user research lab, "deliver" is just what GDS haven't done with GOV.UK Verify (RIP).

It's not just DMossEsq who say that GOV.UK Verify (RIP) is a failure.

Back in June, Computer Weekly magazine noted that GDS lacks strong and stable leadership. They quoted Rob Anderson, of whom more anon, who believes that GDS are "haemorrhaging senior management and losing more credibility with operational departments".

Computer Weekly remind us that GDS is supposed to make savings of £3.5 billion across government in return for its £450 million budget but "it seems unlikely GDS will ever meet that rather ambitious savings target".

Why so sceptical?

Partly because the common technology services project has been "mothballed" and partly because of low take-up for Government as a Platform (GaaP) but mostly because of the failure of GOV.UK Verify (RIP), a failure identified not just by Computer Weekly but also by the National Audit Office: "The NAO said there was little incentive for departments to adopt Verify".

Julian David, the CEO of TechUK, is quoted in further support of Computer Weekly's position and so is the Institute for Government.

This Rob Anderson man, he's a "principal analyst, central government, at GlobalData (formerly known as Kable)", according to Computer Weekly. He's got an article in Government Computing at the moment, GDS: Now we are Five. "Such a landmark anniversary often provokes a review of achievements in those formative years," he says, "but this was not obviously forthcoming, possibly because big ticket projects like Verify, the wider GaaP portfolio and examples of cogent joined-up public services are still few and far between".

Mr Anderson notes that GDS keep signing contracts with third party suppliers in the hopeless bid to enrol 25 million people in GOV.UK Verify (RIP) by 2020. Meanwhile, their success with GovWiFi is underwhelming, in Mr Anderson's eyes, and "GDS is but a sideshow, albeit a mildly entertaining one".

Government Computing also report on the European Commission's annual survey of eGovernment, UK slips to “European average” in terms of digitising its services, EU study shows. Oh dear. What now?
According to the report, the key challenge for the UK is to increase availability of key enablers such as electronic identification and authentication sources. The UK’s score for key enablers is 22% compared to a 52% EU average.
So, let's see, that's Computer Weekly, the NAO, TechUK, the Institute for Government, GlobalData/Government Computing, the European Commission and DMossEsq among others all expressing scepticism about GOV.UK Verify (RIP).

And on the other side?

Here's a comment from someone at the 17 November 2017 Economics of Identity conference hosted by OIX, the Open Identity Exchange: "Verify: the only standard for digi identity in the UK. Gov.uk has kicked started it - we have to pick up the mantle".

The other side's response looks like self-deception. GOV.UK Verify (RIP) isn't a standard and it doesn't have a mantle. Government Computing have collected together a number of these strange responses here, in OIX meeting weighs up the economics of identity.

Don Thibeau, the head of OIX, spoke at another conference, on 8 November 2017, where his chosen subject was Identity Systems at Scale. You can watch the video (particularly between 1'37" and 2'50") and be amazed at his assertion that Europe, Australia, Japan and the US are all spellbound, watching the progress of GOV.UK Verify (RIP) and hoping to learn some tips from the global masters of open banking.

His own organisation, OIX, has already demonstrated several times that GOV.UK Verify (RIP) has precisely nothing to offer the financial sector. Is he in denial? It is beyond the scope of this blog to explain his behaviour at that conference.

What we can do is to point at Whitehall itself as a user research lab. How do the participants in a failed project respond to the stream of facts as they come in, one after another, each one confirming failure more and more clearly? Answer, they ignore them. GOV.UK Verify (RIP) is the only game in town, they say to themselves, and they believe that the rest of the world is agog at its success.

GDS claim to lead the UK government digital, data and technology professions. Maybe they haven't noticed yet but, because GDS know nothing about the economics of identity, responsibility for the operation of the UK digital economy has been taken away from them and given to the Department for Digital, Culture, Media and Sport.

"Matt Upson and Mat Gregory are data scientists at GDS". That's what it says in Transforming the process of producing official statistics. Matt and Mat have been working on RAP, reproducible analytical pipelines. The two of them have been telling the Department for Digital, Culture, Media and Sport, the Department for Education and the Ministry of Justice all about RAP, teaching their grandmothers to suck eggs.

How successful have they been?

"We have celebrated the achievements so far with a laptop sticker". Official statistics? Done.

14 November 2017, and we learnt that More than 100 services are now running on government common platforms: "over 100 services across 26 departments and agencies are now using GaaP tools, guidance and components. From GOV.UK Verify [RIP] to GOV.UK Notify, GOV.UK Pay and GOV.UK Platform as a Service, Government as a Platform is becoming a reality, and that’s a great thing for taxpayers and citizens".

There's even a sticker to prove it:


GOV.UK Verify (RIP) is connected to just 14 on-line public services according to GDS's own performance dashboard. HMRC don't use it for anything important, neither do DWP and neither do the NHS. GOV.UK Notify is connected to 115 on-line public services, again excluding the big players, but isn't it a decade or two too late to claim a noteworthy success when a government department uses email and texts? The GOV.UK Pay performance dashboard doesn't list any services connected to it. And GOV.UK Platform as a Service doesn't have a performance dashboard.

Is that what you understood by "more than 100 services are now running on government common platforms"?

That's a tendentious way of reporting the facts. The UK Statistics Authority and the Office for National Statistics would be down on any minister like a ton of bricks, quite rightly, if they misused statistics like that.

It was never clear why GDS were given responsibility for the data profession. They have never done anything with that responsibility and there are signs now that that, too, will be taken away from them.

While its responsibilities shrink, though, GDS continues to recruit as though there were no tomorrow. There are currently 19 GDS jobs available for your delectation on the civil service jobs website. You, too, could join the 900 or is it only 700 people already in this giant user research lab.

----------

Updated 4.12.17

How many people are there in GDS? That was the question we finished on in the blog post above. The answer is given in the NAO's report, Digital transformation in government (p.19):


This year, 2017-18, there should be 834 of them, all beavering away.

But just what do they all do?

As far as GOV.UK Verify (RIP) is concerned, the answer must be "not a lot". The front end hasn't changed for months, there's very little activity on Twitter, none on the identity assurance blog and 65% of attempts to access public services using the wretched system fail.

In the absence of any answers DMossEsq has taken a look at the UK government's Contracts Finder service. And you won't believe it – we've been asking the wrong people. GDS don't seem to have anything to do with GOV.UK Verify (RIP) any more. Now, it's all our old friends the Methods group.

You remember the Methods group. We came across them first in GaaP – 1½ million useless public servants out the door and 35 billion quid off the deficit. What's not to like?. And when GDS's 25 exemplars failed, Mike Beaven, their transformation director, left and joined Methods, please see @gdsteam, success and ... candy floss.

Two companies in the Methods group have been promised £1,307,000 since April Fool's Day 2017 to make GOV.UK Verify (RIP) work, please see the table below and/or this easier-to-read spreadsheet. And since 9 October 2017 Methods Business and Digital Technology Limited have been the Lead Commercial Delivery Manager for GOV.UK Verify (RIP):


Fuller Contracts Finder findings are available in another spreadsheet here. You thought GDS did the work on GOV.UK Verify (RIP)? Think again. Those 834 GDS staff have got something better to do.

Such as ensuring diversity across the civil service? No. Methods Digital Limited were paid £208,000 to work on "race disparity data across the public sector".

Such as working on GaaP? No. Methods Professional Services Ltd were paid £143,000 to provide "a WebOps service to deliver the GaaP Programme".

Such as working on the common technology services project? No. Methods Digital Limited are being paid £2,000,000 (sic) to "define the strategy of CTS and support collating and analysing commercial ICT information across HMG".

You thought GDS worked out GaaP themselves? No. It was the Methods group. And McKinsey, who were paid £2,200,000 (sic) back in the spring of 2015 to "assist GDS to analyse the potential for digitally-enabled improvement of public services through the adoption of the 'Government as a Platform' approach".

The common technology services project (iPhones for all civil servants) is costing a fortune in external fees. Methods Digital Limited got their £2,000,000, as we have seen. Not bad, but Computing Distribution Group Limited picked up £5,000,000 to "provide application, cloud and infrastructure design, standards and good practice guides for the common technology service team". GDS are meant to be the go-to consultants for the whole civil service and, on a good day, local government as well and they have to ask Computing Distribution Group Limited for design, standards and good practice guides?

Entech Limited settled for a modest £325,000 for CTS work. Zeefix Consulting Limited are getting £2,000,000, like Ergon Limited, and DMSG Limited are members of the £5,000,000 club. PriceWaterhouseCoopers LLP just missed. £4,000,000. Unlucky.

M4 Managed Services International Limited are getting £5,000,000 for providing "application and infrastructure design services (?)". ThoughtWorks Limited picked up £791,000 for four months' work this year on "agile iterative support consultancy services to develop and continually improve" a few things, including GOV.UK Verify (RIP). That's on top of their £1,300,000 to "drive the adoption of Verify ... working in pair and mop programming in the listed areas".

And then there's IXYDO Limited, who have amassed five contracts worth a total of £553,000 to help migrate GOV.UK Verify (RIP) from VMWare across the Styx to Amazon Web Services. Part of our national infrastructure, IXYDO had one director who owned the one share in the company until recently, according to Companies House, and the latest accounts show that he has almost managed to repay the £28,000 or so that he borrowed from the company. Don't worry, this won't make it any harder for Methods Professional Services Ltd to get GOV.UK Verify (RIP) taken seriously by our European partners in eIDAS.

834?


Updated 30.1.18

As we were saying above, "maybe they haven't noticed yet but, because GDS know nothing about the economics of identity, responsibility for the operation of the UK digital economy has been taken away from them and given to the Department for Digital, Culture, Media and Sport [DCMS]".

Also, "it was never clear why GDS were given responsibility for the data profession. They have never done anything with that responsibility and there are signs now that that, too, will be taken away from them" ...

... signs like DCMS launches research project into data portability. DCMS have got £250,000 burning a hole in their pocket and the Government Computing website tell us that "according to a tender notice issued by the department earlier this month for a £250,000 contract , DCMS is looking for analysis and practical research on data portability".

Despite having 834 staff and £450 million to spend and despite being in charge of digital, data and technology GDS are clearly not the first port of call if you want a spot of analysis and practical research on data portability.

Bit of a poke in the eye for GDS.

Just to rub it in, Government Computing also report that DCMS launches search for new Data Ethics centre leader: "The government wants the centre to advise on the measures needed to enable and ensure safe, ethical and innovative uses of data-driven technologies".

GDS did some work on data ethics, please see "Data Science Ethical Framework" – contempt for the public. Fail. Over to DCMS.


Updated 24.4.18

The Government Digital Service (GDS) have 860 staff at the moment. They can't possibly need to use contractors for software engineering work, can they?

Their last contract – with the Methods Group – for software engineering work on GOV.UK Verify (RIP) ran out on 6 April 2018. Verify is dead. GDS can't need to spend any more money on it, can they?

Wrong. Yesterday, 23 April 2018, St George's Day, GDS published an invitation to tender for six months' work on Development Capability for GOV.UK Verify [RIP].


Updated 31.5.18

It is six months since we said, please see above:
You thought GDS worked out GaaP themselves? No. It was the Methods group. And McKinsey, who were paid £2,200,000 (sic) back in the spring of 2015 to "assist GDS to analyse the potential for digitally-enabled improvement of public services through the adoption of the 'Government as a Platform' approach".
The McKinsey Center for Government have now published Delivering for citizens – how to triple the success rate of government transformations.

What do they have to say about GDS?

Nothing.

GDS don't get a mention.

RIP IDA – the Whitehall user research lab

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

"If Verify is the answer, what was the question?"

The Law Commission: "Verify does not currently ensure that the person entering the information
is in fact the person he or she is purporting to be;
rather it focuses on verifying that the person exists" (para.6.67/p.119)

The Government Digital Service (GDS) have a user research lab, in which they "carry out research into all the things we deliver [?], from guidance and standards to common components, such as GOV.UK Pay and GOV.UK Verify [RIP]".

Despite the user research lab, "deliver" is just what GDS haven't done with GOV.UK Verify (RIP).

Thursday 31 August 2017

In praise of friction

With the acceleration due to gravity standing at 9.81 ms-2, if there were no friction, you could never walk uphill. The only way would be down. Not good.

In Part 3 of his series of blog posts on the vision for the Digital Marketplace Warren Smith says that the Government Digital Service (GDS) are "enabling end-to-end buying that's as frictionless for users as possible". That can be bad for people who make a purchase in haste and then regret it. That's why we have cooling-off periods.

Again, "frictionless" doesn't always mean good.

GOV.UK is the public face of the UK administration on-line. GDS's vision for GOV.UK is like their vision for the Digital Marketplace: "Simpler, clearer, faster access to government services and information ... That means providing a single place for people to interact with government that's as frictionless as possible, and which continuously improves. And it means providing a platform that helps government understand and meet users' needs".

Open data is like a box of chocolates: "... He stressed the importance of open data as a means to 'unlock facts and evidence held in different silos, so that better local services can be realised.' This is about delivering real change for people in a frictionless way ...". Maybe silos aren't all bad.

In his blog post on what it is to be a "data-confident" government Paul Maltby regrets that "the type of frictionless internal data system we saw in Silicon Valley, even for non-sensitive data, seems a long way off". He may be wrong to regret it.

That may be a mistake.

There are limits.

Sometimes, users need friction to stay upright ...

... and never more so than when it comes to identity assurance.

Ewan Willars, a policymaker for several institutions, regrets that "the identification and verification of applications for new bank accounts is one of the key hurdles that can prevent a frictionless online account opening process" and recommends that GOV.UK Verify (RIP) might usefully promote frictionlessness. God forbid.

"It's so easy to open an Amazon account", some people say, "why is it so hard to open a bank account?". There's a trivial mistake in that question.

The only reason it's so easy to open an Amazon account is that you and your bank have already done all the hard work of verifying your identity.

And it's only because you and your bank have applied enough force to overcome the inherent friction in opening your account that the bank can authorise your Amazon purchase.

It has to be a bit frictiony (frictive?) to open a bank account. And to use it – all those niggly user names, passwords, one-time codes sent to your mobile, mother's maiden name, ... That's just the price of security. Take away the friction, and Amazon would be royally defrauded for a while and then it would go out of business.

You can open a Twitter account with almost no friction at all. What does that tell you? That it's almost worthless. Who wants the same to be said of a GOV.UK Verify (RIP) account? No-one sensible.

----------

Updated 26.11.17

TISA is the Tax Incentivised Savings Association. It has scores of members from AJ Bell Securities Ltd and Aberdeen Asset Management Ltd at one end of the alphabet to Zopa Ltd and Zurich Financial Services at the other.

TISA is a member of OIX, the Open Identity Exchange, the people who keep trying to rescue the Government Digital Service's GOV.UK Verify (RIP) identity assurance scheme.

TISA have published a white paper on OIX's website:
In light of the relatively high levels of friction that UK consumers encounter when acquiring new financial products and the TISA mission to improve the financial wellbeing of UK consumers, it was decided to embark on the TISA Digital ID project with a view to allowing consumers to utilise a federated identity as part of the onboarding process to attain a new product and thereby improve the user journey in terms of the time taken and the amount of friction encountered.
These days, they say, it "takes longer to open a savings account than apply [for] and receive a pay day loan".

There you have it. The desire for frictionless "onboarding" risks putting you in the same category as a payday loan merchant.

Wonga, it should be noted, with its 1,000% p.a. interest loans, are not members of TISA.

Could GOV.UK Verify (RIP) help to reduce the friction involved in opening a bank account while simultaneously "[improving] the financial wellbeing of UK consumers"? Yes, say TISA.

There are acknowledged standards to consider. The new payment services directive, for example, "suggests that authentication in payment applications look to a Level 4 identity at enrolment" – level 4 is a high level of assurance (LoA) that the person on the other end of the line trying to verify their identity is who he or she says they are.

What is TISA's suggestion? Answer, "having analysed the components of the Identity Processing & Verification process in relation to an LoA2, this was decomposed to a lower level of assurance that was judged by the group to be in line with the [Joint Money Laundering Steering Group] guidelines ... This lower level of assurance was defined as ...".

An extraordinary judgement, their members will not thank TISA for suggesting that they should use GOV.UK Verify (RIP) to reduce friction by lowering the level of assurance from an already unacceptable 2 to something even deeper into the frictionless world of payday loans.

In praise of friction

With the acceleration due to gravity standing at 9.81 ms-2, if there were no friction, you could never walk uphill. The only way would be down. Not good.

In Part 3 of his series of blog posts on the vision for the Digital Marketplace Warren Smith says that the Government Digital Service (GDS) are "enabling end-to-end buying that's as frictionless for users as possible". That can be bad for people who make a purchase in haste and then regret it. That's why we have cooling-off periods.

Again, "frictionless" doesn't always mean good.

GOV.UK is the public face of the UK administration on-line. GDS's vision for GOV.UK is like their vision for the Digital Marketplace: "Simpler, clearer, faster access to government services and information ... That means providing a single place for people to interact with government that's as frictionless as possible, and which continuously improves. And it means providing a platform that helps government understand and meet users' needs".

Open data is like a box of chocolates: "... He stressed the importance of open data as a means to 'unlock facts and evidence held in different silos, so that better local services can be realised.' This is about delivering real change for people in a frictionless way ...". Maybe silos aren't all bad.

In his blog post on what it is to be a "data-confident" government Paul Maltby regrets that "the type of frictionless internal data system we saw in Silicon Valley, even for non-sensitive data, seems a long way off". He may be wrong to regret it.

That may be a mistake.

Friday 28 July 2017

RIP IDA – the last blip on the life support system monitor

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

"If Verify is the answer, what was the question?"

The Law Commission: "Verify does not currently ensure that the person entering the information
is in fact the person he or she is purporting to be;
rather it focuses on verifying that the person exists" (para.6.67/p.119)

The signs of life are petering out:
  • GOV.UK Verify (RIP) blog posts are now collectors' pieces. Like the Cabinet Secretary's once loud expressions of support for GOV.UK Verify (RIP).
  • The GOV.UK Verify (RIP) team hardly ever tweet.
  • They never go live on a new central government service. The big departments of state look like sorting out identity assurance themselves.
  • Local government is deserting GOV.UK Verify (RIP) even before joining it.
  • The Open Identity Exchange (OIX) publishes one report after another explaining why GOV.UK Verify (RIP) has nothing much to offer the private sector in general and nothing whatever to offer the financial services sector in particular.
  • Cabinet Office ministers come, they are made to say something ridiculous about the importance of GOV.UK Verify (RIP) and then they go.
  • Two executive directors of GDS have left, there weren't even any ripples on the departure of the second one and his replacement, a director general, didn't take the opportunity of his appointment to abandon their apology for a strategy – 25 million GOV.UK Verify (RIP) users by 2013 2020.
There is still the occasional blip on the GOV.UK Verify (RIP) life support system monitor. techUK hosted an encounter between GDS and the UK's technology suppliers earlier this week, a market briefing on GDS's government transformation strategy.

For an organisation claiming that making things open makes them better GDS have been very quiet about this event, which may as well have taken place on board a submarine. The press were excluded ("Press weren’t invited to the event"). Even DMossEsq failed to get in.

But some reports have been published. GDS wants IT suppliers to use its GaaP products – but won’t offer service guarantees, for example, Government needs tech industry skills to deliver on transformation plan, says GDS boss Cunnington, GDS chief to set out plans to meet Transformation Strategy agenda and GDS sets out vendor prospects from its transformation strategy plans.

From those reports it seems that GDS have been working hard on undermining GOV.UK Verify (RIP) by producing a version that doesn't verify people's identity. And that they want suppliers in the technology sector to use GDS's platform components only.

10 out of 10 for trying to be totalitarian but GOV.UK Notify and GOV.UK Pay aren't even live – so how could techUK's members use them and why would they abandon the products they already use? And next to no-one in central and local government and in the private sector wants to use GOV.UK Verify (RIP) – so why would techUK members want to use it, even if it doesn't verify anyone's identity?

The last time Whitehall tried to insert itself into the nation's payment systems the banks and the major retailers said no. On balance, they preferred the UK economy to survive. The same answer is confidently expected this time.

Jerry Fishenden has already explained the need for a rethink. So has Alan Mather in his GDS isn't working series.

Both of them were prime movers in the design and deployment of the Government Gateway, which remains today the main way for individuals and businesses to access central government services on-line, unlikely as that may seem – as Mr Mather says: "the Government Gateway is still there, 16 years old and looking not a day older than it did in 2006 when the [user interface] was last refreshed". They both want to see the Government Gateway replaced but GOV.UK Verify (RIP) is not in their view a feasible replacement.

Messrs Fishenden and Mather have actually done the job. GDS have proved that it's beyond them. What do we do now? There's no point asking GDS. Has anybody asked Messrs Fishenden and Mather?

GDS's much-vaunted digital-by-default government is impossible without identity assurance. The UK isn't going to get that from GOV.UK Verify (RIP), as DMossEsq has said for years with nary a response from GDS, hermetically sealed from reality as they are. Two exemplary public servants saying the same thing carries infinitely more weight. GOV.UK Verify? RIP.

----------

Updated 19.8.17

As we were saying above GOV.UK Verify (RIP)-wise, "Messrs Fishenden and Mather have actually done the job. GDS have proved that it's beyond them. What do we do now? There's no point asking GDS. Has anybody asked Messrs Fishenden and Mather?".

Bryan Glick, the esteemed editor of Computer Weekly magazine, had already published Jerry Fishenden, please see Gov.uk Verify and identity assurance - it's time for a rethink.

He's on the case and in his Gov.uk Verify fails to meet key business case targets Mr Glick also cites Alan Mather and adds the National Audit Office, whose March 2017 report on digital transformation in government calls for more clarity on GDS's rôle. Not just once, 33 times the NAO call for more clarity.

The main burden of Mr Glick's editorial is that GDS have failed to deliver on a single one of the promises made in the business case for GOV.UK Verify (RIP). The business case made to the Treasury is a false prospectus:
  • Too many people have trouble registering in the first place and too many people have trouble subsequently using GOV.UK Verify (RIP) to access public services.
  • 1.4 million GOV.UK Verify (RIP) accounts have been created. With seven "identity providers" to choose from, that could represent just 200,000 people with seven accounts each. GDS are committed to 25 million users by 2020. That's 25 million people. They have just three years to add up to 24.8 million people. At the present rate, that is impossible ...
  • ... it is also pointless if these people create level-of-assurance-1 accounts (LOA1), "little more than a system to set up a username and password", as Mr Glick says. The relying parties like HMRC and DWP and the NHS need properly assured accounts out of it if GOV.UK Verify (RIP) is to be ... reliable. The notion that they or the banks or the major retailers could rely on these LOA1 accounts now being offered by GDS is laughable.
  • Not enough public services have signed up to use GOV.UK Verify (RIP) and so much do they distrust it that they're developing their own identity assurance systems.
  • The promised cost savings do not look like materialising and, when asked about that, GDS avoid the question.
If one of the big systems integrators (SIs) turned in a performance like this GDS and its supporters would quite rightly be among the first to castigate them. There is no good reason to treat GDS differently from Capita, say, or Fujitsu, or any of the other SIs.

GDS have become a big SI themselves, with hundreds of staff, smart offices, influential PR, the connivance of senior officials and politicians, budgets measured in the hundreds of millions of pounds and guaranteed long-term public sector contracts.

We don't need another big SI. We want, need, deserve and pay for delivery and we're not getting it from GDS:
  • Alan Mather and Jerry Fishenden are admirably clear on that point.
  • The NAO imply it with their 33-fold call for clarity.
  • Mr Glick looks as though he agrees.
  • And then there's the Law Commission, please see the rubric above: "Verify does not currently ensure that the person entering the information is in fact the person he or she is purporting to be".
"The first services will be developed and tested by February 2012, with IDA [identity assurance, now GOV.UK Verify (RIP)] due to be rolled out for initial public services by autumn 2012". That's what GDS told Computer Weekly a long time ago. The first in an unbroken series of broken promises, nothing has been achieved in the past five years.

How long can this sleazy misfeasance in public office continue?

Is there any good reason you can think of why it should continue beyond today? What in your opinion would we lose if GOV.UK Verify (RIP) was cremated in 10 minutes time?


Updated 20.8.17

There is a section in Bryan Glick's editorial, Gov.uk Verify fails to meet key business case targets, on the per-user costs of GOV.UK Verify (RIP).

Once-off registration supposedly costs about £8 per new user, he says, and using GOV.UK Verify (RIP) to access public services is supposedly costing a further £4 p.a. or so per user.

The public cannot know how accurate these figures are because they are hidden behind commercial confidentiality. That's GDS's untutored idea of running a market.

The true figures could be lower. If GOV.UK Verify (RIP) ever reached 20 million accounts, they could fall by a factor of four to £2 up-front and £1 p.a. according to Mr Glick.

There again, according to Jerry Fishenden and others, "informally people close to those running the services, both inside government and at the commercial providers, indicate that the charges made by the companies range from around £9 to over £20 per user".

Here we are in the world of rumour and hearsay. We are none the wiser about the costs the taxpayer is paying for the useless GOV.UK Verify (RIP).

Mr Glick goes on to say that "even those lower amounts [£2 and £1 as against £8 and £4] compare unfavourably with commercial online identity tools for consumers. For example, Microsoft’s Azure Active Directory, which is described as 'a cloud-based identity and access management solution for your consumer-facing web and mobile applications', charges just £0.00209 – one-fifth of one penny – per user authentication up to 950,000 users, dropping to £0.00157 for nine million users".

Does it follow that 25 million on-line identities would cost just £39,250 p.a. if only HMG used Microsoft Azure instead of GOV.UK Verify (RIP)?

No of course it doesn't.

Click on the link provided by Mr Glick. That gets you to pricing for the business-to-consumer active directory service of Microsoft's Azure product. Click on the 'Calculator' option and then have fun choosing all the services you would need for 25 million people accessing UK public services. DMossEsq got to $7.7 million per month in no time, before adding UK servers, backup, support, security, networking, ...

It wouldn't necessarily be cheaper to use Azure. It may be a lot more expensive. It's not cheap at any price to use GOV.UK Verify (RIP) – it doesn't work, it's a waste of money. It could be cheap to use Azure, if it works and if the UK doesn't mind losing control of its personal information.

The point to take away is that Microsoft look as though they have a product and GDS don't:



Updated 3.9.17

Edward Lucas of The Economist newspaper, writing in The Times newspaper about 10 days ago, We need digital IDs to beat cyber fraudsters, made no reference to GDS's GOV.UK Verify (RIP). Estonia got a mention. But not GDS.

DMossEsq took him up on this omission in the comments below the line which brought forth this response:
Edward Lucas 7 days ago
@David Moss I didn't mention Verify because it is indeed moribund ...

Updated 12.10.17 1

Disclosure and Barring Service to introduce new digital services. That's what it said on the Government Computing website at the end of August, six weeks ago: "Users will be able to submit barring referrals online and apply online for a basic criminal record check".

Disclosure and Barring Service plans digital push, said the UKAuthority website on the same day, "September launch planned for new online barring referral system with more to follow next year".

Four days before, the Disclosure and Barring Service (DBS) had issued a press release, in which we read: "If you live or work in England or Wales you’ll be able to apply online for a basic criminal record check through DBS from January 2018. As part of the online application you’ll need to prove your identity through GOV.UK Verify [RIP]".

DMossEsq predicts, you will not be surprised to know, that relying on GOV.UK Verify (RIP) will be problematic for DBS. No doubt DBS disagree. Otherwise they wouldn't have elected to use GOV.UK Verify (RIP). We shall see.

DMossEsq makes this prediction also – that, in the case of people registering with GOV.UK Verify (RIP) for the first time, to use the DBS service, they will mostly be recommended to choose GB Group plc, also known as "CitizenSafe", as their "identity provider".

GB Group have the lowest certification of any "identity provider" (apart from the Post Office). So why would applicants be pushed in their direction?

Answer, because GB Group have a proper job as well as their GOV.UK Verify (RIP) hobby: "GBG (GB Group PLC) are the UK’s largest criminal record checking provider".


Updated 12.10.17 2

Borrowers trial our Digital Mortgage service.

"Our digital mortgage service" here means the Land Registry's digital mortgage service: "The aim of the service is to allow conveyancers to create a digital mortgage deed, which can then be signed by the borrower(s) using a digital signature and submitted to us so we can update the register".

Digital mortgages? Digital signatures? Whatever next?

For a long time, the answer seemed to be "nothing". Whatever next? Nothing. That Land Registry blog post about the digital mortgage trial was published well over a year ago, May 2016, and then nothing happened ...

... until July 2017 when the Land Registry published Verifying a secure digital mortgage service: "To ensure the right person is signing the deed, we have been working with the Government Digital Service (GDS) to enable us to use GOV.UK Verify [RIP], the government identity assurance service ... Following some final testing, we aim to have completed the first fully digital remortgage deed later this year".

As with the Disclosure and Barring Service, please see above, DMossEsq predicts that relying on GOV.UK Verify (RIP) will be problematic for the Land Registry.

No doubt the Land Registry disagree. Otherwise they wouldn't have elected to use GOV.UK Verify (RIP). We shall see.

The Law Commission don't believe that GOV.UK Verify (RIP) can assure the Land Registry that "the right person is signing the deed", please see rubric above (para.6.67). No doubt the Land Registry have a good reason for ignoring/flatly contradicting the Commission.

OIX, the Open Identity Exchange, have warned that GOV.UK Verify (RIP) has nothing to offer the financial sector. The Land Registry must know something that OIX don't.

A little patience and all will ultimately be revealed.

For the moment, just take another look at: "Following some final testing, we aim to have completed the first fully digital remortgage deed later this year".

"... the first fully digital remortgage deed". A quick scan of the Land Registry's blog post might leave you with the impression that they're offering a digital mortgage service. They're not. You've got to have a mortgage first. Their service only works if and when you try to re-mortgage, when all the verification and authorisation work has already been done. GOV.UK Verify (RIP) doesn't come into its own until it's not needed.

This isn't the first time. We've come across it before, with the Blue Badge scheme.

The tireless Ian Litton has been trying to lever GOV.UK Verify (RIP) into Blue Badges for years. Since May 2014, or even before that.

Earlier this year a trial was announced to use GOV.UK Verify (RIP) to issue Blue Badges. At least, it looked as though that's what the announcement said. But close reading indicated that the trial only covered the re-issue of Blue Badges when the old one has expired and when all the verification and authorisation work has already been done.

The aspiration is modest. GOV.UK Verify (RIP) has a lot to be modest about.


Updated 12.10.17 3

Could GOV.UK Verify (RIP) help with criminal record checks? Or digital mortgages? Or Blue Badges?

Yes.

If it supported attribute exchange.

And how many of GOV.UK Verify (RIP)'s "identity providers" are certified for attribute registration?

None.


Updated 12.10.17 4

Let's say you've been working on a national identity assurance scheme for six years. GOV.UK Verify (RIP), for example. You've embraced agile software engineering methods. You've made thousands of small amendments to the system over the years, so that it's forever improving. You've conducted hundreds of user research sessions, you know what people want, so that's what you must be delivering. Stands to reason.

And yet.

Central government departments in the main want nothing to do with your scheme. Local government, ditto. And the private sector seems to be getting on perfectly well without you.

What to do?

Apologise and resign?

Not a bit of it. GDS seeks help to make Verify go international.

They haven't managed to go national yet with GOV.UK Verify (RIP) but the Government Digital Service want these helpers to "scope the feasibility of potentially connecting Verify to the eIDAS framework and provide sizings and estimates for the next phase".

eIDAS should "enable UK citizens to use a Verify identity to access services abroad". The framework was published in July 2014, following years of international consultation. Only now do GDS want to connect to eIDAS ...

... or at least potentially connect to it ...

... well, not so much potentially connect to it as scope the feasibility of potentially connecting to it.

"Agile" may not be the first word that comes to mind as you survey this hopeless dereliction.


Updated 13.10.17 1

As we wrote on 28 July 2017: "Messrs Fishenden and Mather have actually done the job. GDS have proved that it's beyond them. What do we do now? There's no point asking GDS. Has anybody asked Messrs Fishenden and Mather?".

There's no point asking GDS how to get a national identity assurance scheme up and running.

That seems to be agreed – John Manzoni, CEO of the UK civil service, has asked McKinsey.

Let's hope he's also in contact with Messrs Fishenden and Mather.


Updated 13.10.17 2

22 September 2017, OIX hosted an identity assurance workshop with six presentations.

OIX, the Open Identity Exchange, is GDS's business partner.

One of the six presentations was given by Kent County Council, which comprises 15 borough and district councils including 1½ million people.

Local government is where government takes place. That's one place where you need functioning identity assurance. The slide deck from Kent's presentation includes this gem:


Kent will not be using GOV.UK Verify (RIP).

Why not?

They don't give as their reason that GOV.UK Verify (RIP) simply doesn't work. Nor that it's too expensive.

The reason Kent give is even more basic: "The costs of using Verify aren't clear".

GDS set out to create an identity "ecosystem" or market. Markets are where goods and services are traded. Without a price, you can't trade.

Six years in, and GDS haven't got to first base – there's no known price for a local authority to use GOV.UK Verify (RIP). "GDS have never created or regulated a market in their lives. And it shows", as we said in March 2016.

Kent's presentation is remarkable in several ways:
  • Sitekit are one of the two hub providers GDS have inveigled into trying to supply GOV.UK Verify (RIP) to the private sector (the other being Mvine). Sitekit have their name on slide ##1-6. If they can't recommend GOV.UK Verify (RIP) to local authorities how can they recommend it to the private sector?
  • From what GDS say, you'd think that local authorities are incapable of digital government. They're all helpless lambs, hopelessly dependent on Lady Bountiful, GDS, up at the manor house. But Kent seem to be getting on with it quite happily without GDS, slide ##7-30.
  • Identity assurance is needed for access control. The model for identity often seems to be based most appropriately on passports. Identity assurance lets you cross borders, e.g. into your office building or into your bank account. But what is the model for passports? Arguably, club membership. Either you're in the club or you're not. How do you become a member? Existing members of the club/community vouch for you, they act as your sponsors or referees. There is no recognition of that anywhere in GDS's model of identity assurance but it looks as though Kent have understood, slide ##23-28:

GOV.UK Verify (RIP) says a person = a passport + a driving licence + a credit history and has become as a result a machine for excluding people. The Kent model looks as though it knows what a community is.


Updated 27.10.17

You know that cybercrime is a growing problem. You know that cybercrime often relies on false identities. You may not know that the British Standards Institution (BSI) have published PAS 499, a draft code of practice for digital identification and authentication, but they have.

A PAS is a publicly available specification and at clause 0.2 the document says: "The PAS builds on ... developments in the move towards combined financial and government identity and authentication requirements; this may include commercial applications for GOV.UK Verify [RIP]".

It's polite of the BSI to suggest that GOV.UK Verify (RIP) could help individuals and organisations to comply with the likes of know-your-customer and anti-money laundering and PSD2 (the new Payment Services Directive) but their specification makes it clear that that is not possible:
  • "0.2 ... This PAS aims to help organizations secure their systems to prevent, as far as realistically possible, fraudulent misrepresentation of a natural or legal person", see also 3.1.19, 3.1.28, 3.1.30, 3.1.31, 3.1.33, A.3 – GOV.UK Verify (RIP) can't register legal persons such as companies, partnerships and trusts so it can't help people trying to comply with PAS 499.
  • "5.2 ... NOTE 2 References within PSD2 towards strong customer authentication requirements considering the use of biometrics suggests that authentication in payment applications look to a Level 4 identity at enrolment (though Level 3 does not preclude the use of biometrics)" – GOV.UK Verify (RIP) has difficulty reaching Level 2, Levels 3 and 4 are quite beyond it.

Updated 15.11.17

OIX, the Open Identity Exchange, have tried several times to come to the rescue of the Government Digital Service's GOV.UK Verify (RIP) identity assurance scheme that can't assure identities.

They're making another rescue attempt the day after tomorrow, Friday 17 November 2017, at an all-day conference, OIX Economics of Identity III, DMossEsq's invitation to which has been mysteriously lost in the GOV.UK Notify system.

Someone called Nic Harrison will be making a keynote speech. Presumably a speech on GOV.UK Verify (RIP). Does anyone know what his involvement is with GOV.UK Verify (RIP), if any?

Jess McEvoy is the programme director of GOV.UK Verify (RIP). Why isn't she speaking at the OIX conference?

Mr Harrison turns out to be a director of GDS, one of the team airlifted out of the distressed Department for Work and Pensions by ex-Goldman Sachs man Kevin Cunnington.

If only from work done by OIX over the years, the other people at the conference will already know that GOV.UK Verify (RIP) has nothing to offer on the economics of identity. Why are GDS attending?

The obvious answer is ... to publicise the conclusions of the McKinsey investigation of GOV.UK Verify (RIP). Turn on, tune in to #EofID this Friday and drop out.


Updated 17.12.17

We mentioned above, 12 October 2017, HM Land Registry's plans to use digital signatures and GOV.UK Verify(RIP) in their new digital mortgage deeds. Their bosses, the Department for Communities and Local Government, issued a consultation on those plans. Herewith one response:
17 December 2017, this document is a response to the Department for Local Government and Communities consultation on improving the home buying and selling process[1]. The response is submitted by David Moss, a member of the public, who is not responding on behalf of any organisation and who is happy for the response to be published and for it to be attributed to him.


Summary:

· The Department assumes that open data will cause innovation in the process of buying and selling homes. No reason is advanced for believing that.
· HM Land Registry have published their intention to rely on digital signatures for mortgage deeds. The Law Commission have reservations about digital signatures which the Department may wish to consider.
· HM Land Registry have published their intention to rely on GOV.UK Verify for the identity assurance required for mortgage deeds. The Law Commission have reservations about GOV.UK Verify and so do central government, local government and the private sector. Again, the Department may wish to consider these reservations before proceeding.
· It may seem obvious that electronic signatures and GOV.UK Verify should be incorporated into HM Land Registry’s plans. It isn’t.
Q10. Are there any particular public sector datasets which you think should be released as open data in order to drive innovation in the home buying and selling process?

1. The assumption being made by the Department in question 10 is that open data causes innovation. It is suggested here that that assumption should be downgraded to a hypothesis. A hypothesis which requires proof before the Department acts on it.
2. The world has had innovation in the past without having open data. The UK has open data now, for example Companies House company information[2], and there is no sign of innovation.
3. The connection between open data and innovation is asserted several times by Mr Stephan Shakespeare in his report An Independent Review of Public Sector Information[3]. Close reading of that report reveals nothing but a hole[4]where there should be an argument to prove that there is a connection.
4. Mr Shakespeare appeared with Professor Sir Nigel Shadbolt before the Public Administration Select Committee[5]four years ago and the two of them asserted that open data will automatically inspire innovation, again without providing any argument to support this assertion. Without that evidence, the belief in the efficacy of open data is no more than a belief in magic[6].
Q9. What should the government do to accelerate the development of e-conveyancing?
5. On 28 July 2017 HM Land Registry published Verifying a secure digital mortgage service[7], where they advocate the use of digital signatures as part of their move to a “fully digital mortgage deed”.
6. The Department may wish to note before proceeding that the Law Commission have reservations about digital signatures. These are set out in Chapter 6 of their consultation document, Making a Will[8], please see paragraphs 6.15 to 6.43.
7. “To ensure the right person is signing the deed”, HM Land Registry say, “we have been working with the Government Digital Service (GDS) to enable us to use GOV.UK Verify[9], the government identity assurance service”.
8. Again, the Department may wish to note the Law Commission’s reservations, expressed at paragraph 6.67: “Verify does not currently ensure that the person entering the information is in fact the person he or she is purporting to be; rather it focuses on verifying that the person exists”.
9. If the Law Commission are right about the deficiencies of GOV.UK Verify, then neither the Land Registry nor any of the other parties involved could be sure that the “fully digital mortgage deed” had been signed by the right person.
10.There are many further reasons for HM Land Registry to be wary of relying on GOV.UK Verify.
11.Among others, in the 126 weeks between 13 July 2015 and 10 December 2017 the completion rate[10]has averaged just under 36%. That is, the failure rate is just over 64%. (Completion rate is defined as “the proportion of visits started on GOV.UK Verify that result in successfully accessing a service, following the creation or re-use of a verified account with a certified company”.) It looks imprudent for HM Land Registry to depend on a system that fails 64% of the time.
12.Also, according to Government services using GOV.UK Verify - May 2016 update[11], there were 13 on-line public services using GOV.UK Verify at the time. Today, there are 15[12]. Just two services have been added whereas, in May 2016, 18 services were going to be added “in the next year”.
13.This failure to convince central government, local government[13]and the private sector[14]to nail their colours to GOV.UK Verify may be taken as a warning by the Department. What would HM Land Registry do if, as seems increasingly likely[15], GOV.UK Verify is discontinued?
(830 words)





Updated 20.1.18

Here we are barely a month since Her Majesty's Land Registry's (HMLR) consultation on digital mortgages closed. There was Christmas in between and you would hardly expect any response yet. And you'd be right. There has been no response.

What you also wouldn't expect is that HMLR would proceed anyway with its imprudent plan to rely on GOV.UK Verify (RIP). But blow me down if that isn't exactly what they're doing.

A written statement to Parliament was issued on 18 January 2018 by The Rt Hon Greg Clark MP, Secretary of State for Business, Energy and Industrial Strategy, please see Departmental contingent liability notification: HM Land Registry digital mortgage service:
HMLR’s new digital mortgage service will enable borrowers to sign mortgage deeds digitally, speed up the re-mortgage process and improve the customer experience. A new liability risk arises with this service because HMLR will certify the identity of a borrower when that person provides a digital signature in advance of registration. This liability sits outside of the scope of HMLR’s existing statutory compensation scheme (Schedule 8, Land Registration Act 2002).

The risk of the new liability occurring is considered low. The new process, where the borrower’s identity has to be verified through GOV.UK Verify [RIP] combined with HMLR’s independent security processes, should in fact reduce the overall risk of fraud. To date GOV.UK Verify [RIP] has not identified a single example of fraud despite in excess of 1.25 million citizens’ accounts having been created using the GOV.UK Verify [RIP] service.
This matter comes under Her Majesty's Treasury's rules for Managing Public Money, please see specifically Annex 5.4 on liabilities. Members of Parliament can object to non-statutory liabilities being taken on:
A5.4.26 The indemnity should not go live until 14 parliamentary sitting days, after the Minute has been laid. Every effort should be made to ensure that the full waiting period falls while parliament is in session.

A5.4.27 If an MP objects by letter, Parliamentary Question or Early Day Motion, the indemnity should not normally go live until the objection has been answered. In the case of an Early Day Motion, the Member(s) should be given an opportunity to make direct personal representations to the minister, eg proactively arranging a meeting with them. The Treasury should be kept in touch with representations made by MPs and of the outcome.
Readers are enjoined to approach their MP and ask him or her to object to HMLR lashing itself to the corpse of GOV.UK Verify (RIP). Suggested text for an approach:
Request that you register an objection re HM Land Registry and GOV.UK Verify

Dear ...

I write to ask you to object to a proposal made on 18 January 2018 by The Rt Hon Greg Clark MP, Secretary of State for Business, Energy and Industrial Strategy, please see Departmental contingent liability notification: HM Land Registry digital mortgage service [1].

HM Land Registry wishes to introduce digital mortgages using a new process “where the borrower’s identity has to be verified through GOV.UK Verify”. GOV.UK Verify is a failed identity assurance scheme introduced by the Government Digital Service, part of the Cabinet Office.

According to the Law Commission: “Verify does not currently ensure that the person entering the information is in fact the person he or she is purporting to be; rather it focuses on verifying that the person exists”, please see Making a will [2], para.6.67 on p.119.

There are many objections to GOV.UK Verify, whose survival is unlikely. The system has been rejected by HMRC and the NHS, by local authorities and by the banks for anything to do with payments. The Law Commission’s objection is among the most cogent, suggesting that GOV.UK Verify cannot meet the requirements of a signature, whether for a will or for a mortgage.

HM Land Registry undertook a public consultation [3], the last date for responses to which was 17 December 2017. No account seems to have been taken of that consultation.

HM Treasury lays down rules for the proper management of public money [4]. The Minister’s proposal is premature and imprudent. He says: “Subject to no objections being received, I intend to authorise the proposal to undertake contingent liability for the digital mortgage service, after the usual 14 parliamentary sitting days” and I would ask you to register an objection within 14 parliamentary sitting days of his 18 January 2018 statement.

Yours sincerely
...

----------

1. https://www.gov.uk/government/speeches/departmental-contingent-liability-notification-hm-land-registry-digital-mortgage-service
2. https://s3-eu-west-2.amazonaws.com/lawcom-prod-storage-11jsxou24uy7q/uploads/2017/07/Making-a-will-consultation.pdf
3. https://www.gov.uk/government/consultations/improving-the-home-buying-and-selling-process-call-for-evidence
4. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/ 454191/Managing_Public_Money_AA_v2_-jan15.pdf please see in this case Annex 5.4 on liabilities, particularly clauses 5.4.26 and 5.4.27 on objections.

Updated 22.1.18

As you know, the Secretary of State for Business, Energy and Industrial Strategy has bravely taken the decision to rely on GOV.UK Verify (RIP).

Digital mortgages should be digitally signed in the modern 21st century Land Registry and GOV.UK Verify (RIP) is precisely the tool for the job. That is the assumption in the Minister's statement. Ask anyone and they'll tell you, no. It's not the right tool. The number of times GOV.UK Verify (RIP) has been used in the nearly four years of its unhealthy life for digital signatures is zero.

You may have responded to the request above like a responsible citizen and written to your MP asking him or her to raise an objection to this reckless move. In which case you had better have the answers to any questions your MP asks you.

Someone, possibly the Minister, possibly his officials, is worried about the contingent liability that the Land Registry is taking on. That's why the Minister's statement says "the risk of the new liability occurring is considered low".

The Minister digs deeper and adds "the new process ... should in fact reduce the overall risk of fraud". That's a fact, apparently, but somehow the figures for the risk in the current process and the risk in the new process are not quoted. Why does the Minister believe that the risk will be reduced? No answer.

Well , not quite no answer. The Minister does say that "to date GOV.UK Verify [RIP] has not identified a single example of fraud despite in excess of 1.25 million citizens’ accounts having been created using the GOV.UK Verify [RIP] service".

Click on the link and you will find a list of 13 on-line public services that currently use GOV.UK Verify (RIP). None of them involving digital signatures. Signatures which are normally taken to be irrevocable. Digital signatures are serious.

No frauds arising as a result of the use of GOV.UK Verify (RIP) with these 13 services have yet been identified. But then none of these services involve buying assets that cost £226,071 on average in the UK in November 2017 according to the Land Registry. That is a greater incentive for a fraudster than, say, Check your State Pension, one of the existing 13 services. The risk of fraud may increase, not decline.

There were nearly 70,000 property sales in England and Wales in September 2017. That's over £15 billion-worth of transactions. The Minister made his statement because his "department proposes to undertake a contingent liability of £300,000 [or] above". £300,000 is 0.002% of £15 billion. And that's just one monthsworth of property transactions. The probability of fraud had better be very very low.

"... in excess of 1.25 million citizens’ accounts" sounds like a lot of accounts. But is it? You create a GOV.UK Verify (RIP) account by registering with a so-called "identity provider". There are seven "identity providers" at the moment. Each person may create seven accounts for himself or herself. 1,250,000 million accounts may imply as few as 178,571 people.

That's still a decent size number but it's a lot less than 1,250,000 and it's a lot less confidence-inspiring. In fact, it's a bit unnerving. Why doesn't the Minister tell us the number of people involved? Why does he tell us the number of accounts instead?

If you take a look at the GOV.UK Verify (RIP) dashboard on the Government Digital Service's (GDS) performance platform you'll find that 15 public services use GOV.UK Verify (RIP). Not 13. Which is it? Not strong on numbers, the Minister's statement ...

... and not comprehensive. HMRC started a new on-line public service, Personal Tax Account, in December 2015. In February 2017 just over a year later John Manzoni, Chief Executive of the Civil Service, told us that "more than 8 million citizens have now signed up".

That is not mentioned in the Minister's statement. 1,250,000 now starts to look a bit pathetic after all and it's again a bit unnerving that the Minister provides no context, it's not easy for his readers to know if 1,250,000 is a big number or it isn't. And of course 178,571 now looks microscopic.

Most people using HMRC's Personal Tax Account service verify their identity using the venerable Government Gateway system, not GOV.UK Verify (RIP). Not mentioned in the Minister's statement but the question arises anyway, why aren't the Land Registry using the tried and tested Government Gateway?

What is the point of introducing digital signatures? To save time? How much time? The Minister doesn't say. It's going to be hard to argue the case, though. Over half the attempts to use GOV.UK Verify (RIP) fail. That's according to GDS's own statistics. That's time wasted, not time saved.

And remember, even if someone does manage to use GOV.UK Verify (RIP) to digitally sign their mortgage deed, the Law Commission remain unconvinced: “Verify does not currently ensure that the person entering the information is in fact the person he or she is purporting to be; rather it focuses on verifying that the person exists” (para.6.67). The Land Registry will not know who signed any digital mortgage deed.

That should give your MP a basic grounding in the matter, it should indicate that there's something there to object to – a contingent liability is being taken on for no good reason – and that the Minister has a lot of explaining to do.


Updated 23.1.18

As you know, a written statement to Parliament was issued on 18 January 2018 by The Rt Hon Greg Clark MP, Secretary of State for Business, Energy and Industrial Strategy, please see Departmental contingent liability notification: HM Land Registry digital mortgage service:
HMLR’s new digital mortgage service will enable borrowers to sign mortgage deeds digitally, speed up the re-mortgage process and improve the customer experience. A new liability risk arises with this service because HMLR will certify the identity of a borrower when that person provides a digital signature in advance of registration. This liability sits outside of the scope of HMLR’s existing statutory compensation scheme (Schedule 8, Land Registration Act 2002).

The risk of the new liability occurring is considered low. The new process, where the borrower’s identity has to be verified through GOV.UK Verify [RIP] combined with HMLR’s independent security processes, should in fact reduce the overall risk of fraud. To date GOV.UK Verify [RIP] has not identified a single example of fraud despite in excess of 1.25 million citizens’ accounts having been created using the GOV.UK Verify [RIP] service.
There are three traps not to fall into. Anyone who does fall into them may subsequently feel that they have been misled by the Minister's statement:
  1. Digital signature is not a facility included in GOV.UK Verify(RIP)'s meagre repertoire. Despite what you might be misled to think, GOV.UK Verify (RIP) contributes nothing to the proposed digital signing process.
  2. What the Land Registry propose is probably not digital signature at all but something else.
  3. The Exchequer may be taking on the risk of wrongly identifying borrowers whether that mistake is made by GOV.UK Verify (RIP) or by solicitors/licensed conveyancers. Or it may only be covering GOV.UK Verify (RIP) and the conveyancers remain liable. Which is it? The answer isn't clear.
These points 1., 2. and 3., are elaborated below. The upshot is that the Minister may have misled the House and the conveyancing profession with his statement. You are enjoined again to ask your MP to object to the statement. The Minister may anyway now wish to withdraw the statement.

1. Digital signatures and GOV.UK Verify (RIP)
The Land Registry wrote about the proposed digital mortgage service in July 2017, please see Verifying a secure digital mortgage service:
... Using the 'Sign Your Mortgage Deed' service will mean the borrower no longer needs to apply pen to paper and instead will digitally sign their deed online ...

Benefits of digital signatures

... But how can their lender be sure who has applied the digital signature?

Linking up with GOV.UK Verify [RIP]

To ensure the right person is signing the deed, we have been working with the Government Digital Service (GDS) to enable us to use GOV.UK Verify [RIP], the government identity assurance service. By working with GDS we’ve been able to ensure that a borrower can easily progress from verifying their identity to digitally signing their mortgage deed ...

How the identity assurance works

Once it has been confirmed that the borrower is who they say they are through obtaining a Verify account, we will send them a security code by text message. The borrower can then input this code to confirm that they are the person signing the deed ...

... Our digital signature won’t be an electronic representation of a handwritten signature, but a secure way of confirming the content of a deed and the identity of the person signing it. The digital signature means that the content of the deed cannot be tampered with, or the content changed, without invalidating the signature ...
Back then in July the separation was clearer. GOV.UK Verify (RIP) was to be involved in assuring the Land Registry as to the identity of the borrower. With that assurance made, the business of signing the mortgage deed digitally is nothing to do with GOV.UK Verify (RIP), it depends on the borrower using "a security code" sent to them by the Land Registry "by text message".

That's the main point to be established here. Pace the Minister's statement, the Land Registry's proposed digital signing doesn't involve GOV.UK Verify (RIP). It can't. Digital signature is not a facility within GOV.UK Verify (RIP).

En passant, we may remind ourselves that the Law Commission do not believe that GOV.UK Verify (RIP) can confirm that "the borrower is who they say they are" (para.6.67/p.119). The Land Registry would be flat wrong to rely on that confirmation.

2. Digital signature and electronic signature
The quotations above from the Minister's statement last week and from the Land Registry's July 2017 blog post all refer to digital signatures.

"Digital signature" is a technical term. You can read all about it in Wikipedia.

The problem is that back in February 2017 the Land Registry's lawyer wrote a scholarly blog post all about the proposed use of electronic signatures, Executing a document using an electronic signature. And electronic signatures are not the same as digital signatures, please see Wikipedia again.

It may be that she's wrong and the Minister is right. If not, the Minister's statement misled the House.
Executing a document using an electronic signature

HM Land Registry does not give legal advice but we are aware that practitioners want clarity about our policy and practice relating to electronic signatures (e-signatures) on documents and deeds ...

We intend to use our own purpose-built electronic signature solution for the authentication of the new digital mortgage ...

The solution will provide an advanced electronic signature, which is defined in EU Regulation No 910/2014 on electronic identification and trust services for electronic transactions – (the “eIDAS Regulation”) ...

Electronic signatures are not witnessed. Indeed it is not possible for an electronic signature to be physically witnessed in the way that a pen and ink signature can ...

That is why electronic signing relies on trust services, which provide certification as to the identity of the person who is applying the electronic signature, and protection to the integrity of the data that has been signed. Consequently, section 91 of the Land Registration Act 2002, which deals with electronic dispositions for the purpose of land registration, refers to e-signatures being certified (s.91(3)(c)).

Certification of an electronic signature takes the place of witnessing. It effectively transposes a notarial model into the digital environment ...
Back then in February, the Land Registry's proposal was to use electronic signatures. Perhaps the Minister is right. Perhaps that earlier proposal has been withdrawn in favour of using digital signatures instead. Perhaps not. The Minister needs to clarify the situation to the House. Are the proposed signatures digital, as he suggests? Or electronic?

3. Do conveyancers remain liable for identity assurance mistakes?
The Land Registry's February 2017 document includes this: "For the verification of identity, HM Land Registry currently proposes to use a combination of the information provided by the conveyancer together with the GOV.UK Verify [RIP] service".

The Land Registry did not then intend to rely on GOV.UK Verify (RIP) alone for identity assurance. Just as well in view of the Law Commission's strictures. They intended to rely on conveyancers as well.

The July document says "once it has been confirmed that the borrower is who they say they are through obtaining a Verify account, we will send them a security code". That seems to let the conveyancers off the hook.

Some conveyancers may currently believe that their liability in the matter of digital mortgages and identity assurance is nil, that the liability is shouldered entirely by GOV.UK Verify (RIP) which then shuffles it off onto the Exchequer. They may be wrong to believe that. They may still be on the hook. Perhaps the Minister could clarify the matter.


Updated 27.1.18

As The Rt Hon Greg Clark MP says, "HMLR’s new digital mortgage service will enable borrowers to sign mortgage deeds digitally, speed up the re-mortgage process and improve the customer experience. A new liability risk arises with this service because HMLR will certify the identity of a borrower when that person provides a digital signature in advance of registration. This liability sits outside of the scope of HMLR’s existing statutory compensation scheme".

This is odd. GOV.UK Verify (RIP) is supposed to have verified the borrower's identity. That's the point of the system. GDS have contracts with seven "identity providers" who are paid to provide identity assurance to relying parties like HMLR:
  • If they've made a mistake, why aren't the "identity providers" liable?
  • If they're not liable, what is the incentive to do the job properly?
  • Why bother to retain them in the first place?
  • And why bother to insert GOV.UK Verify (RIP) into the conveyance process?
    • It doesn't add anything. Apart from a pointless cost.
    • HMLR's electronic signing doesn't depend on GOV.UK Verify (RIP). It can't. The Law Commission tell us quite clearly that GOV.UK Verify (RIP) doesn't establish that the borrower is who they say they are.
    • The solicitors and licensed conveyancers remain just as much on risk as they ever were.
    • The borrowers hand over reams of valuable personal information to the "identity providers" to register with GOV.UK Verify (RIP), a registration which turns out to have no value to the borrowers nor to the relying parties.
Central government, local government, government agencies, charities and the public private sector can all see that this liability model is hopeless. All except HMLR ..,

... the only relying party that knows it has nothing to rely on and decides absurdly that the solution is to get the taxpayer to pay, again ...,

... having already paid for GOV.UK Verify (RIP).

GOV.UK Verify (RIP) isn't doing the Land Registry any favours. Why is the Land Registry doing GOV.UK Verify (RIP) a favour? That's not its job.


Updated 29.1.18

HM Land Registry (HMLR) have now published a report on their consultation.

Not the December 2017 consultation mentioned above. The Rt Hon Greg Clark MP has been inveigled into proceeding with eMortgages without bothering to refer to that consultation.

No, HMLR's January 2018 response is to a February 2017 consultation, Proposals to amend the Land Registration Rules 2003:
4.4 Twenty respondents questioned whether the GOV.UK Verify [RIP] service was sufficiently robust and adequate to provide identity assurance for those who will be electronically signing digital conveyancing documents, given current levels of identity theft. One respondent stated that Verify is currently shutting out 40% [52% as at 14 January 2018] of those trying to access it. One person suggested that the checking of identity should remain with conveyancers. Others pointed out that as yet, Verify does not allow for identity assurance for companies, charities and legal entities other than individuals. On the other hand, some commented that the use of Verify would lead to more secure [how much more secure?] conveyancing transactions and a significantly reduced [how significantly?] fraud risk ...

4.9 The Public and Commercial Services Union (PCS), one of the two recognised trade unions in HMLR with over 3000 members, gave a detailed response expressing several concerns, particularly-
• lack of parliamentary and public scrutiny [no change there] of each new digital service
• reduction in HMLR caseworker involvement and assessment of applications
• a shift in liability from HMLR to the conveyancer applicants
• favouring larger conveyancing firms over smaller ones
• whether Verify is sufficiently robust for use with digital signatures [or is it electronic signatures?] ...

Verify
4.16 The identity service providers who carry out identity assurance in the GOV.UK Verify [RIP] service are bound by detailed contractual requirements to provide highly robust procedures and results [how highly? they are not liable for errors, the public have to pay]. User security and privacy is at the heart of the Verify service [Security? No. Privacy? No.]. All certified companies were audited [the Post Office failed its audit and yet it is still allowed to act as an "identity provider"] and had to complete a rigorous onboarding process before joining Verify.

4.17 The Government Digital Service, which provides Verify, is scaling up and constantly improving the service [some examples would be welcome, there is little sign of activity]. Nobody is excluded from a service if they cannot be verified by Verify ...

4.19 Verify currently provides ID assurance to assurance level 2 as defined in the government’s guidance document “Identity Proofing and Verification of an Individual” published by CESG (now the National Cyber Security Centre) and the Cabinet Office . HMLR’s use of Verify will not absolve conveyancers and lenders from their duties under the Money Laundering Regulations [bad news for conveyancers who thought that the Minister's absolution covers them], but will be in addition to them. There is nothing to prevent conveyancers from carrying out level 3 checks if they feel they are necessary ...

4.22 With regard to identity assurance for corporate bodies, HMRC is continuing the development of a new Government Gateway service (GG3) [Verify not up to the job that the Gateway has been doing for 17 years], which will provide service credential management for businesses and organisations wishing to use government digital services ...
How has the Minister decided to proceed?


Updated 2.2.18

Mishcon’s £1m ID fraud bill sounds alarm bells. That's what it said in The Law Society Gazette a year ago. There's more where that came from. See for example Dreamvar (UK) Ltd v Mishcon de Reya (a firm) and another [2016] EWHC 3316 (Ch) and Conveyancing fraud: Society seeks to intervene in crucial test of solicitors' liability from the day before yesterday, hat tip as ever: Mark King.

A buyer tried to buy a flat. The money was paid over on completion. Then it turned out that the seller didn't own the flat in the first place. The buyer had been defrauded but that's not the seller's conveyancer's fault, apparently, according to the law. That's what you'll read in the articles above. The buyer's conveyancer, Mishcon de Reya, also followed procedures correctly but the courts have so far ruled that they owe the buyer lots of money anyway. That decision is currently being appealed.

Checking that the property is the seller's to sell looks pretty basic to the whole complicated business of conveyance. How do the conveyancers fail to perform that check successfully? Why can't they just look in the Land Registry's land register and see the records? The problem needs to be resolved by the professional indemnity insurance companies according to some lawyers. Really? It's all down to the difficulty of proving that someone is who they say they are, say others.

This case – and there's a lot of it about, apparently – is presumably one reason for inserting GOV.UK Verify (RIP) into the Land Registry's procedures. The problem is identity fraud. GOV.UK Verify (RIP) prevents identity fraud. QED. GOV.UK Verify (RIP) assures relying parties that a person is who they say they are. End of problem.

Except that that's clearly piffle.

If it was that easy, GOV.UK Verify (RIP)'s "identity providers" would happily shoulder the liability for mistakes because there wouldn't be any. It wouldn't be necessary for The Rt Hon Greg Clark MP to warn the public, Parliament and HM Treasury that the Land Registry is taking on liabilities beyond its allowance.

As it is, the "identity providers" are too frightened to go anywhere near facing that liability. While they shelter comfortably in the happy business of pocketing £30 for every useless GOV.UK Verify (RIP) registration it's the taxpayer who will have to cough up.

The problem is that GOV.UK Verify (RIP) fails to assure relying parties that a person is who they say they are. The Law Commission are unambiguous on the point. Which part of "Verify does not currently ensure that the person entering the information is in fact the person he or she is purporting to be; rather it focuses on verifying that the person exists" is it possible to misunderstand?

GOV.UK Verify (RIP) is not the solution. It is, in that sense, irrelevant to the Minister's written statement to Parliament, Departmental contingent liability notification: HM Land Registry digital mortgage service.

If the Land Registry wants to certify that borrowers are who they say they are, fine, go ahead. But don't pretend that the risks are mitigated by relying on the tawdry GOV.UK Verify (RIP) because they're not.


Updated 9.2.18

As noted, the Government Digital Service (GDS) have all but stopped blogging, tweeting or talking about GOV.UK Verify (RIP), the proposed pan-government UK identity assurance scheme. They don't promote the scheme and they don't defend it from criticism. Their lips are sealed. It's the opposite of "make things open, it makes things better", supposedly the watchword of GDS.

GDS say nothing and, to all intents and purposes, neither so do the "identity providers", Experian et al.

That leaves HM Land Registry, the Ministry of Housing Communities and Local Government and the Department for Business Energy and Industrial Strategy (BEIS) to make the running. Bravely.

The Rt Hon Greg Clark MP has warned Parliament that digital mortgages will incur contingent liabilities and suggested that the risk is mitigated thanks to the use of GOV.UK Verify (RIP). He says that. GDS don't and neither do the "identity providers". He's the one who's exposed.

At least one kind MP has questioned Mr Clark about the wisdom of relying on GOV.UK Verify (RIP). Here is the response from the Under-Secretary of State at BEIS, published here with thanks and without comment for the moment by DMossEsq. See what you make of it:



Updated 11.2.18

In principle, ...
... the earth could be at the centre of the universe. Possibly. Remember that.

Background
HM Land Registry (HMLR) wishes to introduce digital mortgages into the UK. The electronic signatures involved will give rise to contingent liabilities.

The risk of these liabilities materialising is reduced by the insertion of GOV.UK Verify (RIP) into the conveyancing process. So says The Rt Hon Greg Clark MP, Secretary of State for Business Energy and Industrial Strategy (BEIS), who will authorise the assumption of these contingent liabilities unless he hears of any convincing objections.

DMossEsq's MP has kindly submitted some objections and Lord Henley PC, Parliamentary Under-Secretary of State at BEIS has kindly responded as noted above. What are we to make of that response?

Civil servants advise, ministers decide
Let us assume that the response Lord Henley decided to sign – in the old-fashioned way – was written by his officials. Has he been well advised?

Begging the question
"HMLR will use a combination of the information provided by the conveyancer together with the GOV.UK Verify [RIP] service to provide an appropriate level of assurance at the point of signature", say his officials, and "as such, this is an additional level of identity assurance that does not exist in the signing of a paper deed".

Not a good start.

His officials are begging the question. The level of assurance provided by GOV.UK Verify (RIP) may be too low for the job. In which case it adds nothing.

Some old safeguards lost
And the new process dispenses with traditional signatures on paper deeds and with witnessing and with either attendance in person for signature or the exchange of documents by post which provides some check on people's address. Lord Henley's officials fail to include these subtractions in their calculus.

Whose fault is it?
That failure is unfair on conveyancers who, the officials emphasise, remain just as responsible for checking identity as they ever have been: "Conveyancers are liable under the Money Laundering Regulations, and their own Regulators' rules/codes of conduct, to check the identity of their clients. There is nothing in the legislation relating to electronic signatures ... that obviates the need for conveyancers to undertake such checks" ...

... except, confusingly, that now the taxpayer is going to have to cover some unspecified amount of the liabilities. Which is it? Are the conveyancers responsible or aren't they?

Evidence-based policy
Talking of unspecified amounts, what is the probability of liabilities arising? No figure is given by the officials. Greg Clark and Lord Henley and Parliament are being asked to make a decision without the figures you would hope to see in a system of evidence-based policy development. Not businesslike. Not for the Dept of Business, nor for any other organisation. And not responsible.

Fit for purpose?
"GOV.UK Verify [RIP] has been designed as an online tool to prove that users are who they say they are. It has a particular focus on ensuring that the person sat behind a computer screen is the identity they claim to be". What about the person in front of the computer screen, you may ask? Also, if GOV.UK Verify (RIP) does the job it has been designed for, why is there any contingent liability?

It's no answer to be told that "GOV.UK Verify [RIP] certified companies take a holistic approach to identity". What does "holistic" mean here?

Personal information
Lord Henley's officials don't mention it but if you register with GOV.UK Verify (RIP) through a certified company a lot of your personal information is stored by them anywhere in the world they decide and shared with any number of other organisations. This increase in the risk of fraud has been documented for years by DMossEsq, please see here for version 6 of the document based on the terms and conditions of business of the certified companies and on their privacy policies.

That is another component missing from the official calculus. If you sign a deed, you sign a deed. You don't hand over your passport, driving licence and bank loan details to a company you've never heard of like Idemia, for example. But that's what happens with GOV.UK Verify (RIP).

What do BEIS know that NIST and the Law Commission don't?
In order to inspire confidence, Lord Henley's officials tell us that "GOV.UK Verify [RIP] follows the identity guidance ... laid out in Cabinet Office Good Practice Guide 45 [GPG45]".

As it happens, GOV.UK Verify (RIP) has trouble reaching GPG45 level of assurance 2 at the moment.

Even if it could reach level 2, the US National Institute of Standards and Technology (NIST) regard GPG45 level of assurance 2 as no better than self-certification, please see Table 2.1 on p.13 of DRAFT NIST Special Publication 800-63-3 Digital Identity Guidelines, 30 January 2017:

SP 800-63 (NIST)
[GPG45][RSDOPS]STORK 2.029115:2011ISO 29003Government
of Canada
N/AN/ALevel 01N/AN/AN/AN/A
AAL/IAL 1Level 1Level 1QAA Level 1LoA 1LoA 1IAL/CAL 1
AAL/IAL 1Level 2Level 2QAA Level 2LoA 2LoA 2IAL/CAL 2
AAL/IAL 2Level 3Level 3QAA Level 3LoA 3LoA 3IAL/CAL 3
AAL/IAL 3Level 4N/A2QAA Level 4LoA 4LoA 4IAL/CAL 4

That same point is made by Damien Bruneau, author of the Law Commission's 7 July 2017 consultation paper on making a will: "Verify does not currently ensure that the person entering the information is in fact the person he or she is purporting to be; rather it focuses on verifying that the person exists".

Lord Henley's officials criticise the Law Commission for making that statement on the basis that they're out of date.

Theory v. practice
They also say: "The Law Commission's report found that "it is possible, in principle, for the Government, or a Government authorised body, to use Verify to provide for fully electronic wills". It has proved impossible, in practice, to find the Law Commission report which includes this opinion. [Please see 12.2.18 update below]

Absent the full document, this Law Commission imprimatur is weak. "Possible"? How possible? "In principle"? What principle? You could say the same about the earth being at the centre of the universe. No-one would be convinced.

New recruits
On 29 April 2016 Janet Hughes, identity assurance programme director at the time, told us that: "Over 50 government services are planning to adopt GOV.UK Verify [RIP]. Twenty of these are planning to connect to GOV.UK Verify [RIP] in the next year".

There were already 13 services connected on 8 February 2016 according to Ms Hughes: "There are now 13 government services from 5 departments connected to GOV.UK Verify [RIP] ...".

Two years later, are we up to 33? Or 63? No. 15.


Government Gateway
HMRC added eight million users (c.f. John Manzoni, chief executive of the UK civil service) to their personal tax account service in under a year using the Government Gateway, not GOV.UK Verify (RIP). Lord Henley's officials omitted to mention the Gateway.

Local authorities
The Blue Badge GOV.UK Verify (RIP) application which they do mention has been tested for years and still isn't live.

They don't mention the residents' parking permit and concessionary travel GOV.UK Verify (RIP) applications which have been piloted with local authorities since October 2016. Only three local authorities are left out of the 15 which started on residents' parking permits and only two out of the 11 which started on concessionary travel.

Identity assurance in the financial sector
The involvement of GOV.UK verify (RIP) in financial sector applications including Open Banking has been "explored", according to Lord Henley's officials. Indeed it has. Explored and not pursued.

Remember the question?
The answer is no. Lord Henley's officials have provided no reason to believe that GOV.UK Verify (RIP) will mitigate the risks of digital mortgages.


Updated 12.2.18

While reviewing the low-grade advice his officials gave to Rt Hon Lord Henley PC, Parliamentary Under-Secretary of State at the Department for Business Energy and Industrial Strategy, we noted that the source of the Law Commission's opinion "it is possible, in principle, for the Government, or a Government authorised body, to use Verify to provide for fully electronic wills" couldn't be found.

It has now been found by someone who was kind and energetic enough to look. Found where? It turns out to be in the paragraph before the Law Commission opinion that we keep quoting:
6.66 It is possible, in principle, for the Government, or a Government authorised body, to use Verify to provide for fully electronic wills, with the will being executed by the testator entering his or her username and password and then being stored.

6.67 We have concerns, however, as to whether the use of Verify would be sufficient to protect testators from undue influence and impersonation. Verify does not currently ensure that the person entering the information is in fact the person he or she is purporting to be; rather it focuses on verifying that the person exists.44 While the involvement of witnesses generally provides some protection against fraud and undue influence, Verify does not currently have any facility for the participation of witnesses. Furthermore, Verify relies on passwords to control access to the service. There is a risk, therefore, that testators will give their passwords to family members or carers, and might be pressured to do so by persons wanting to abuse them.
The Law Commission are saying that GOV.UK verify (RIP) could work, in principle, but as a matter of fact it doesn't.

Lord Henley's officials are saying that the Law Commission were hopelessly out of date and you can ignore paragraph 6.67 but that the Law commission are completely on top of their game when they give their confidence-inspiring endorsement of GOV.UK Verify (RIP) at paragraph 6.66:
The Law Commission report referenced by Mr Moss did not go into detail about the capabilities of GOV.UK Verify [RIP]; it restated opinions that were collected during a previous consultation by the Office of the Public Guardian called "Transforming the Services: Enabling Digital by Default" (published on 21 51 August 2014). The Cabinet Office guidance was published just before this (in July 2014) and subsequently was likely not considered in the Public Guardian report. Therefore, we do not believe these consultations and reports are a fair reflection of the current capabilities of GOV.UK Verify [RIP] ...

The Law Commission's report found that "it is possible, in principle, for the Government, or a Government authorised body, to use Verify to provide for fully electronic wills".

We welcome recognition by the Law Commission that in principle electronic signing of a will is sufficiently robust and secure in order to make them binding. We recognise that the report also raised some concerns about the use of GOV.UK Verify [RIP]. However, for reasons mentioned previously in this response, we do not believe those consultations and reports considered or recognised all of the current capabilities of GOV.UK Verify [RIP].
10 out of 10 for the cheeky use of quotation in the construction of a meretricious case. But that's not appropriate here, where we're talking about the businesslike and responsible management of public money. HM Treasury are unlikely to be amused.


Updated 13.2.18

Month
Sales
volume
Average
price (£)
Value (£)
2016-07
97,176
215,127
20,905,181,352
2016-08
98,386
215,145
21,167,255,970
2016-09
95,699
214,816
20,557,676,384
2016-10
89,318
214,107
19,123,609,026
2016-11
92,948
215,113
19,994,323,124
2016-12
98,707
215,500
21,271,358,500
2017-01
72,095
215,084
15,506,480,980
2017-02
74,619
215,639
16,090,766,541
2017-03
92,127
215,226
19,828,125,702
2017-04
79,168
218,446
17,293,932,928
2017-05
86,251
219,990
18,974,357,490
2017-06
102,842
222,004
22,831,335,368
12 months
1,079,336
216,378
233,544,403,365
HM Land Registry published their latest UK house price data today.

Take a look at the 12 months to June 2017. Over a million transactions worth over £230 billion.

That's a million buyers and a million sellers, roughly. A million buyers' conveyancers and a million sellers' conveyancers. Roughly. With two million professional indemnity insurance premiums to pay. A million mortgages to take out and a million mortgages to redeem. Roughly. Two million people and two million businesses and two million mortgages. With £230 billion at risk.

All that weight. Resting on GOV.UK Verify (RIP). Rejected by HMRC, DWP and the NHS ...

... but trusted by HM Land Registry, the Ministry of Housing Communities and Local Government and the Department for Business Energy and Industrial Strategy.

Brave. Very brave.


Updated 5.4.18

Digital mortgage signed by borrower and registered at HM Land Registry: "Today, the first digital mortgage deed was entered into the Land Register ... The registration of the deed follows months of collaboration and testing with Coventry Building Society and Enact Conveyancing and uses GOV.UK Verify [RIP] to enable borrowers to securely verify their identity before digitally [electronically?] signing their mortgage deed online".

That's a press release by HM Land Registry today.

Good luck to HM Land Registry Chief Executive and Chief Land Registrar Graham Farrant, who says in the press release that he hopes to roll this service out nationally. Brave. Very brave.

Peter Frost, Chief Operating Officer at Coventry Building Society, says "although this initiative has started with re-mortgages we’re excited about the potential for it to be extended to purchases in the future". Re-mortgages. In other words the identity of the borrower has already been verified properly by other means, it's safe to use GOV.UK Verify (RIP) when it's not being relied on.

Ben Carroll, Enact Conveyancing’s Managing Director, says: "this fully-digitised journey will mean that a customer can sign their mortgage deed online at a time and place of their choosing, securely underpinned by the GOV.UK Verify [RIP] platform". Time will tell.

"And what", you ask, "do the GOV.UK Verify (RIP) team have to say?". Nothing. As usual.