Friday, 28 July 2017

RIP IDA – the last blip on the life support system monitor

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

"If Verify is the answer, what was the question?"

The Law Commission: "Verify does not currently ensure that the person entering the information
is in fact the person he or she is purporting to be;
rather it focuses on verifying that the person exists" (para.6.67/p.119)

The signs of life are petering out:
  • GOV.UK Verify (RIP) blog posts are now collectors' pieces. Like the Cabinet Secretary's once loud expressions of support for GOV.UK Verify (RIP).
  • The GOV.UK Verify (RIP) team hardly ever tweet.
  • They never go live on a new central government service. The big departments of state look like sorting out identity assurance themselves.
  • Local government is deserting GOV.UK Verify (RIP) even before joining it.
  • The Open Identity Exchange (OIX) publishes one report after another explaining why GOV.UK Verify (RIP) has nothing much to offer the private sector in general and nothing whatever to offer the financial services sector in particular.
  • Cabinet Office ministers come, they are made to say something ridiculous about the importance of GOV.UK Verify (RIP) and then they go.
  • Two executive directors of GDS have left, there weren't even any ripples on the departure of the second one and his replacement, a director general, didn't take the opportunity of his appointment to abandon their apology for a strategy – 25 million GOV.UK Verify (RIP) users by 2013 2020.
There is still the occasional blip on the GOV.UK Verify (RIP) life support system monitor. techUK hosted an encounter between GDS and the UK's technology suppliers earlier this week, a market briefing on GDS's government transformation strategy.

For an organisation claiming that making things open makes them better GDS have been very quiet about this event, which may as well have taken place on board a submarine. The press were excluded ("Press weren’t invited to the event"). Even DMossEsq failed to get in.

But some reports have been published. GDS wants IT suppliers to use its GaaP products – but won’t offer service guarantees, for example, Government needs tech industry skills to deliver on transformation plan, says GDS boss Cunnington, GDS chief to set out plans to meet Transformation Strategy agenda and GDS sets out vendor prospects from its transformation strategy plans.

From those reports it seems that GDS have been working hard on undermining GOV.UK Verify (RIP) by producing a version that doesn't verify people's identity. And that they want suppliers in the technology sector to use GDS's platform components only.

10 out of 10 for trying to be totalitarian but GOV.UK Notify and GOV.UK Pay aren't even live – so how could techUK's members use them and why would they abandon the products they already use? And next to no-one in central and local government and in the private sector wants to use GOV.UK Verify (RIP) – so why would techUK members want to use it, even if it doesn't verify anyone's identity?

The last time Whitehall tried to insert itself into the nation's payment systems the banks and the major retailers said no. On balance, they preferred the UK economy to survive. The same answer is confidently expected this time.

Jerry Fishenden has already explained the need for a rethink. So has Alan Mather in his GDS isn't working series.

Both of them were prime movers in the design and deployment of the Government Gateway, which remains today the main way for individuals and businesses to access central government services on-line, unlikely as that may seem – as Mr Mather says: "the Government Gateway is still there, 16 years old and looking not a day older than it did in 2006 when the [user interface] was last refreshed". They both want to see the Government Gateway replaced but GOV.UK Verify (RIP) is not in their view a feasible replacement.

Messrs Fishenden and Mather have actually done the job. GDS have proved that it's beyond them. What do we do now? There's no point asking GDS. Has anybody asked Messrs Fishenden and Mather?

GDS's much-vaunted digital-by-default government is impossible without identity assurance. The UK isn't going to get that from GOV.UK Verify (RIP), as DMossEsq has said for years with nary a response from GDS, hermetically sealed from reality as they are. Two exemplary public servants saying the same thing carries infinitely more weight. GOV.UK Verify? RIP.


Updated 19.8.17

As we were saying above GOV.UK Verify (RIP)-wise, "Messrs Fishenden and Mather have actually done the job. GDS have proved that it's beyond them. What do we do now? There's no point asking GDS. Has anybody asked Messrs Fishenden and Mather?".

Bryan Glick, the esteemed editor of Computer Weekly magazine, had already published Jerry Fishenden, please see Verify and identity assurance - it's time for a rethink.

He's on the case and in his Verify fails to meet key business case targets Mr Glick also cites Alan Mather and adds the National Audit Office, whose March 2017 report on digital transformation in government calls for more clarity on GDS's rôle. Not just once, 33 times the NAO call for more clarity.

The main burden of Mr Glick's editorial is that GDS have failed to deliver on a single one of the promises made in the business case for GOV.UK Verify (RIP). The business case made to the Treasury is a false prospectus:
  • Too many people have trouble registering in the first place and too many people have trouble subsequently using GOV.UK Verify (RIP) to access public services.
  • 1.4 million GOV.UK Verify (RIP) accounts have been created. With seven "identity providers" to choose from, that could represent just 200,000 people with seven accounts each. GDS are committed to 25 million users by 2020. That's 25 million people. They have just three years to add up to 24.8 million people. At the present rate, that is impossible ...
  • ... it is also pointless if these people create level-of-assurance-1 accounts (LOA1), "little more than a system to set up a username and password", as Mr Glick says. The relying parties like HMRC and DWP and the NHS need properly assured accounts out of it if GOV.UK Verify (RIP) is to be ... reliable. The notion that they or the banks or the major retailers could rely on these LOA1 accounts now being offered by GDS is laughable.
  • Not enough public services have signed up to use GOV.UK Verify (RIP) and so much do they distrust it that they're developing their own identity assurance systems.
  • The promised cost savings do not look like materialising and, when asked about that, GDS avoid the question.
If one of the big systems integrators (SIs) turned in a performance like this GDS and its supporters would quite rightly be among the first to castigate them. There is no good reason to treat GDS differently from Capita, say, or Fujitsu, or any of the other SIs.

GDS have become a big SI themselves, with hundreds of staff, smart offices, influential PR, the connivance of senior officials and politicians, budgets measured in the hundreds of millions of pounds and guaranteed long-term public sector contracts.

We don't need another big SI. We want, need, deserve and pay for delivery and we're not getting it from GDS:
  • Alan Mather and Jerry Fishenden are admirably clear on that point.
  • The NAO imply it with their 33-fold call for clarity.
  • Mr Glick looks as though he agrees.
  • And then there's the Law Commission, please see the rubric above: "Verify does not currently ensure that the person entering the information is in fact the person he or she is purporting to be".
"The first services will be developed and tested by February 2012, with IDA [identity assurance, now GOV.UK Verify (RIP)] due to be rolled out for initial public services by autumn 2012". That's what GDS told Computer Weekly a long time ago. The first in an unbroken series of broken promises, nothing has been achieved in the past five years.

How long can this sleazy misfeasance in public office continue?

Is there any good reason you can think of why it should continue beyond today? What in your opinion would we lose if GOV.UK Verify (RIP) was cremated in 10 minutes time?

Updated 20.8.17

There is a section in Bryan Glick's editorial, Verify fails to meet key business case targets, on the per-user costs of GOV.UK Verify (RIP).

Once-off registration supposedly costs about £8 per new user, he says, and using GOV.UK Verify (RIP) to access public services is supposedly costing a further £4 p.a. or so per user.

The public cannot know how accurate these figures are because they are hidden behind commercial confidentiality. That's GDS's untutored idea of running a market.

The true figures could be lower. If GOV.UK Verify (RIP) ever reached 20 million accounts, they could fall by a factor of four to £2 up-front and £1 p.a. according to Mr Glick.

There again, according to Jerry Fishenden and others, "informally people close to those running the services, both inside government and at the commercial providers, indicate that the charges made by the companies range from around £9 to over £20 per user".

Here we are in the world of rumour and hearsay. We are none the wiser about the costs the taxpayer is paying for the useless GOV.UK Verify (RIP).

Mr Glick goes on to say that "even those lower amounts [£2 and £1 as against £8 and £4] compare unfavourably with commercial online identity tools for consumers. For example, Microsoft’s Azure Active Directory, which is described as 'a cloud-based identity and access management solution for your consumer-facing web and mobile applications', charges just £0.00209 – one-fifth of one penny – per user authentication up to 950,000 users, dropping to £0.00157 for nine million users".

Does it follow that 25 million on-line identities would cost just £39,250 p.a. if only HMG used Microsoft Azure instead of GOV.UK Verify (RIP)?

No of course it doesn't.

Click on the link provided by Mr Glick. That gets you to pricing for the business-to-consumer active directory service of Microsoft's Azure product. Click on the 'Calculator' option and then have fun choosing all the services you would need for 25 million people accessing UK public services. DMossEsq got to $7.7 million per month in no time, before adding UK servers, backup, support, security, networking, ...

It wouldn't necessarily be cheaper to use Azure. It may be a lot more expensive. It's not cheap at any price to use GOV.UK Verify (RIP) – it doesn't work, it's a waste of money. It could be cheap to use Azure, if it works and if the UK doesn't mind losing control of its personal information.

The point to take away is that Microsoft look as though they have a product and GDS don't:

Updated 3.9.17

Edward Lucas of The Economist newspaper, writing in The Times newspaper about 10 days ago, We need digital IDs to beat cyber fraudsters, made no reference to GDS's GOV.UK Verify (RIP). Estonia got a mention. But not GDS.

DMossEsq took him up on this omission in the comments below the line which brought forth this response:
Edward Lucas 7 days ago
@David Moss I didn't mention Verify because it is indeed moribund ...

Updated 12.10.17 1

Disclosure and Barring Service to introduce new digital services. That's what it said on the Government Computing website at the end of August, six weeks ago: "Users will be able to submit barring referrals online and apply online for a basic criminal record check".

Disclosure and Barring Service plans digital push, said the UKAuthority website on the same day, "September launch planned for new online barring referral system with more to follow next year".

Four days before, the Disclosure and Barring Service (DBS) had issued a press release, in which we read: "If you live or work in England or Wales you’ll be able to apply online for a basic criminal record check through DBS from January 2018. As part of the online application you’ll need to prove your identity through GOV.UK Verify [RIP]".

DMossEsq predicts, you will not be surprised to know, that relying on GOV.UK Verify (RIP) will be problematic for DBS. No doubt DBS disagree. Otherwise they wouldn't have elected to use GOV.UK Verify (RIP). We shall see.

DMossEsq makes this prediction also – that, in the case of people registering with GOV.UK Verify (RIP) for the first time, to use the DBS service, they will mostly be recommended to choose GB Group plc, also known as "CitizenSafe", as their "identity provider".

GB Group have the lowest certification of any "identity provider" (apart from the Post Office). So why would applicants be pushed in their direction?

Answer, because GB Group have a proper job as well as their GOV.UK Verify (RIP) hobby: "GBG (GB Group PLC) are the UK’s largest criminal record checking provider".

Updated 12.10.17 2

Borrowers trial our Digital Mortgage service.

"Our digital mortgage service" here means the Land Registry's digital mortgage service: "The aim of the service is to allow conveyancers to create a digital mortgage deed, which can then be signed by the borrower(s) using a digital signature and submitted to us so we can update the register".

Digital mortgages? Digital signatures? Whatever next?

For a long time, the answer seemed to be "nothing". Whatever next? Nothing. That Land Registry blog post about the digital mortgage trial was published well over a year ago, May 2016, and then nothing happened ...

... until July 2017 when the Land Registry published Verifying a secure digital mortgage service: "To ensure the right person is signing the deed, we have been working with the Government Digital Service (GDS) to enable us to use GOV.UK Verify [RIP], the government identity assurance service ... Following some final testing, we aim to have completed the first fully digital remortgage deed later this year".

As with the Disclosure and Barring Service, please see above, DMossEsq predicts that relying on GOV.UK Verify (RIP) will be problematic for the Land Registry.

No doubt the Land Registry disagree. Otherwise they wouldn't have elected to use GOV.UK Verify (RIP). We shall see.

The Law Commission don't believe that GOV.UK Verify (RIP) can assure the Land Registry that "the right person is signing the deed", please see rubric above (para.6.67). No doubt the Land Registry have a good reason for ignoring/flatly contradicting the Commission.

OIX, the Open Identity Exchange, have warned that GOV.UK Verify (RIP) has nothing to offer the financial sector. The Land Registry must know something that OIX don't.

A little patience and all will ultimately be revealed.

For the moment, just take another look at: "Following some final testing, we aim to have completed the first fully digital remortgage deed later this year".

"... the first fully digital remortgage deed". A quick scan of the Land Registry's blog post might leave you with the impression that they're offering a digital mortgage service. They're not. You've got to have a mortgage first. Their service only works if and when you try to re-mortgage, when all the verification and authorisation work has already been done. GOV.UK Verify (RIP) doesn't come into its own until it's not needed.

This isn't the first time. We've come across it before, with the Blue Badge scheme.

The tireless Ian Litton has been trying to lever GOV.UK Verify (RIP) into Blue Badges for years. Since May 2014, or even before that.

Earlier this year a trial was announced to use GOV.UK Verify (RIP) to issue Blue Badges. At least, it looked as though that's what the announcement said. But close reading indicated that the trial only covered the re-issue of Blue Badges when the old one has expired and when all the verification and authorisation work has already been done.

The aspiration is modest. GOV.UK Verify (RIP) has a lot to be modest about.

Updated 12.10.17 3

Could GOV.UK Verify (RIP) help with criminal record checks? Or digital mortgages? Or Blue Badges?


If it supported attribute exchange.

And how many of GOV.UK Verify (RIP)'s "identity providers" are certified for attribute registration?


Updated 12.10.17 4

Let's say you've been working on a national identity assurance scheme for six years. GOV.UK Verify (RIP), for example. You've embraced agile software engineering methods. You've made thousands of small amendments to the system over the years, so that it's forever improving. You've conducted hundreds of user research sessions, you know what people want, so that's what you must be delivering. Stands to reason.

And yet.

Central government departments in the main want nothing to do with your scheme. Local government, ditto. And the private sector seems to be getting on perfectly well without you.

What to do?

Apologise and resign?

Not a bit of it. GDS seeks help to make Verify go international.

They haven't managed to go national yet with GOV.UK Verify (RIP) but the Government Digital Service want these helpers to "scope the feasibility of potentially connecting Verify to the eIDAS framework and provide sizings and estimates for the next phase".

eIDAS should "enable UK citizens to use a Verify identity to access services abroad". The framework was published in July 2014, following years of international consultation. Only now do GDS want to connect to eIDAS ...

... or at least potentially connect to it ...

... well, not so much potentially connect to it as scope the feasibility of potentially connecting to it.

"Agile" may not be the first word that comes to mind as you survey this hopeless dereliction.

Updated 13.10.17 1

As we wrote on 28 July 2017: "Messrs Fishenden and Mather have actually done the job. GDS have proved that it's beyond them. What do we do now? There's no point asking GDS. Has anybody asked Messrs Fishenden and Mather?".

There's no point asking GDS how to get a national identity assurance scheme up and running.

That seems to be agreed – John Manzoni, CEO of the UK civil service, has asked McKinsey.

Let's hope he's also in contact with Messrs Fishenden and Mather.

Updated 13.10.17 2

22 September 2017, OIX hosted an identity assurance workshop with six presentations.

OIX, the Open Identity Exchange, is GDS's business partner.

One of the six presentations was given by Kent County Council, which comprises 15 borough and district councils including 1½ million people.

Local government is where government takes place. That's one place where you need functioning identity assurance. The slide deck from Kent's presentation includes this gem:

Kent will not be using GOV.UK Verify (RIP).

Why not?

They don't give as their reason that GOV.UK Verify (RIP) simply doesn't work. Nor that it's too expensive.

The reason Kent give is even more basic: "The costs of using Verify aren't clear".

GDS set out to create an identity "ecosystem" or market. Markets are where goods and services are traded. Without a price, you can't trade.

Six years in, and GDS haven't got to first base – there's no known price for a local authority to use GOV.UK Verify (RIP). "GDS have never created or regulated a market in their lives. And it shows", as we said in March 2016.

Kent's presentation is remarkable in several ways:
  • Sitekit are one of the two hub providers GDS have inveigled into trying to supply GOV.UK Verify (RIP) to the private sector (the other being Mvine). Sitekit have their name on slide ##1-6. If they can't recommend GOV.UK Verify (RIP) to local authorities how can they recommend it to the private sector?
  • From what GDS say, you'd think that local authorities are incapable of digital government. They're all helpless lambs, hopelessly dependent on Lady Bountiful, GDS, up at the manor house. But Kent seem to be getting on with it quite happily without GDS, slide ##7-30.
  • Identity assurance is needed for access control. The model for identity often seems to be based most appropriately on passports. Identity assurance lets you cross borders, e.g. into your office building or into your bank account. But what is the model for passports? Arguably, club membership. Either you're in the club or you're not. How do you become a member? Existing members of the club/community vouch for you, they act as your sponsors or referees. There is no recognition of that anywhere in GDS's model of identity assurance but it looks as though Kent have understood, slide ##23-28:

GOV.UK Verify (RIP) says a person = a passport + a driving licence + a credit history and has become as a result a machine for excluding people. The Kent model looks as though it knows what a community is.

Updated 27.10.17

You know that cybercrime is a growing problem. You know that cybercrime often relies on false identities. You may not know that the British Standards Institution (BSI) have published PAS 499, a draft code of practice for digital identification and authentication, but they have.

A PAS is a publicly available specification and at clause 0.2 the document says: "The PAS builds on ... developments in the move towards combined financial and government identity and authentication requirements; this may include commercial applications for GOV.UK Verify [RIP]".

It's polite of the BSI to suggest that GOV.UK Verify (RIP) could help individuals and organisations to comply with the likes of know-your-customer and anti-money laundering and PSD2 (the new Payment Services Directive) but their specification makes it clear that that is not possible:
  • "0.2 ... This PAS aims to help organizations secure their systems to prevent, as far as realistically possible, fraudulent misrepresentation of a natural or legal person", see also 3.1.19, 3.1.28, 3.1.30, 3.1.31, 3.1.33, A.3 – GOV.UK Verify (RIP) can't register legal persons such as companies, partnerships and trusts so it can't help people trying to comply with PAS 499.
  • "5.2 ... NOTE 2 References within PSD2 towards strong customer authentication requirements considering the use of biometrics suggests that authentication in payment applications look to a Level 4 identity at enrolment (though Level 3 does not preclude the use of biometrics)" – GOV.UK Verify (RIP) has difficulty reaching Level 2, Levels 3 and 4 are quite beyond it.

Updated 15.11.17

OIX, the Open Identity Exchange, have tried several times to come to the rescue of the Government Digital Service's GOV.UK Verify (RIP) identity assurance scheme that can't assure identities.

They're making another rescue attempt the day after tomorrow, Friday 17 November 2017, at an all-day conference, OIX Economics of Identity III, DMossEsq's invitation to which has been mysteriously lost in the GOV.UK Notify system.

Someone called Nic Harrison will be making a keynote speech. Presumably a speech on GOV.UK Verify (RIP). Does anyone know what his involvement is with GOV.UK Verify (RIP), if any?

Jess McEvoy is the programme director of GOV.UK Verify (RIP). Why isn't she speaking at the OIX conference?

Mr Harrison turns out to be a director of GDS, one of the team airlifted out of the distressed Department for Work and Pensions by ex-Goldman Sachs man Kevin Cunnington.

If only from work done by OIX over the years, the other people at the conference will already know that GOV.UK Verify (RIP) has nothing to offer on the economics of identity. Why are GDS attending?

The obvious answer is ... to publicise the conclusions of the McKinsey investigation of GOV.UK Verify (RIP). Turn on, tune in to #EofID this Friday and drop out.

Updated 17.12.17

We mentioned above, 12 October 2017, HM Land Registry's plans to use digital signatures and GOV.UK Verify(RIP) in their new digital mortgage deeds. Their bosses, the Department for Communities and Local Government, issued a consultation on those plans. Herewith one response:
17 December 2017, this document is a response to the Department for Local Government and Communities consultation on improving the home buying and selling process[1]. The response is submitted by David Moss, a member of the public, who is not responding on behalf of any organisation and who is happy for the response to be published and for it to be attributed to him.


· The Department assumes that open data will cause innovation in the process of buying and selling homes. No reason is advanced for believing that.
· HM Land Registry have published their intention to rely on digital signatures for mortgage deeds. The Law Commission have reservations about digital signatures which the Department may wish to consider.
· HM Land Registry have published their intention to rely on GOV.UK Verify for the identity assurance required for mortgage deeds. The Law Commission have reservations about GOV.UK Verify and so do central government, local government and the private sector. Again, the Department may wish to consider these reservations before proceeding.
· It may seem obvious that electronic signatures and GOV.UK Verify should be incorporated into HM Land Registry’s plans. It isn’t.
Q10. Are there any particular public sector datasets which you think should be released as open data in order to drive innovation in the home buying and selling process?

1. The assumption being made by the Department in question 10 is that open data causes innovation. It is suggested here that that assumption should be downgraded to a hypothesis. A hypothesis which requires proof before the Department acts on it.
2. The world has had innovation in the past without having open data. The UK has open data now, for example Companies House company information[2], and there is no sign of innovation.
3. The connection between open data and innovation is asserted several times by Mr Stephan Shakespeare in his report An Independent Review of Public Sector Information[3]. Close reading of that report reveals nothing but a hole[4] where there should be an argument to prove that there is a connection.
4. Mr Shakespeare appeared with Professor Sir Nigel Shadbolt before the Public Administration Select Committee[5] four years ago and the two of them asserted that open data will automatically inspire innovation, again without providing any argument to support this assertion. Without that evidence, the belief in the efficacy of open data is no more than a belief in magic[6].
Q9. What should the government do to accelerate the development of e-conveyancing?
5. On 28 July 2017 HM Land Registry published Verifying a secure digital mortgage service[7], where they advocate the use of digital signatures as part of their move to a “fully digital mortgage deed”.
6. The Department may wish to note before proceeding that the Law Commission have reservations about digital signatures. These are set out in Chapter 6 of their consultation document, Making a Will[8], please see paragraphs 6.15 to 6.43.
7. “To ensure the right person is signing the deed”, HM Land Registry say, “we have been working with the Government Digital Service (GDS) to enable us to use GOV.UK Verify[9], the government identity assurance service”.
8. Again, the Department may wish to note the Law Commission’s reservations, expressed at paragraph 6.67: “Verify does not currently ensure that the person entering the information is in fact the person he or she is purporting to be; rather it focuses on verifying that the person exists”.
9. If the Law Commission are right about the deficiencies of GOV.UK Verify, then neither the Land Registry nor any of the other parties involved could be sure that the “fully digital mortgage deed” had been signed by the right person.
10. There are many further reasons for HM Land Registry to be wary of relying on GOV.UK Verify.
11. Among others, in the 126 weeks between 13 July 2015 and 10 December 2017 the completion rate[10] has averaged just under 36%. That is, the failure rate is just over 64%. (Completion rate is defined as “the proportion of visits started on GOV.UK Verify that result in successfully accessing a service, following the creation or re-use of a verified account with a certified company”.) It looks imprudent for HM Land Registry to depend on a system that fails 64% of the time.
12. Also, according to Government services using GOV.UK Verify - May 2016 update[11], there were 13 on-line public services using GOV.UK Verify at the time. Today, there are 15[12]. Just two services have been added whereas, in May 2016, 18 services were going to be added “in the next year”.
13. This failure to convince central government, local government[13] and the private sector[14] to nail their colours to GOV.UK Verify may be taken as a warning by the Department. What would HM Land Registry do if, as seems increasingly likely[15], GOV.UK Verify is discontinued?
(830 words)

Updated 20.1.18
Here we are barely a month since Her Majesty's Land Registry's (HMLR) consultation on digital mortgages closed. There was Christmas in between and you would hardly expect any response yet. And you'd be right. There has been no response.

What you also wouldn't expect is that HMLR would proceed anyway with its imprudent plan to rely on GOV.UK Verify (RIP). But blow me down if that isn't exactly what they're doing.

A written statement to Parliament was issued on 18 January 2018 by The Rt Hon Greg Clark MP, Secretary of State for Business, Energy and Industrial Strategy, please see Departmental contingent liability notification: HM Land Registry digital mortgage service:
HMLR’s new digital mortgage service will enable borrowers to sign mortgage deeds digitally, speed up the re-mortgage process and improve the customer experience. A new liability risk arises with this service because HMLR will certify the identity of a borrower when that person provides a digital signature in advance of registration. This liability sits outside of the scope of HMLR’s existing statutory compensation scheme (Schedule 8, Land Registration Act 2002).

The risk of the new liability occurring is considered low. The new process, where the borrower’s identity has to be verified through GOV.UK Verify [RIP] combined with HMLR’s independent security processes, should in fact reduce the overall risk of fraud. To date GOV.UK Verify [RIP] has not identified a single example of fraud despite in excess of 1.25 million citizens’ accounts having been created using the GOV.UK Verify [RIP] service.
This matter comes under Her Majesty's Treasury's rules for Managing Public Money, please see specifically Annex 5.4 on liabilities. Members of Parliament can object to non-statutory liabilities being taken on:
A5.4.26 The indemnity should not go live until 14 parliamentary sitting days, after the Minute has been laid. Every effort should be made to ensure that the full waiting period falls while parliament is in session.

A5.4.27 If an MP objects by letter, Parliamentary Question or Early Day Motion, the indemnity should not normally go live until the objection has been answered. In the case of an Early Day Motion, the Member(s) should be given an opportunity to make direct personal representations to the minister, eg proactively arranging a meeting with them. The Treasury should be kept in touch with representations made by MPs and of the outcome.
Readers are enjoined to approach their MP and ask him or her to object to HMLR lashing itself to the corpse of GOV.UK Verify (RIP). Suggested text for an approach:
Request that you register an objection re HM Land Registry and GOV.UK Verify

Dear ...

I write to ask you to object to a proposal made on 18 January 2018 by The Rt Hon Greg Clark MP, Secretary of State for Business, Energy and Industrial Strategy, please see Departmental contingent liability notification: HM Land Registry digital mortgage service [1].

HM Land Registry wishes to introduce digital mortgages using a new process “where the borrower’s identity has to be verified through GOV.UK Verify”. GOV.UK Verify is a failed identity assurance scheme introduced by the Government Digital Service, part of the Cabinet Office.

According to the Law Commission: “Verify does not currently ensure that the person entering the information is in fact the person he or she is purporting to be; rather it focuses on verifying that the person exists”, please see Making a will [2], para.6.67 on p.119.

There are many objections to GOV.UK Verify, whose survival is unlikely. The system has been rejected by HMRC and the NHS, by local authorities and by the banks for anything to do with payments. The Law Commission’s objection is among the most cogent, suggesting that GOV.UK Verify cannot meet the requirements of a signature, whether for a will or for a mortgage.

HM Land Registry undertook a public consultation [3], the last date for responses to which was 17 December 2017. No account seems to have been taken of that consultation.

HM Treasury lays down rules for the proper management of public money [4]. The Minister’s proposal is premature and imprudent. He says: “Subject to no objections being received, I intend to authorise the proposal to undertake contingent liability for the digital mortgage service, after the usual 14 parliamentary sitting days” and I would ask you to register an objection within 14 parliamentary sitting days of his 18 January 2018 statement.

Yours sincerely


4. 454191/Managing_Public_Money_AA_v2_-jan15.pdf please see in this case Annex 5.4 on liabilities, particularly clauses 5.4.26 and 5.4.27 on objections.

Updated 22.1.18

As you know, the Secretary of State for Business, Energy and Industrial Strategy has bravely taken the decision to rely on GOV.UK Verify (RIP).

Digital mortgages should be digitally signed in the modern 21st century Land Registry and GOV.UK Verify (RIP) is precisely the tool for the job. That is the assumption in the Minister's statement. Ask anyone and they'll tell you, no. It's not the right tool. The number of times GOV.UK Verify (RIP) has been used in the nearly four years of its unhealthy life for digital signatures is zero.

You may have responded to the request above like a responsible citizen and written to your MP asking him or her to raise an objection to this reckless move. In which case you had better have the answers to any questions your MP asks you.

Someone, possibly the Minister, possibly his officials, is worried about the contingent liability that the Land Registry is taking on. That's why the Minister's statement says "the risk of the new liability occurring is considered low".

The Minister digs deeper and adds "the new process ... should in fact reduce the overall risk of fraud". That's a fact, apparently, but somehow the figures for the risk in the current process and the risk in the new process are not quoted. Why does the Minister believe that the risk will be reduced? No answer.

Well , not quite no answer. The Minister does say that "to date GOV.UK Verify [RIP] has not identified a single example of fraud despite in excess of 1.25 million citizens’ accounts having been created using the GOV.UK Verify [RIP] service".

Click on the link and you will find a list of 13 on-line public services that currently use GOV.UK Verify (RIP). None of them involving digital signatures. Signatures which are normally taken to be irrevocable. Digital signatures are serious.

No frauds arising as a result of the use of GOV.UK Verify (RIP) with these 13 services have yet been identified. But then none of these services involve buying assets that cost £226,071 on average in the UK in November 2017 according to the Land Registry. That is a greater incentive for a fraudster than, say, Check your State Pension, one of the existing 13 services. The risk of fraud may increase, not decline.

There were nearly 70,000 property sales in England and Wales in September 2017. That's over £15 billion-worth of transactions. The Minister made his statement because his "department proposes to undertake a contingent liability of £300,000 [or] above". £300,000 is 0.002% of £15 billion. And that's just one monthsworth of property transactions. The probability of fraud had better be very very low.

"... in excess of 1.25 million citizens’ accounts" sounds like a lot of accounts. But is it? You create a GOV.UK Verify (RIP) account by registering with a so-called "identity provider". There are seven "identity providers" at the moment. Each person may create seven accounts for himself or herself. 1,250,000 million accounts may imply as few as 178,571 people.

That's still a decent size number but it's a lot less than 1,250,000 and it's a lot less confidence-inspiring. In fact, it's a bit unnerving. Why doesn't the Minister tell us the number of people involved? Why does he tell us the number of accounts instead?

If you take a look at the GOV.UK Verify (RIP) dashboard on the Government Digital Service's (GDS) performance platform you'll find that 15 public services use GOV.UK Verify (RIP). Not 13. Which is it? Not strong on numbers, the Minister's statement ...

... and not comprehensive. HMRC started a new on-line public service, Personal Tax Account, in December 2015. In February 2017 just over a year later John Manzoni, Chief Executive of the Civil Service, told us that "more than 8 million citizens have now signed up".

That is not mentioned in the Minister's statement. 1,250,000 now starts to look a bit pathetic after all and it's again a bit unnerving that the Minister provides no context, it's not easy for his readers to know if 1,250,000 is a big number or it isn't. And of course 178,571 now looks microscopic.

Most people using HMRC's Personal Tax Account service verify their identity using the venerable Government Gateway system, not GOV.UK Verify (RIP). Not mentioned in the Minister's statement but the question arises anyway, why aren't the Land Registry using the tried and tested Government Gateway?

What is the point of introducing digital signatures? To save time? How much time? The Minister doesn't say. It's going to be hard to argue the case, though. Over half the attempts to use GOV.UK Verify (RIP) fail. That's according to GDS's own statistics. That's time wasted, not time saved.

And remember, even if someone does manage to use GOV.UK Verify (RIP) to digitally sign their mortgage deed, the Law Commission remain unconvinced: “Verify does not currently ensure that the person entering the information is in fact the person he or she is purporting to be; rather it focuses on verifying that the person exists” (para.6.67). The Land Registry will not know who signed any digital mortgage deed.

That should give your MP a basic grounding in the matter, it should indicate that there's something there to object to – a contingent liability is being taken on for no good reason – and that the Minister has a lot of explaining to do.

No comments:

Post a Comment