Friday, 28 July 2017

RIP IDA – the last blip on the life support system monitor

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

"If Verify is the answer, what was the question?"

The Law Commission: "Verify does not currently ensure that the person entering the information
is in fact the person he or she is purporting to be;
rather it focuses on verifying that the person exists" (para.6.67/p.119)

The signs of life are petering out:
  • GOV.UK Verify (RIP) blog posts are now collectors' pieces. Like the Cabinet Secretary's once loud expressions of support for GOV.UK Verify (RIP).
  • The GOV.UK Verify (RIP) team hardly ever tweet.
  • They never go live on a new central government service. The big departments of state look like sorting out identity assurance themselves.
  • Local government is deserting GOV.UK Verify (RIP) even before joining it.
  • The Open Identity Exchange (OIX) publishes one report after another explaining why GOV.UK Verify (RIP) has nothing much to offer the private sector in general and nothing whatever to offer the financial services sector in particular.
  • Cabinet Office ministers come, they are made to say something ridiculous about the importance of GOV.UK Verify (RIP) and then they go.
  • Two executive directors of GDS have left, there weren't even any ripples on the departure of the second one and his replacement, a director general, didn't take the opportunity of his appointment to abandon their apology for a strategy – 25 million GOV.UK Verify (RIP) users by 2013 2020.
There is still the occasional blip on the GOV.UK Verify (RIP) life support system monitor. techUK hosted an encounter between GDS and the UK's technology suppliers earlier this week, a market briefing on GDS's government transformation strategy.

For an organisation claiming that making things open makes them better GDS have been very quiet about this event, which may as well have taken place on board a submarine. The press were excluded ("Press weren’t invited to the event"). Even DMossEsq failed to get in.

But some reports have been published. GDS wants IT suppliers to use its GaaP products – but won’t offer service guarantees, for example, Government needs tech industry skills to deliver on transformation plan, says GDS boss CunningtonGDS chief to set out plans to meet Transformation Strategy agenda and GDS sets out vendor prospects from its transformation strategy plans.

From those reports it seems that GDS have been working hard on undermining GOV.UK Verify (RIP) by producing a version that doesn't verify people's identity. And that they want suppliers in the technology sector to use GDS's platform components only.

10 out of 10 for trying to be totalitarian but GOV.UK Notify and GOV.UK Pay aren't even live – so how could techUK's members use them and why would they abandon the products they already use? And next to no-one in central and local government and in the private sector wants to use GOV.UK Verify (RIP) – so why would techUK members want to use it, even if it doesn't verify anyone's identity?

The last time Whitehall tried to insert itself into the nation's payment systems the banks and the major retailers said no. On balance, they preferred the UK economy to survive. The same answer is confidently expected this time.

Jerry Fishenden has already explained the need for a rethink. So has Alan Mather in his GDS isn't working series.

Both of them were prime movers in the design and deployment of the Government Gateway, which remains today the main way for individuals and businesses to access central government services on-line, unlikely as that may seem – as Mr Mather says: "the Government Gateway is still there, 16 years old and looking not a day older than it did in 2006 when the [user interface] was last refreshed". They both want to see the Government Gateway replaced but GOV.UK Verify (RIP) is not in their view a feasible replacement.

Messrs Fishenden and Mather have actually done the job. GDS have proved that it's beyond them. What do we do now? There's no point asking GDS. Has anybody asked Messrs Fishenden and Mather?

GDS's much-vaunted digital-by-default government is impossible without identity assurance. The UK isn't going to get that from GOV.UK Verify (RIP), as DMossEsq has said for years with nary a response from GDS, hermetically sealed from reality as they are. Two exemplary public servants saying the same thing carries infinitely more weight. GOV.UK Verify? RIP.


Updated 19.8.17

As we were saying above GOV.UK Verify (RIP)-wise, "Messrs Fishenden and Mather have actually done the job. GDS have proved that it's beyond them. What do we do now? There's no point asking GDS. Has anybody asked Messrs Fishenden and Mather?".

Bryan Glick, the esteemed editor of Computer Weekly magazine, had already published Jerry Fishenden, please see Verify and identity assurance - it's time for a rethink.

He's on the case and in his Verify fails to meet key business case targets Mr Glick also cites Alan Mather and adds the National Audit Office, whose March 2017 report on digital transformation in government calls for more clarity on GDS's rôle. Not just once, 33 times the NAO call for more clarity.

The main burden of Mr Glick's editorial is that GDS have failed to deliver on a single one of the promises made in the business case for GOV.UK Verify (RIP). The business case made to the Treasury is a false prospectus:
  • Too many people have trouble registering in the first place and too many people have trouble subsequently using GOV.UK Verify (RIP) to access public services.
  • 1.4 million GOV.UK Verify (RIP) accounts have been created. With seven "identity providers" to choose from, that could represent just 200,000 people with seven accounts each. GDS are committed to 25 million users by 2020. That's 25 million people. They have just three years to add up to 24.8 million people. At the present rate, that is impossible ...
  • ... it is also pointless if these people create level-of-assurance-1 accounts (LOA1), "little more than a system to set up a username and password", as Mr Glick says. The relying parties like HMRC and DWP and the NHS need properly assured accounts out of it if GOV.UK Verify (RIP) is to be ... reliable. The notion that they or the banks or the major retailers could rely on these LOA1 accounts now being offered by GDS is laughable.
  • Not enough public services have signed up to use GOV.UK Verify (RIP) and so much do they distrust it that they're developing their own identity assurance systems.
  • The promised cost savings do not look like materialising and, when asked about that, GDS avoid the question.
If one of the big systems integrators (SIs) turned in a performance like this GDS and its supporters would quite rightly be among the first to castigate them. There is no good reason to treat GDS differently from Capita, say, or Fujitsu, or any of the other SIs.

GDS have become a big SI themselves, with hundreds of staff, smart offices, influential PR, the connivance of senior officials and politicians, budgets measured in the hundreds of millions of pounds and guaranteed long-term public sector contracts.

We don't need another big SI. We want, need, deserve and pay for delivery and we're not getting it from GDS:
  • Alan Mather and Jerry Fishenden are admirably clear on that point.
  • The NAO imply it with their 33-fold call for clarity.
  • Mr Glick looks as though he agrees.
  • And then there's the Law Commission, please see the rubric above: "Verify does not currently ensure that the person entering the information is in fact the person he or she is purporting to be".
"The first services will be developed and tested by February 2012, with IDA [identity assurance, now GOV.UK Verify (RIP)] due to be rolled out for initial public services by autumn 2012". That's what GDS told Computer Weekly a long time ago. The first in an unbroken series of broken promises, nothing has been achieved in the past five years.

How long can this sleazy misfeasance in public office continue?

Is there any good reason you can think of why it should continue beyond today? What in your opinion would we lose if GOV.UK Verify (RIP) was cremated in 10 minutes time?

Updated 20.8.17

There is a section in Bryan Glick's editorial, Verify fails to meet key business case targets, on the per-user costs of GOV.UK Verify (RIP).

Once-off registration supposedly costs about £8 per new user, he says, and using GOV.UK Verify (RIP) to access public services is supposedly costing a further £4 p.a. or so per user.

The public cannot know how accurate these figures are because they are hidden behind commercial confidentiality. That's GDS's untutored idea of running a market.

The true figures could be lower. If GOV.UK Verify (RIP) ever reached 20 million accounts, they could fall by a factor of four to £2 up-front and £1 p.a. according to Mr Glick.

There again, according to Jerry Fishenden and others, "informally people close to those running the services, both inside government and at the commercial providers, indicate that the charges made by the companies range from around £9 to over £20 per user".

Here we are in the world of rumour and hearsay. We are none the wiser about the costs the taxpayer is paying for the useless GOV.UK Verify (RIP).

Mr Glick goes on to say that "even those lower amounts [£2 and £1 as against £8 and £4] compare unfavourably with commercial online identity tools for consumers. For example, Microsoft’s Azure Active Directory, which is described as 'a cloud-based identity and access management solution for your consumer-facing web and mobile applications', charges just £0.00209 – one-fifth of one penny – per user authentication up to 950,000 users, dropping to £0.00157 for nine million users".

Does it follow that 25 million on-line identities would cost just £39,250 p.a. if only HMG used Microsoft Azure instead of GOV.UK Verify (RIP)?

No of course it doesn't.

Click on the link provided by Mr Glick. That gets you to pricing for the business-to-consumer active directory service of Microsoft's Azure product. Click on the 'Calculator' option and then have fun choosing all the services you would need for 25 million people accessing UK public services. DMossEsq got to $7.7 million per month in no time, before adding UK servers, backup, support, security, networking, ...

It wouldn't necessarily be cheaper to use Azure. It may be a lot more expensive. It's not cheap at any price to use GOV.UK Verify (RIP) – it doesn't work, it's a waste of money. It could be cheap to use Azure, if it works and if the UK doesn't mind losing control of its personal information.

The point to take away is that Microsoft look as though they have a product and GDS don't:

Updated 3.9.17

Edward Lucas of The Economist newspaper, writing in The Times newspaper about 10 days ago, We need digital IDs to beat cyber fraudsters, made no reference to GDS's GOV.UK Verify (RIP). Estonia got a mention. But not GDS.

DMossEsq took him up on this omission in the comments below the line which brought forth this response:
Edward Lucas 7 days ago
@David Moss I didn't mention Verify because it is indeed moribund ...

Updated 12.10.17 1

Disclosure and Barring Service to introduce new digital services. That's what it said on the Government Computing website at the end of August, six weeks ago: "Users will be able to submit barring referrals online and apply online for a basic criminal record check".

Disclosure and Barring Service plans digital push, said the UKAuthority website on the same day, "September launch planned for new online barring referral system with more to follow next year".

Four days before, the Disclosure and Barring Service (DBS) had issued a press release, in which we read: "If you live or work in England or Wales you’ll be able to apply online for a basic criminal record check through DBS from January 2018. As part of the online application you’ll need to prove your identity through GOV.UK Verify [RIP]".

DMossEsq predicts, you will not be surprised to know, that relying on GOV.UK Verify (RIP) will be problematic for DBS. No doubt DBS disagree. Otherwise they wouldn't have elected to use GOV.UK Verify (RIP). We shall see.

DMossEsq makes this prediction also – that, in the case of people registering with GOV.UK Verify (RIP) for the first time, to use the DBS service, they will mostly be recommended to choose GB Group plc, also known as "CitizenSafe", as their "identity provider".

GB Group have the lowest certification of any "identity provider" (apart from the Post Office). So why would applicants be pushed in their direction?

Answer, because GB Group have a proper job as well as their GOV.UK Verify (RIP) hobby: "GBG (GB Group PLC) are the UK’s largest criminal record checking provider".

Updated 12.10.17 2

Borrowers trial our Digital Mortgage service.

"Our digital mortgage service" here means the Land Registry's digital mortgage service: "The aim of the service is to allow conveyancers to create a digital mortgage deed, which can then be signed by the borrower(s) using a digital signature and submitted to us so we can update the register".

Digital mortgages? Digital signatures? Whatever next?

For a long time, the answer seemed to be "nothing". Whatever next? Nothing. That Land Registry blog post about the digital mortgage trial was published well over a year ago, May 2016, and then nothing happened ...

... until July 2017 when the Land Registry published Verifying a secure digital mortgage service: "To ensure the right person is signing the deed, we have been working with the Government Digital Service (GDS) to enable us to use GOV.UK Verify [RIP], the government identity assurance service ... Following some final testing, we aim to have completed the first fully digital remortgage deed later this year".

As with the Disclosure and Barring Service, please see aboveDMossEsq predicts that relying on GOV.UK Verify (RIP) will be problematic for the Land Registry.

No doubt the Land Registry disagree. Otherwise they wouldn't have elected to use GOV.UK Verify (RIP). We shall see.

The Law Commission don't believe that GOV.UK Verify (RIP) can assure the Land Registry that "the right person is signing the deed", please see rubric above (para.6.67). No doubt the Land Registry have a good reason for ignoring/flatly contradicting the Commission.

OIX, the Open Identity Exchange, have warned that GOV.UK Verify (RIP) has nothing to offer the financial sector. The Land Registry must know something that OIX don't.

A little patience and all will ultimately be revealed.

For the moment, just take another look at: "Following some final testing, we aim to have completed the first fully digital remortgage deed later this year".

"... the first fully digital remortgage deed". A quick scan of the Land Registry's blog post might leave you with the impression that they're offering a digital mortgage service. They're not. You've got to have a mortgage first. Their service only works if and when you try to re-mortgage, when all the verification and authorisation work has already been done. GOV.UK Verify (RIP) doesn't come into its own until it's not needed.

This isn't the first time. We've come across it before, with the Blue Badge scheme.

The tireless Ian Litton has been trying to lever GOV.UK Verify (RIP) into Blue Badges for years. Since May 2014, or even before that.

Earlier this year a trial was announced to use GOV.UK Verify (RIP) to issue Blue Badges. At least, it looked as though that's what the announcement said. But close reading indicated that the trial only covered the re-issue of Blue Badges when the old one has expired and when all the verification and authorisation work has already been done.

The aspiration is modest. GOV.UK Verify (RIP) has a lot to be modest about.

Updated 12.10.17 3

Could GOV.UK Verify (RIP) help with criminal record checks? Or digital mortgages? Or Blue Badges?


If it supported attribute exchange.

And how many of GOV.UK Verify (RIP)'s "identity providers" are certified for attribute registration?


Updated 12.10.17 4

Let's say you've been working on a national identity assurance scheme for six years. GOV.UK Verify (RIP), for example. You've embraced agile software engineering methods. You've made thousands of small amendments to the system over the years, so that it's forever improving. You've conducted hundreds of user research sessions, you know what people want, so that's what you must be delivering. Stands to reason.

And yet.

Central government departments in the main want nothing to do with your scheme. Local government, ditto. And the private sector seems to be getting on perfectly well without you.

What to do?

Apologise and resign?

Not a bit of it. GDS seeks help to make Verify go international.

They haven't managed to go national yet with GOV.UK Verify (RIP) but the Government Digital Service want these helpers to "scope the feasibility of potentially connecting Verify to the eIDAS framework and provide sizings and estimates for the next phase".

eIDAS should "enable UK citizens to use a Verify identity to access services abroad". The framework was published in July 2014, following years of international consultation. Only now do GDS want to connect to eIDAS ...

... or at least potentially connect to it ...

... well, not so much potentially connect to it as scope the feasibility of potentially connecting to it.

"Agile" may not be the first word that comes to mind as you survey this hopeless dereliction.

Updated 13.10.17 1

As we wrote on 28 July 2017: "Messrs Fishenden and Mather have actually done the job. GDS have proved that it's beyond them. What do we do now? There's no point asking GDS. Has anybody asked Messrs Fishenden and Mather?".

There's no point asking GDS how to get a national identity assurance scheme up and running.

That seems to be agreed – John Manzoni, CEO of the UK civil service, has asked McKinsey.

Let's hope he's also in contact with Messrs Fishenden and Mather.

Updated 13.10.17 2

22 September 2017, OIX hosted an identity assurance workshop with six presentations.

OIX, the Open Identity Exchange, is GDS's business partner.

One of the six presentations was given by Kent County Council, which comprises 15 borough and district councils including 1½ million people.

Local government is where government takes place. That's one place where you need functioning identity assurance. The slide deck from Kent's presentation includes this gem:

Kent will not be using GOV.UK Verify (RIP).

Why not?

They don't give as their reason that GOV.UK Verify (RIP) simply doesn't work. Nor that it's too expensive.

The reason Kent give is even more basic: "The costs of using Verify aren't clear".

GDS set out to create an identity "ecosystem" or market. Markets are where goods and services are traded. Without a price, you can't trade.

Six years in, and GDS haven't got to first base – there's no known price for a local authority to use GOV.UK Verify (RIP). "GDS have never created or regulated a market in their lives. And it shows", as we said in March 2016.

Kent's presentation is remarkable in several ways:
  • Sitekit are one of the two hub providers GDS have inveigled into trying to supply GOV.UK Verify (RIP) to the private sector (the other being Mvine). Sitekit have their name on slide ##1-6. If they can't recommend GOV.UK Verify (RIP) to local authorities how can they recommend it to the private sector?
  • From what GDS say, you'd think that local authorities are incapable of digital government. They're all helpless lambs, hopelessly dependent on Lady Bountiful, GDS, up at the manor house. But Kent seem to be getting on with it quite happily without GDS, slide ##7-30.
  • Identity assurance is needed for access control. The model for identity often seems to be based most appropriately on passports. Identity assurance lets you cross borders, e.g. into your office building or into your bank account. But what is the model for passports? Arguably, club membership. Either you're in the club or you're not. How do you become a member? Existing members of the club/community vouch for you, they act as your sponsors or referees. There is no recognition of that anywhere in GDS's model of identity assurance but it looks as though Kent have understood, slide ##23-28:

GOV.UK Verify (RIP) says a person = a passport + a driving licence + a credit history and has become as a result a machine for excluding people. The Kent model looks as though it knows what a community is.

No comments:

Post a Comment