Tuesday 21 June 2016

RIP IDA – in search of a rôle

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
As noted on 26 May 2016, GOV.UK Verify (RIP) will not replace the Government Gateway. GOV.UK Verify (RIP) won't be any use to hundreds of millions of Her Majesty's Revenue and Customs's annual transactions, worth hundreds of billions of pounds. HMRC are developing their own successor to the Government Gateway.

Nor will GOV.UK Verify (RIP) help with age verification. All those transactions where we have to prove our age in order to be eligible? We'll have to find some other way to do it, even if we have one or more GOV.UK Verify (RIP) accounts.

The huge prize of inserting GOV.UK Verify (RIP) into the nation's payment systems has also eluded the Government Digital Service (GDS). If payments depended on GOV.UK Verify (RIP), the UK would be reduced to a barter economy in no time.

What does that leave for GOV.UK Verify (RIP)?

It's in a precarious position. We've never needed GOV.UK Verify (RIP). Once we've got a new Government Gateway and new age verification systems and new payments systems, we'll need it even less.

In the meantime, GDS are holding out for a rôle for GOV.UK Verify (RIP) in 10 vaguely specified systems:
  • Register a child’s birth in Northern Ireland – TBC (to be confirmed).
  • File for uncontested divorce – TBC.
  • Inheritance tax online – TBC.
  • View your medical benefit – TBC.
  • Voluntary dissolution of a company – TBC.
  • Amend your driver record – TBC.
  • Sign your mortgage deed – TBC.
  • Apply for the Personal Independence Payment – TBC.
  • Child maintenance – TBC.
  • Bereavement support – TBC ...
GDS's case is undermined by repeatedly claiming that all eight of their "identity providers" are certified trustworthy. They're not.

And by repeatedly claiming that GOV.UK Verify (RIP) abides by all nine identity assurance principles specified by the Privacy and Consumer Advisory group. It doesn't.

And by repeatedly asserting, without qualification, that GOV.UK Verify (RIP) is secure. It can't be. Nothing is.

GDS are undermining the case for Government as a Platform – instead of GOV.UK Verify (RIP) being the single pan-government identity assurance platform, it will be just one among many. Ditto GOV.UK Pay if that platform ever sees the light of day.

And they are undermining the case for data as a public service/evidence-based policy-making, please see Matt Hancock: 83 + 83 = 71.

Exploring the need for GOV.UK Verify [RIP] in local government - get involved was published on 1 June 2016. GDS sound like a supplicant. Will local government intercede on GDS's behalf, where HMRC and others have refused?

Most government in the UK is local government. Mostly, it is local authorities who have to deliver public services. It is local authorities, most of the time, who have to deal with people in person. It is local authorities and not the theoreticians in GDS who have the practical experience of government.

It is possible that local government will come to GDS's rescue. But a 19 June 2016 article on the Government Computing website makes it clear how unlikely that is.

Money is one problem. GDS can't tell the local authorities how much GOV.UK Verify (RIP) would cost them:
Another key consideration for any potential ID solution for local authorities making use of GOV.UK Verify [RIP] is expected to be around finalising a financial businesses case for who will pay private ID suppliers for the service. Delegates at a Socitm [the Society of Information Technology Management] conference held in Leicester last October raised concerns around a lack of a financial plan over how Verify may be adapted and run.
Three times we are told that local authorities need "highly assured" on-line identities but that's just what GOV.UK Verify (RIP) can't provide. The US National Institute of Standards and Technology say that GOV.UK Verify (RIP) doesn't prove people's identities, it just collects a lot of self-certifications.

What is the supposed attraction for local authorities? Why should they use GOV.UK Verify (RIP), according to GDS?

The Blue Badge project is trotted out again. Years of hard work on it, and still no sign of a transformed, digital-by-default service.

Apart from that, what are the "high priorities requiring a system to check individual user eligibility"? Answer apparently, "local authority taxi licensing and parking permit functions".

Opening a GOV.UK Verify (RIP) account requires you to hand over reams of personal information to companies in countries all over the world. GDS may believe that people are prepared to do that just to get a resident's parking permit. Local authorities may believe that that is questionable.

It's out of proportion. It's an unnecessary risk for residents. And who would be liable in the case of losses following a security breach? GDS? Or would it be the local authorities?

That is not the rôle of local government.

And GOV.UK Verify (RIP) will have to try elsewhere to discover its rôle.

RIP IDA – in search of a rôle

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
As noted on 26 May 2016, GOV.UK Verify (RIP) will not replace the Government Gateway. GOV.UK Verify (RIP) won't be any use to hundreds of millions of Her Majesty's Revenue and Customs's annual transactions, worth hundreds of billions of pounds. HMRC are developing their own successor to the Government Gateway.

Nor will GOV.UK Verify (RIP) help with age verification. All those transactions where we have to prove our age in order to be eligible? We'll have to find some other way to do it, even if we have one or more GOV.UK Verify (RIP) accounts.

The huge prize of inserting GOV.UK Verify (RIP) into the nation's payment systems has also eluded the Government Digital Service (GDS). If payments depended on GOV.UK Verify (RIP), the UK would be reduced to a barter economy in no time.

What does that leave for GOV.UK Verify (RIP)?

Thursday 16 June 2016

Matt Hancock: 83 + 83 = 71

"We recently [6 April 2016] completed the process of connecting certified companies to GOV.UK Verify [RIP] under the new framework for certified companies". So says Pete Gale of the Government Digital Service (GDS) in a blog post on 15 June 2016, Improving the experience of verifying with certified companies.

"As a user researcher, my main focus in this process was how we ensure that these companies provide services that meet the needs of our users", he goes on, and adds "this presented some interesting challenges for us ...".

"Interesting challenges"? How did that go?

Very well, apparently: "It’s been hard work, but we’re really happy with what we’ve achieved".

Suppose we test that judgement.

Go through the early stages of the GDS process of opening a GOV.UK Verify (RIP) account and after some preliminaries you get to a screen that says "based on your answers, 3 companies can verify you now" and then "we’ve filtered out 5 companies, as they’re unlikely to be able to verify you based on your answers".

That doesn't sound as though "these companies provide services that meet the needs of our users".

This is the graphic accompanying GDS's self-congratulatory blog post:


"A certified company will verify your identity", it says, and then names eight companies. Four of them are certified trustworthy by tScheme – Verizon, CitizenSafe, digidentity and Experian. The other four aren't. GDS are in danger of misleading their users on that point ...

... and with their claim that "there's no charge for this service". Is the GOV.UK Verify (RIP) team working for free? Does the landlord charge no rent for their office space? Are these eight so-called "identity providers" being paid nothing for their GOV.UK Verify (RIP) work?

"A certified company will verify your identity", it says, but the US National Institute for Standards and Technology (NIST) disagree. NIST say that GOV.UK Verify (RIP) provides a platform for no more than self-certification.

GDS don't tell their users that these aren't the only companies involved. Our personal information is shared with several other companies, in the UK and abroad.

GDS do tell us that we have control over our personal information. But that's not true. Try closing a GOV.UK Verify (RIP) account and you'll be told that your personal information must be retained for at least seven years. So much for "these companies provide services that meet the needs of our users".

Users do have needs and GOV.UK Verify (RIP) can't meet them. GDS have failed. That's why Her Majesty's Revenue and Customs, among others, are having to develop their own identity authentication procedures ...

... and yet as far as GDS are concerned "we’re really happy with what we’ve achieved".

It's not just GDS. Their political boss, Matt Hancock MP, Cabinet Office Minister, suffers from the same delusion. He gave a speech on 14 June 2016, Building the nation's digital DNA. "Take GOV.UK/Verify [RIP]", he said, "the new service allowing you [to] prove who [you] are online ... It’s now live [since 24 May 2016], and already over half a million identities have been verified securely online".

You might assume that those half a million identities have been verified since 24 May 2016. No. Misleading. It's taken since 13 October 2014. You won't fall for the claim that GOV.UK Verify (RIP) is secure. Not secure without qualification. But that's what Mr Hancock says. GDS say it, too:


"GDS have carried [out] fortnightly user research, including in their user lab and in citizens’ homes as they use the service", says Mr Hancock. "This has led to improvements that mean a new GOV.UK Verify [RIP] user is almost twice as likely to successfully complete the process than they were a year ago".

What do you make of that? You want some figures, don't you.

The GOV.UK Verify (RIP) account creation success rate was 71% as at 12 June 2016. So was it 35.5% as at 12 June 2015? No. According to GDS's performance platform, it was 83%.

So why does Mr Hancock say that "a new GOV.UK Verify [RIP] user is almost twice as likely to successfully complete the process than they were a year ago"? Goodness knows. Maybe he mistakenly relied on GDS to give him the facts. Maybe he doesn't care what he says. Perhaps he's just not very good with figures.

But that can't be right. He went on to tell his audience that "underpinning any transformation is the central role of data".

He's talking about the transformation of government. He wants to transform not just government but also the relationship between us Brits and the state. And he relies on computers to accomplish this transformation – "digital by default", that's GDS's motto.

How's he going to do it? Mr Hancock has "three guiding principles, based on what we’ve learnt from the last six years of digital transformation in central government".

Principle #1 is to start small and then scale up. GDS started small with 25 "exemplar" services. That transformation programme was a bit of a fiasco. It was described by the now departed deputy director of GDS as putting "lipstick on pigs". Worst of all was the failure of the rural payments scheme, which was overseen by the executive director of GDS himself. He, too, is now departed, as is GDS's director of transformation.

You might think that the transformation programme was a fiasco but, according to Mr Hancock, "its [it's?] delivered 20, usually, brilliant digital public services, and it’s also proved our point ... GDS has been backed with £450 million in the Spending Review to drive forward the next phase of transformation over this Parliament".

Principle #2 states that "digital transformation is business transformation". That could mean anything. In this case, it means (central) Government as a Platform (GaaP). And what does GaaP mean? It means cutting the central government departments down to size, taking their data away from them, centralising it in a shared pool of registers, a "single source of truth", and giving them access to it via common platforms.

That's where we came in. GOV.UK Verify (RIP) is GDS's identity assurance platform. It doesn't work. Then there's the payments platform, which the public haven't seen yet. Ditto the notification platform. Let's hope that GOV.UK Pay and GOV.UK Notify work better than GDS's digital marketplace platform. And their voter registration platform, which collapsed the other day because people tried to register to vote.

3 November 2015
The Minister for Cabinet Office Matt Hancock spoke about data-driven government at the Open Data Institute (ODI) summit

The digital platforms we’re building, led by the brilliant GDS, will depend on strong data foundations.
Mr Hancock asserts that GaaP will solve all the traditional government IT problems. More than that, in a series of old canards, he says that sharing all our personal information in the single source of truth will (a) inspire innovation and expand the economy and (b) it will make government rational and scientific. Thus principle #3. What Mr Hancock calls "data as a public service".

You may remember that we have been capable of innovation before. And that the East German authorities had everyone's personal information but their economy collapsed anyway. And that data wasn't invented by GDS. But according to Mr Hancock this is a new world:
  • "We’ve spoken for many years about evidence-based policymaking, but modern data science is making this a reality".
  • A new world in which technology "frees people up to focus on the most fulfilling parts of human experience".
  • A new world in which "we can digitise the drudgery and make public service more rewarding" ...
  • ... and in which "we can automate work and humanise jobs".
  • A new world in which 83 is half of 71.
Some people doubt that the evidence supports Mr Hancock's policy but you may be convinced. 450 million times over.

You may feel the socially responsible need to hand over all your personal information to the central state single-source-of-truth authority.

You may be happy to know that your personal information is being shared hither and thither, beyond your control, the way it is with GOV.UK Verify (RIP).

You may believe that the transformational result will be perfect public services.

You may have been born yesterday.

----------

Updated 17:25

"90 is less than 71".
True?
Or false?

As noted above, the GOV.UK Verify (RIP) account creation success rate is currently about 71%.

On 26 March 2015 the Government Digital Service published six conditions that had to be satisfied before GOV.UK Verify (RIP) could be declared live. Condition #3 was "Success rate: 90%".

Matthew Hancock MP, Cabinet Office Minister, advocates evidence-based policy-making. The suggestion is that the administration should now behave rationally in a way that it hasn't before.

Mr Hancock has allowed GOV.UK Verify (RIP) to be declared live despite failing to satisfy at least one of the conditions set by its own developers. What kind of an example of rational behaviour is that?


Updated 9.7.16

What will turn out not to have happened next?

On 16 June 2016, just over three weeks ago, please see above, we said:
The GOV.UK Verify (RIP) account creation success rate was 71% as at 12 June 2016. So was it 35.5% as at 12 June 2015? No. According to GDS's performance platform, it was 83%.
That 83% figure was taken from a table of account creation success rates published by GDS on their performance platform, https://www.gov.uk/performance/govuk-verify/account-creation/account-creation-success-rate. Click on the link now and you get the message Page not found. The data has been deleted.

The past has been changed.

It's happened before with GDS – to demonstrate how successful their 25 exemplars of government transformation had been, GDS deleted the transformation page.

Matt Hancock: 83 + 83 = 71

"We recently [6 April 2016] completed the process of connecting certified companies to GOV.UK Verify [RIP] under the new framework for certified companies". So says Pete Gale of the Government Digital Service (GDS) in a blog post on 15 June 2016, Improving the experience of verifying with certified companies.

"As a user researcher, my main focus in this process was how we ensure that these companies provide services that meet the needs of our users", he goes on, and adds "this presented some interesting challenges for us ...".

"Interesting challenges"? How did that go?

Very well, apparently: "It’s been hard work, but we’re really happy with what we’ve achieved".

Suppose we test that judgement.

Wednesday 1 June 2016

Discovery: the UK is not a Scandinavian country

Those were heady days, 16 months ago, "Who sets the gauge rules the world". Ruling the world seemed a possibility for the Government Digital Service (GDS).

Sprint 14: 29 January 2014


"You've improved people's lives". That was taken at face value once. But now we need to know which people? How much have their lives been improved? In what way have they been improved? And has GDS really saved billions?

GDS may believe that "we've achieved so much". But, 31 May 2016, we read that the EU disagrees:
The 2016 Digital Economy and Society Index shows the UK down one place from the 15th place it achieved last year.

While the UK is the top-ranked for its open data policies, it fell short in other areas – particularly pre-filled forms on government websites.
And, 26 May 2016, we read that the Labour Party disagrees:
It is also two years since the Cabinet Office published their Digital Inclusion Strategy, setting April 2016 deadlines which have passed without fanfare or indeed any update whatsoever. One of these targets was to reduce the number of people lacking digital capability by 25%. I await their progress report, but in the meantime figures from other sources don’t fill me with hope.

Go ON UK’s Digital Exclusion Heatmap, created with the London School of Economics and the BBC in late 2015, shows that 23% of people in the UK do not possess basic digital skills.
And, 24 May 2016, it turns out that IBM disagree, too:
A wave of digital transformation has undoubtedly swept over Europe in the last decade and none have embraced this digital change at a greater rate than our Nordic cousins. While the Scandinavian countries are currently the most advanced in terms of realising a truly mature model of effective eGovernment, Great Britain is still at the 'enablement' stage of the journey.
"Still at the enablement stage" (ouch!)? Or "we've achieved so much"? Which is it?

That's a poser for Sir Jeremy Heywood, Cabinet Secretary and Head of the Civil Service. Should he maybe hire some Scandinavian digital transformation people? Harder question for him, should he maybe acknowledge that we Brits don't see government the same way the Scandinavians do?



Discovery: the UK is not a Scandinavian country

Those were heady days, 16 months ago, "Who sets the gauge rules the world". Ruling the world seemed a possibility for the Government Digital Service (GDS).

Saturday 28 May 2016

Government Gateway 1 - 0 GOV.UK Verify (RIP)


18 April 2016, RIP IDA – it tolls for thee:
In the lethal custody of the Department for Work and Pensions (DWP), the Government Gateway has been neglected for years. Now someone seems to have paid it a bit of attention. An innovation, it sent DMossEsq's mobile phone a one-time password when he logged in to take a look at his personal tax account.

We have suggested recently [1 April 2016] that the Government Gateway should be taken away from DWP and given to HMRC. Perhaps it has been.
24 May 2016, Don't tell the Cabinet Office: HMRC is building its own online ID system.

25 May 2016, HMRC plans extra authentication channel.


The Government Gateway has provided us all with on-line access to public services in the UK for 15 years and more. From its very inception, the Government Digital Service (GDS) decided to send this decent workhorse to the knacker's yard. Happy to destroy value like this, wantonly, the identity assurance committee at GDS promptly designed a camel, GOV.UK Verify (RIP).

Her Majesty's Revenue and Customs (HMRC) can't use GOV.UK Verify (RIP) to transact their business. It doesn't work. And as we now know, HMRC are designing a successor to the Government Gateway. Call it "G2".

Let's hope that when you open a G2 account you don't find that all your personal information is broadcast to a gaggle of companies you have barely heard of. Or never heard of. Companies like Equifax, ID Checker, Zentry LLC, Techmahindra Ltd and Expert Solutions Support Centre.

You wouldn't think it was necessary to say that to a responsible department of state. But that's exactly what happens, thanks to GDS, if and when you open a GOV.UK Verify (RIP) account using Verizon as your "identity provider". All these companies and more get your personal information, goodness knows where in the world they keep it and who has access to it, but one thing's for sure, you have no control over it.

If G2 works, will there be any point in retaining GOV.UK Verify (RIP)?

You may think that the matter is debatable. GDS do not. There's nothing to debate, according to GDS. There shouldn't be multiple systems all across government putatively doing the same job, GDS say. There should just be one. Anything else is wasteful and aesthetically displeasing. Whatever you think, GDS must regard G2 as the end of GOV.UK Verify. RIP.

----------

Updated 19.2.17

1 April 2016, DMossEsq suggests that the Government Gateway should be taken away from DWP and given to HMRC.

26 January 2017, whaddya know, you read it here first, the Government Computing website tell us HMRC readies replacement Government Gateway system for 2018:
HM Revenue and Customs (HMRC) has confirmed it has taken over responsibility to decommission the Government Gateway service with an eye to implement an in-house replacement solution intended to provide secure access to services for “business, agent and individual customers”.
The Government Digital Service (GDS) have always said they were creating a market in identity assurance. In the market, their service, GOV.UK Verify (RIP), has lost out to the Government Gateway. Given the choice, millions more people opt for the Government Gateway than for GOV.UK Verify (RIP). In the market, that would be the end of the story ...

... but this is a funny market:
... Cabinet Office will require other departments to use GOV.UK Verify [RIP] for any citizen-facing services where customers need to prove their identity,” said the department in a statement."
GDS believe they can force everyone apart from HMRC to use GOV.UK Verify (RIP):
  • Will the NHS play ball?
  • How about DWP?
  • Or Scotland?
  • They can't force Companies House to use it – uselessly, GOV.UK Verify (RIP) can't verify the identity of companies.
  • Local government? Will they put up with second best just to help hide GDS's shame? Why should they risk this imprudence? They might find themselves breaking the law if GOV.UK Verify (RIP) doesn't comply with the EU's General Data Protection Regulation (GDPR). And can local government afford to wait 400 years for GDS to be ready?
  • It only offers low-to-medium security, according to Government Computing (maybe not even that), and even its own supporters warn against wildly unrealistic expectations for GOV.UK Verify (RIP).
It has been suggested that GOV.UK Verify (RIP) could help with age-verification, c.f. the government's promise to make it hard for younger people to watch pornography on the web or to gamble or buy cigarettes.

How?

GOV.UK Verify (RIP) is only recommended for people over the age of 20:

Step #8 in the "user journey" you undertake when you try to register with GOV.UK Verify (RIP)

That last question will remind the alert reader – what about eIDAS?

Good question.

eIDAS is the EU's regulation on inter-operable identity management, one country's electronic IDs being accepted by another's. GOV.UK Verify (RIP) doesn't comply. Not good enough for HMRC, GOV.UK Verify (RIP) isn't good enough for other countries either. Why should it be good enough for Warwickshire? Or Brighton and Hove?


Updated 17.7.17

The National Audit Office (NAO) have just published HM Revenue & Customs 2016-17 Accounts.

In summary:
  • Tax revenue was up by 7% in 2016-17.
  • Error and fraud in the payment of personal tax credits remain material, as they have been ever since the introduction of tax credits.
  • HMRC's transformation plans are making progress but remain challenging.
  • Customer service may be flattered by HMRC's new system for measuring performance.
HMRC raised £574.9 billion in 2016-17. The country relies on that (and on borrowing, to cover the deficit) to pay for public services (and for the interest on the national debt). We can't afford for HMRC's transformation plans to imperil its ability to collect tax revenue.

Their transformation plans comprise 15 programmes listed in Figure 6 on page R32 of the NAO's report. Programme #10, the digital platform for HMRC's transformation, is estimated to cost £242 million over the course of its life and to reap benefits worth £87 million.

The digital platform comprises "a number of enabling platforms including Government Gateway, Security solutions, the Digital Tax platform and Large Option Paperless".

There is no mention there, nor anywhere else in the NAO's report, of GOV.UK Verify (RIP).

None.

None at all.

Government Gateway 1 - 0 GOV.UK Verify (RIP)


18 April 2016, RIP IDA – it tolls for thee:
In the lethal custody of the Department for Work and Pensions (DWP), the Government Gateway has been neglected for years. Now someone seems to have paid it a bit of attention. An innovation, it sent DMossEsq's mobile phone a one-time password when he logged in to take a look at his personal tax account.

We have suggested recently [1 April 2016] that the Government Gateway should be taken away from DWP and given to HMRC. Perhaps it has been.
24 May 2016, Don't tell the Cabinet Office: HMRC is building its own online ID system.

25 May 2016, HMRC plans extra authentication channel.


Thursday 26 May 2016

RIP IDA – GOV.UK Retrench

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
Kirsty Styles edits the New Statesman magazine's B2B tech site. She asks the Government Digital Service (GDS) about GOV.UK Verify (RIP). And back comes a response, possibly from an automaton, something to do with "rigorous onboarding", which looks co-operative but which doesn't answer the question.

You've got to take your hat off to the GOV.UK Verify (RIP) team. They've been doing this day in, day out, for years.

They can still say with a straight face that all their "identity providers" are certified when half of them aren't.

Even after all these years, they still claim to have eight "identity providers" while telling new applicants for a GOV.UK Verify (RIP) account that five of them "probably can't verify you".

They're still adamant that GOV.UK Verify (RIP) is secure and that it abides by all nine of the identity assurance privacy principles – it doesn't abide by a single one and everyone knows that there is no such thing as unqualified security.

And their response to the US National Institute of Standards and Technology's claim that GOV.UK Verify (RIP) doesn't do identity-proofing and offers no more than self-certification is pluckily ... to ignore it.

They look as though they could keep this up forever.

But they can't.

Tuesday 24 May 2016 was a big day. That was the day GOV.UK Verify (RIP) was finally declared live. They'd gone off the edge of the cliff and their little legs were turning furiously, they were still in the air but that was the day they finally looked down.

That was the day they gave a long interview to Government Computing. Now that GOV.UK Verify (RIP) is live, what can we expect?

We can expect that GOV.UK Verify (RIP) will not replace the Government Gateway. Janet Hughes, programme director of GOV.UK Verify (RIP), "said it was decided not to use Verify for corporate access needs". The very opposite of all the previous Walter Mitty-like announcements, that means that GOV.UK Verify (RIP) will not be involved in the vast majority of central government transactions. The vast majority both by volume and by value.

If GOV.UK Verify (RIP) isn't involved, then some other system must be. So GOV.UK Verify (RIP) can't after all be the single pan-government identity authentication platform, "we couldn't see a case for a cross-government approach". Bang goes Government as a Platform.

"The other thing [GOV.UK Verify (RIP) going live] does mean is that we are ready to start thinking much more actively how Verify might be used outside of central government ... we're now thinking much more actively, in collaboration with the private sector, local authorities and others, about bits of or all of Verify that can be reused".

Such as?

Which bits of GOV.UK Verify (RIP) can be reused/rescued?

What sort of collaboration with the private sector, local authorities and others?

Age verification?

No.

Ms Hughes "said this was an area her team had quite deliberately not sought to get actively involved in". GOV.UK Verify (RIP) is live and now we know that it will not help with age verification.

With GOV.UK Verify (RIP), what is sometimes called the "minimum data set" and sometimes the "matching data set" includes your name, address, age and, optionally, your sex. If there's one thing that GOV.UK Verify (RIP) ought to be able to help with, it's confirming your age. But it won't. Disappointment, once again, for the Walter Mittys of yore. More retrenchment. "Quite deliberately".

So what will GOV.UK Verify (RIP) "get actively involved in"?

Blue badge.

Oh no, not that again.

For years, Ian Litton of Warwickshire County Council has been trying to improve the on-line application process for blue badges. He has toured the country extolling the benefits of GOV.UK Verify (RIP) and for years GDS have been no help to him, his prototype demonstration of the blue badge application scheme is still nothing more than a mock-up.

GOV.UK Verify (RIP) can't do age verification, we are told, but we are also supposed to believe that it can do the more complicated attribute exchange needed for blue badge? We can all dream. Walter Mitty can. And so can the rest of us.

More dreaming? GOV.UK Verify (RIP) and the payments sector? The British Standards Institution and MIDAS are now working on their own identity authentication scheme for payments. GDS's comment: "We're really actively involved in that sector, both in the banking sector and financial sector". If GDS say so.

What the cartoon character sees when he looks down is reality accelerating up towards him at 9.81 ms-2. OMG going live is for real and it's terrifying. "The end of verify's beta phase was more of a symbolic, if exciting development for the platform"? No. All the swagger dissipated. No ambition left, the fire went out of GDS's belly.

Be bold? Maybe. But not recklessly imprudent. Armed only with GOV.UK Verify (RIP), the UK Exchequer would have no revenue when the Government Gateway is decommissioned in March 2018. So now we read HMRC plans extra authentication channel and Don't tell the Cabinet Office: HMRC is building its own online ID system.

And as the rôle of GOV.UK Verify (RIP) diminishes at 9.81 ms-2, what else do we read? Government services using GOV.UK Verify - May 2016 update. What new on-line public services are to be connected via GOV.UK Verify (RIP)?
  • Register a child’s birth in Northern Ireland – TBC (to be confirmed).
  • File for uncontested divorce – TBC.
  • Inheritance tax online – TBC.
  • View your medical benefit – TBC.
  • Voluntary dissolution of a company – TBC.
  • Amend your driver record – TBC.
  • Sign your mortgage deed – TBC.
  • Apply for the Personal Independence Payment – TBC.
  • Child maintenance – TBC.
  • Bereavement support – TBC ...
The announcement of GOV.UK Verify (RIP) going live couldn't be made last month when it was meant to be, presumably because the departments of state refused to confirm that they would rely on it. Now the announcement has been made. And the best we can manage is ... TBC.


RIP IDA – GOV.UK Retrench

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
Kirsty Styles edits the New Statesman magazine's B2B tech site. She asks the Government Digital Service (GDS) about GOV.UK Verify (RIP). And back comes a response, possibly from an automaton, something to do with "rigorous onboarding", which looks co-operative but which doesn't answer the question.

You've got to take your hat off to the GOV.UK Verify (RIP) team. They've been doing this day in, day out, for years.

They can still say with a straight face that all their "identity providers" are certified when half of them aren't.

Even after all these years, they still claim to have eight "identity providers" while telling new applicants for a GOV.UK Verify (RIP) account that five of them "probably can't verify you".

They're still adamant that GOV.UK Verify (RIP) is secure and that it abides by all nine of the identity assurance privacy principles – it doesn't abide by a single one and everyone knows that there is no such thing as unqualified security.

And their response to the US National Institute of Standards and Technology's claim that GOV.UK Verify (RIP) doesn't do identity-proofing and offers no more than self-certification is pluckily ... to ignore it.

They look as though they could keep this up forever.

But they can't.