Tuesday 23 May 2017

RIP IDA – a ridiculous manifesto promise

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.

The Conservative Party's 2017 manifesto includes this at p.81:
... we must use common platforms across government and the wider public sector. That must start with the way we identify ourselves online, so that people have one single, common and safe way of verifying themselves to all parts of government. That is why we shall roll out Verify, so that people can identify themselves on all government online services by 2020, using their own secure data that is not held by government. We will also make this platform more widely available, so that people can safely verify their identify to access non-government services such as banking.
As DMossEsq readers know, it may be convenient for people to have "one single, common ... way of verifying themselves to all parts of government" but it isn't "safe".

DMossEsq readers also know that millions of people prefer to use the Government Gateway to access on-line government services, not GOV.UK Verify (RIP).

They know that there are currently only about 12 on-line government services that can be accessed using GOV.UK Verify (RIP) and that the chances that they will all be accessible using GOV.UK Verify (RIP) by 2020 are small.

And they know that their personal information is sprayed all over the world, out of their control, if they open an account with GOV.UK Verify (RIP).


Suppose that you have your accounts with Lloyds bank and that you access them on-line using your GOV.UK Verify (RIP) credentials which you created through the Royal Mail because that's a brand you recognise and trust.

Unbeknownst to you, that means that you have actually been registered by GB Group plc, whom you've never heard of.

GB Group share your personal information with a wide variety of other organisations, which the Royal Mail didn't tell you when you registered.

Suppose that one of them is hacked [Equifax, for example, added 9.9.17] and, for safety's sake, your GOV.UK Verify (RIP) account has to be suspended [if your account isn't suspended, despite the Equifax breach, why isn't it? Surely it should be]. Yours, and millions hundreds of other people's GOV.UK Verify (RIP) accounts.

There's nothing the Royal Mail can do about GB Group suspending you and nothing GDS can do about it either. There's nothing Lloyds can do about it and now you can't access your bank accounts on-line.

Nor can you access any of the on-line government services you need, because you foolishly use the same GOV.UK Verify (RIP) credentials for everything.

That's one risk of inserting GOV.UK Verify (RIP) into the access control processes for banking.

Can anyone remember what the benefit is?
GOV.UK Verify (RIP) is not an attractive prospect and not one single bank anywhere in the world currently allows people to use GOV.UK Verify (RIP) to log on to their on-line accounts.

Millions of us can already log on to on-line banking. We accountholders don't need GOV.UK Verify (RIP) for that ...

... and neither do the banks.

And why would the banks want to risk their relationship with us by dislocating the whole process of authorising access to our accounts just to insert the Government Digital Service into it?

And not just GDS but all of GDS's seven "identity providers" (IDPs), too. And all of the IDPs' uncounted subsidiaries and business partners and suppliers and sub-contractors in the UK and overseas.

It may sound sensible and modern for the Conservatives and any other political party to promise to deploy GOV.UK Verify (RIP) nationwide. It isn't.

----------

Updated 9.9.17

Up to 44m Britons at risk in Equifax cyberattack
Equifax hack: 44 million Britons' personal details feared stolen in major US data breach
The Equifax Hack Didn't Have to Be This Bad
Breach at Equifax May Impact 143M Americans
Equifax Breach Response Turns Dumpster Fire
Equifax: Hackers Gained Access to Sensitive Data, Affecting 143 Million People
Stand up who HASN'T been hit in the Equifax mega-hack – whoa, whoa, sit down everyone
Equifax mega-leak: Security wonks smack firm over breach notification plan
Surprising nobody, lawyers line up to sue the crap out of Equifax
...

Equifax Hack Exposes Peril of Credit Bureau Model


Updated 9.11.17

It remains a psychiatric mystery how the Government Digital Service (GDS) continue to assure the public that the hopeless identity assurance scheme, GOV.UK Verify (RIP), costs nothing, that it is secure without qualification, that our privacy is maintained, that we have control over our personal information and that the system operates under an ethical framework.

That is presumably the conclusion that McKinsey came to in their investigation of GOV.UK Verify (RIP) in their report to John Manzoni, chief executive of the UK home civil service. The McKinsey report has not been published, though, so we can't be certain.

GOV.UK Verify (RIP) depends for its hesitant and occasional operation [1] on credit rating agencies/data brokers, including Equifax, who were so spectacularly hacked on 13 May 2017, please see above.

DMossEsq can make the point until he, she, it or they is or are blue in the face that GOV.UK Verify (RIP) accountholders have no control over what happens to their personal information once they have handed it over but it has no effect. Absolutely no control. And absolutely no effect.

The great Bruce Schneier has now published his Equifax evidence to the House Committee on Energy and Commerce.

"These data brokers deliberately hide their actions, and make it difficult for consumers to learn about or control their data", he says. Also, "there is no way for consumers to protect themselves. Their data has been harvested and analyzed by these companies without their knowledge or consent. They cannot improve the security of their personal data, and have no control over how vulnerable it is".

Perhaps the Schneier testimony will register with GDS and Mr Manzoni more effectively than DMossEsq's.

Whatever, the public show no enthusiasm for signing up with GOV.UK Verify (RIP) [2], nor do HMRC nor NHS England. We and they don't believe that GOV.UK Verify (RIP) is free, secure, etc ... Only GDS believe that.

Refs.
1. Average failure rate: 62%.
2. Average number of times a GOV.UK Verify (RIP) account is used: 1.5.

RIP IDA – a ridiculous manifesto promise

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.

The Conservative Party's 2017 manifesto includes this at p.81:
... we must use common platforms across government and the wider public sector. That must start with the way we identify ourselves online, so that people have one single, common and safe way of verifying themselves to all parts of government. That is why we shall roll out Verify, so that people can identify themselves on all government online services by 2020, using their own secure data that is not held by government. We will also make this platform more widely available, so that people can safely verify their identify to access non-government services such as banking.
As DMossEsq readers know, it may be convenient for people to have "one single, common ... way of verifying themselves to all parts of government" but it isn't "safe".

Saturday 6 May 2017

Half-baked, amateurish, technically-illiterate, misled, misinformed, …

Last Wednesday, 3 May 2017, Jerry Fishenden published a blog post, The canary that ceased to be, where he announced his resignation as co-chair of the Privacy and Consumer Advisory Group (PCAG):
The group has reviewed and commented upon a wide range of government initiatives, including predicting the disaster that become NHS care.data, the fraud risks of ill-considered “data-sharing” (under various guises), the troubled and late-running GOV.UK Verify identity assurance programme, the Office of National Statistics use of data, the “digital transformation” of the electoral roll, Home Office fraud issues, the Investigatory Powers Bill (now Act), and other proposals and ideas from across government.
PCAG is meant to be a safety device like a miner's canary, it's meant to detect officials attempting to "smuggle their often half-baked proposals past Ministers". That's what it's meant to do and that's what it does but ministers have stopped paying attention. Particularly Matt Hancock and Ben Gummer who haven't bothered even to acknowledge letters sent to them by PCAG.

The "disappointingly amateurish and technically-illiterate" Digital Economy Act was the last straw. Mr Fishenden had to resign. PCAG's advice was "repeatedly ignored by officials who should know better" and those officials "repeatedly misled and misinformed" PCAG.

No doubt honest and able people like Mr Fishenden resign all the time, infuriated by official mendacity and incompetence, but it's rare to see them speak out like this ...

... and rarer still to see them loose off another shot a day or two later, please see Gov.uk Verify and identity assurance - it's time for a rethink, in which Mr Fishenden confirms and amplifies DMossEsq's contention that GOV.UK Verify is dead, RIP.

Who knows but there may be yet more to come.

----------

Updated 7.5.17

Jerry Fishenden Comment
The canary that ceased to be Government Computing:
Independent privacy body co-chair resigns over Whitehall engagement
UKAuthority:
Cabinet Office privacy adviser resigns
Campaign4Change:
Some officials “smuggle their often half-baked proposals past ministers” says Cabinet Office adviser who quits
Diginomica:
How the canary fell off its perch down the privacy policy mine – and nobody cared
Civil Service World:
Government privacy advisor quits after officials ‘repeatedly ignored’ guidance
Gov.uk Verify and identity assurance - it's time for a rethink Computer Weekly:
Ex-government privacy advisor calls for 'fundamental review' of Gov.uk Verify identity scheme
Government Computing:
Privacy and identity expert Fishenden calls for Verify rethink
Alan Mather
The identity/data divide "Who knows but there may be yet more to come", we said above and on 23.5.17, lo, happily there was.


Updated 8.5.17

When Jerry Fishenden gave evidence last October, one member of the Digital Economy Bill Committee said: "Dr Fishenden, your exasperation with what is in the Bill is shared by other witnesses".

In fact, his exasperation was more with what was not in the Bill. Control over our personal information is due to be taken out of our hands and given to officials. This is in the interests of data-sharing. But "data-sharing" was not defined in the Bill. The management of our personal information will depend on codes of practice to be followed by officials. But these codes of practice were not included in the Bill.

The Digital Economy Bill has now been enacted and given royal assent. It is a dreadful piece of legislation and it seems to have been the final straw for Mr Fishenden.

"In Francis Maude’s day, the problems with Part 5 (PDF) of the Digital Economy Bill and its associated codes of practice would have been highlighted and fixed with the help of the [Privacy and Consumer Advisory Group], rather than causing Ministerial embarrassment and confusion when they were published in a disappointingly amateurish and technically-illiterate state", says Mr Fishenden in his canary article.

The same claim is repeated by Diginomica*: "Not for the first time, diginomica laments the loss of Lord Maude". And by Campaign4Change: "Fishenden’s departure is further confirmation that since Maude’s departure, the Cabinet Office – apart from the Government Digital Service – has settled back into the decades-old Whitehall culture of tinkering with the system while opposing radical change".

This is not what it looks like from the outside. Francis Maude is on record as saying: "I want to bust the myths around the complexities of data sharing ... we aim to find effective ways of using and sharing data for the good of everyone".

He wanted the government to "deliver more effective, joined-up and personalised public services, through effective data-linking", which he said was not the same as "data-sharing" but he never explained the difference ...

... reminiscent of the Dark Department's (the Home Office's) Paul Maltby, who tried to make the ethical problems of data-sharing go away by changing the name to "data access".

From the outside, to the public, it looks as though Mr-now-Lord Maude was part of the personal information problem, and not the solution.

In his Verify article, Mr Fishenden points out that the Government Digital Service's GOV.UK Verify (RIP) identity assurance scheme stands many of GDS's principles on their head. True, but don't forget, it was designed and developed while Lord Maude was GDS's political boss.

Mr Fishenden's suggestion that the problems of the Digital Economy Act and GOV.UK Verify (RIP) would have been solved if only Lord Maude was still Minister for the Cabinet Office is a baffling distraction from the main point, which is the "half-baked proposals" of "disappointingly amateurish and technically-illiterate" officials who "repeatedly misled and misinformed" the Privacy and Consumer Advisory Group.

Notes
* "The loss of Lord Maude"? It should be made clear that Diginomica are not suggesting that Lord Maude is dead, simply that he is no longer Cabinet Office Minister.


Updated 12.10.17

"Who knows", we said, back in May, please see above, "but there may be yet more to come".

And how.

Jerry Fishenden has published another long essay in Computer Weekly magazine, Will the review of Gov.uk Verify [RIP] fix the UK's digital identity problems?.

"What review?", you ask. The McKinsey review. Manzoni calls in McKinsey to conduct review of online identities for public services. That was David Bicknell's scoop, writing on the Government Computing website nine days ago: "The review ... is believed to have been instituted by Civil Service chief executive and Cabinet Office permanent secretary John Manzoni".

900 staff in the Government Digital Service (GDS), all supposed to advise the rest of the civil service how to be innovative and effective in public administration, and the CEO has to call in external consultants to advise on the central pillar of digital-by-default, GOV.UK Verify (RIP)? It's not a good look, is it.

As do we all, Mr Fishenden wants to help McKinsey with their review. Thus his excellent Computer Weekly article.

It's a long article. What it says is that GDS have been wasting our time and theirs with GOV.UK Verify for six years. RIP.


Updated 13.11.17

Another month, another excellent Jerry Fishenden article in Computer Weekly magazine, Will the review of Gov.uk Verify [RIP] fix the UK's digital identity problems?.

Good question.

They're all good questions.

Many of us have been asking the same questions for years.

It's quite boring repeating yourself. Why the need to repeat ourselves for years at a time?

Because the Government Digital Service never answer.

Do they know the answers? Or are they lost, in over their heads, overcome, submerged, helpless, drowning, rudderless, confused, in need of help, "not up to it" (© Clement Attlee), baffled, over-promoted, out of ideas, stymied, inhibited, directionless, broken down, demotivated, demoralised, guilty, truculent, nervous, defensive, ...?

If people have good answers, they tend to tell you.

The first cut is the deepest. The longer this head-in-the-sand psychopathology is allowed to fester, the more traumatic the eventual confession will be.

Half-baked, amateurish, technically-illiterate, misled, misinformed, …

Last Wednesday, 3 May 2017, Jerry Fishenden published a blog post, The canary that ceased to be, where he announced his resignation as co-chair of the Privacy and Consumer Advisory Group (PCAG):
The group has reviewed and commented upon a wide range of government initiatives, including predicting the disaster that become NHS care.data, the fraud risks of ill-considered “data-sharing” (under various guises), the troubled and late-running GOV.UK Verify identity assurance programme, the Office of National Statistics use of data, the “digital transformation” of the electoral roll, Home Office fraud issues, the Investigatory Powers Bill (now Act), and other proposals and ideas from across government.
PCAG is meant to be a safety device like a miner's canary, it's meant to detect officials attempting to "smuggle their often half-baked proposals past Ministers". That's what it's meant to do and that's what it does but ministers have stopped paying attention. Particularly Matt Hancock and Ben Gummer who haven't bothered even to acknowledge letters sent to them by PCAG.

Tuesday 14 March 2017

GDS's commitment to user control of personal information

Public administration in the UK has problems which could be solved if public services became digital by default. That is the raison d'être of the Government Digital Service (GDS).

Digital by default? What does "digital" mean? According to Tom Loosemore, ex-Deputy Director of GDS, "digital means applying the culture, practices, processes and technologies of the internet era to respond to people’s raised expectations".

The reactionaries in Whitehall have hobbled GDS. That's what Jerry Fishenden and Cassian Young say: "It is convenient for institutionally conservative managers to watch the energy behind transformation dissipate harmlessly in the sandbox where the agile insurgents are left to play with their websites", please see Escaping waterfall government and the myth of ‘digital transformation’.

Messrs Fishenden and Young accept Mr Loosemore's questionable prescription. They think GDS have failed to deliver. But they still think it's the right objective – the model for public administration should be changed radically just as "Netflix, Flickr and Airbnb" have changed the dynamics of their markets.

Are they right?

Sir Tim Berners-Lee, inventor of the web, has serious reservations, please see Tim Berners-Lee says privacy needs fixing – and calls for 'algorithmic transparency'. The culture of the internet era has blemishes: "over the past 12 months, I’ve become increasingly worried about three new trends, which I believe we must tackle in order for the web to fulfill its true potential as a tool which serves all of humanity":
The first is control of personal data. Berners-Lee thinks we don't have it any more and that's a bad thing because “As our data is then held in proprietary silos, out of sight to us, we lose out on the benefits we could realise if we had direct control over this data, and chose when and with whom to share it.”

“What’s more,” he says, “we often do not have any way of feeding back to companies what data we’d rather not share – especially with third parties – the T&Cs are all or nothing.”

He also worries that government surveillance is “increasingly watching our every move online, and passing extreme laws that trample on our rights to privacy”. Repressive regimes use that surveillance to harass opponents, but even benevolent governments have “a chilling effect on free speech and stops the web from being used as a space to explore important topics, like sensitive health issues, sexuality or religion ...”
Embrace the culture of the internet era – as Messrs Loosemore, Fishenden and Young want you to – and as things stand, Sir Tim warns you, you lose control of your personal information. That's how Facebook came to report $27.6 billion of revenue for 2016. That's how Google (Alphabet) came to report revenue of $27.1 billion, not for the whole of 2016, just for the fourth quarter.

Sir Tim is working on a project called Solid to try to "decouple data from web applications (and by extension social networks) so that users can decide where their data resides and how it can be accessed". It might work. We'll see in five years.

In the meantime, any promises to put you in control of your own personal information are false. The Privacy and Consumer Advisory Group (PCAG) is co-chaired by Jerry Fishenden. PCAG insist that any identity assurance scheme should put the user in control. GDS promise that their GOV.UK Verify (RIP) identity assurance scheme complies with PCAG's principles. That promise is false. The inventor of the web says so and he should know.

While claiming to put the user in control, GDS like us to spray our personal information all over the world when we register with GOV.UK Verify (RIP). Their heart really isn't in this privacy lark, is it. They use Eventbrite to organise events. They use Zendesk for user support. They use StatusPage for network monitoring. They use Survey Monkey for user feedback. All the personal information involved is stored and used beyond your control and now GDS want you to upload your CV to Jobvite.

Who?

Take a step back.

GDS have got a lot of situations vacant. For example, they were tweeting yesterday, saying: "We have a fantastic opportunity for a Lead Product Manager to work across the @GOVUKverify product teams https://jobs.jobvite.com/gds/job/oksV4fwv":

https://jobs.jobvite.com/gds/job/oksV4fwv/apply

GDS warn prospective recruits: "If you do not wish for your data to be transferred outside the UK, please click the back button below and check the job description for an email address to send your application to". Click that back button and there is no sign of an email address for prospective recruits to use. Welcome to the culture of the internet era GDS-style.

The Jobvite privacy policy is worth a read. Any problems and you can just write to them at:
Jobvite, Inc.
Attn: Privacy Policy
1300 S El Camino Real, Ste 400
San Mateo, CA 94402
----------

Updated 6.4.17

30 March 2017, and Government Computing tell us Summer launch planned for GOV.UK Verify [RIP] private sector testing: "Three companies are set to provide identity hub services to support the Cabinet Office’s ambitions to link its GOV.UK Verify [RIP] platform with the private sector in a test environment designed to inform a potential live service at a later date".

No idea what that means, but the three companies are Mvine, SiteKit and Safran. An identity hub has a lot of data pass through it and needs to store that data to provide an audit trail. Are they fit companies to provide identity hub services? No idea.

It will take a lot of effort to conduct this GOV.UK Verify (RIP) test. The three companies will have an interest in its success. On cue, three days later, 3 April 2017, Government Computing publish You want my digital identity, I want something in return: "Approaching digital identity as a ‘this for that’ arrangement is the only way the private sector and Government can live in cyber harmony, argues Frank Joshi".

Frank Joshi is "director of Mvine Ltd , an established UK SME specialising in distributed digital identity technologies". "Cyber harmony" is not defined in his article.

The conclusion of Mr Joshi's argument is:
... And that is why for GOV.UK Verify [RIP] to be trusted everyday by us the people, it has to expand to be an everyday part of our lives not just something we use when interfacing with Government for public services.
GOV.UK Verify (RIP) will only become a part of our everyday lives if we trust it. Mr Joshi has got it the wrong way round.

His argument rests on the fact that people hand over a lot of personal information to various private sector suppliers on-line, and we ought to be equally happy to hand it over to public sector suppliers: "So if it’s alright giving information about yourself to commercial firms, why not to those who provide public services?".

The Government Digital Service (GDS) have spent five years and more telling us that GOV.UK Verify (RIP) ensures that our personal information is not collected by the public sector. Instead, it is verified for the public sector by private sector "identity providers". That is the opposite of what Mr Joshi advocates.

"You see", says Mr Joshi, "as people we are willing to consent to certain organisations knowing certain things about us. And that’s perfectly reasonable and normal ... We divulge information about ourselves usually in a something-for-something exchange. Think of it as a 'this for that' or quid pro quo". You should expect to pay the right price for goods and services. Agreed. But what is the right price? Mr Joshi doesn't tell us.

Sir Tim Berners-Lee thinks we're over-paying, please see above. We're handing over too much personal information. Instead of tackling that issue, Mr Joshi goes on to say:
Without turning theoretical on you, it’s helpful to understand why [there is a quid pro quo] with a quick recap of the context. Citizens are free to do whatever we want. In the social contract, as citizens we cede a portion of our freedoms to Government in exchange for them keeping us safe. And we cede a further portion of our freedoms to the rule of law in exchange for protecting us and giving us justice.
Don't know about you, but that looks pretty theoretical to DMossEsq. First "citizens are free". Then, next sentence, "we cede a portion of our freedoms". And next sentence "we cede a further portion of our freedoms". So we're not free according to Mr Joshi and presumably he was just kidding when he said we are.

"A digital footprint is pretty much inescapable. But it should be down to you to give your consent to anyone, supplier or authority, who wants to know attributes about you". That's what Mr Joshi says but if there's no alternative to GOV.UK Verify (RIP), then we will be forced to use it. That's not consent. If Mr Joshi and GDS were to level with us, they would say "it should be down to you to give your consent but it isn't. Sign up or, quid pro quo, go without public services".

The bulk of Mr Joshi's article lists cases where we already manage to use on-line services. So why do we need GOV.UK Verify (RIP)? He doesn't tell us.

Summer launch planned for GOV.UK Verify (RIP) private sector testing? Should be interesting ...


Updated 10.4.17

"Wondering what makes @GOVUKverify different? Watch this 1 min explanatory @gdsteam video: https://www.youtube.com/watch?v=Vtu7eKc6QpY&feature=youtu.be" – that's Safran Morpho's repeated advice on Twitter:



DMossEsq readers, of course, will have watched the video last November when it first appeared on our CretinNet (26.11.16) service.

Our personal information is said to be safer because GOV.UK Verify (RIP) doesn't store it all on a central database.

But GOV.UK Verify (RIP)'s document checking service uses central databases of passport information and driving licence information. And GOV.UK Verify (RIP)'s identity hub must maintain a central database, if only to provide an audit trail.

The video goes on to tell us that we choose a certified company to verify our identity. There are seven "identity providers" to choose from – Barclays, Digidentity, Experian, GB Group, Post Office, Royal Mail and Safran Morpho. Three of them aren't certified – Post Office, Royal Mail and Safran Morpho.

No-one has all the information, according to the video. And of course that's right – depending on what is meant by "all the information", that could be impossible. So to tell us that "no-one has all the information" doesn't add to our knowledge.

What would add to our knowledge would be if the Government Digital Service (GDS) made a video explaining how it's safe for our personal information to be spread around the document checking service, the identity hub and seven "identity providers" plus assorted credit referencing agencies, ISPs, third party fraud prevention agencies, tax authorities, law enforcement agencies, ID Checker, WorldPay, Morpho sub-contractors, Morpho head office, unspecified Barclays companies, business partners, suppliers, sub-contractors and Verizon and thus Zentry LLC, Techmahindra Ltd and Expert Solutions Support Centre, and unspecified analytics and search engine providers.

That list is compiled from the terms and conditions of business and the privacy policies of GOV.UK Verify (RIP)'s "identity providers". It doesn't include the uncertified Mvine and SiteKit, please see above. Nor does it include the uncertified Timpson.

Our personal information is sprayed around all these organisations, it has to be stored for a minimum of seven years, we can't just delete it whenever we want, and it can be stored anywhere in the world. And yet somehow GDS want us to believe that our GOV.UK Verify (RIP) personal information is under our control.

The parting shot on the video is a claim that GOV.UK Verify (RIP) keeps our personal information and our identity secure. What does "secure" mean here? Shared with all and sundry anywhere in the world out of our control?

Wondering what makes @GOVUKverify different? Now you know.


Updated 27.6.17

Nothing changes.

GDS continue to invite job applicants to send their CVs to Jobvite, please see the two tweets alongside, emitted this morning.

And they continue to define "digital" as the embrace of the "culture, practices, processes and technologies of the internet era" even when we learn, as we did this morning, Google hit with record antitrust fine of €2.4bn by Europe: "The regulator found that Google had abused its market dominance as a search engine ...".

Later today we learned that Petya cyber attack: Ransomware spreads across Europe with firms in Ukraine, Britain and Spain shut down: "In Ukraine, government departments, the central bank, a state-run aircraft manufacturer, the airport in Kiev and the metro network have all been paralysed by the hack ... In the UK, the advertising firm WPP said its systems had also been struck down, while in the Netherlands a major shipping firm confirmed its computer terminals were malfunctioning".

That definition of "digital" – it needs to be improved. Its faults are evident but GDS never change. They never learn.

That's a lesson for local government. A lesson they've already learned. More than half of the local authorities who started trials of GOV.UK Verify (RIP) have pulled out.

What kind of recruits will be attracted to these two vacant situations at GDS? Who wants to work for an organisation that can't learn?


Updated 6.7.17

It is three months since Mvine hove into view, please see above.

Mvine are supposed to demonstrate that people can use GOV.UK Verify (RIP) to access private sector services even if they can't use the wretched system to access public services:
Mvine is set up and ready now to offer these services to the private sector using and leveraging its secure distributed digital identity exchange whilst conforming to the standards rules and principles of the Verify digital identity framework.

Once the initial trials and test are over, Mvine aims to go live with these services from June 2017 onwards.
That's what it said on the Mvine website when DMossEsq took a copy on 22 June 2017: "Mvine aims to go live with these services from June 2017 onwards".

Take a look now, and the reference to June 2017 has disappeared.

Not another GOV.UK Verify (RIP) deadline missed, surely?

GDS's commitment to user control of personal information

Public administration in the UK has problems which could be solved if public services became digital by default. That is the raison d'être of the Government Digital Service (GDS).

Digital by default? What does "digital" mean? According to Tom Loosemore, ex-Deputy Director of GDS, "digital means applying the culture, practices, processes and technologies of the internet era to respond to people’s raised expectations".

The reactionaries in Whitehall have hobbled GDS. That's what Jerry Fishenden and Cassian Young say: "It is convenient for institutionally conservative managers to watch the energy behind transformation dissipate harmlessly in the sandbox where the agile insurgents are left to play with their websites", please see Escaping waterfall government and the myth of ‘digital transformation’.

Monday 6 March 2017

The Smart Essex Digital Summit to explore digital future

That's what Essex TV are excited about: "Leading technology partners are teaming up with Essex County Council to define how a digital strategy should be at the heart of a council to improve people’s lives, reshape public services and drive prosperity".

A major event, to be held at the BT Tower on 27 February 2017. So you've missed it. So did DMossEsq. "The Smart Essex Digital Summit is by invitation only", and our invitation was lost in the post.

Never mind. The event was reported next day by UKA local digital: "County council sets out workstreams for social care, transport and data, and commits to using GOV.UK Verify [RIP]". (emphasis added)

The Government Digital Service (GDS) are working with 19 local authorities at the moment to show them how useful GOV.UK Verify (RIP) is. At least, that was the case, but now they're down to just 12. Which seven pulled out, and why?

Essex isn't one of the 19 ( Correction, please see below). Or the 12. But they're committing to use GOV.UK Verify (RIP) anyway. That's what UKA local digital say. Is that right? They also tell us that "while Essex has not yet identified the initial use for Verify, [Stephen Canning, the council’s lead member for the programme,] believes it will be an effective platform for enabling people to authenticate their identities for using the council’s digital services" (emphasis added). That's not so much a commitment as a vague statement of intent.

Also: "Essex plans to spend £2 million in working with BT on a sensor device to be mounted all the lampposts around the county. It has not yet targeted a specific purpose: [David Wilde ..., the council’s executive director for digital and chief information officer,] said that the device could be adapted over the long term to collect data on a wide range of factors, such as air quality, traffic movements and footfall" (emphasis added).

Poorer local authorities may be surprised at this logical order – first choose the technology, then try to work out what to do with it. Essex, presumably, is as rich as Croesus and can afford to behave like this.

----------

Correction 21:40

It turns out that Essex was one of the 19:


The Smart Essex Digital Summit to explore digital future

That's what Essex TV are excited about: "Leading technology partners are teaming up with Essex County Council to define how a digital strategy should be at the heart of a council to improve people’s lives, reshape public services and drive prosperity".

A major event, to be held at the BT Tower on 27 February 2017. So you've missed it. So did DMossEsq. "The Smart Essex Digital Summit is by invitation only", and our invitation was lost in the post.

Monday 30 January 2017

RIP IDA – OIX to the rescue 1

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.

14 June 2012, we discovered that the Government Digital Service (GDS) had joined the Open Identity Exchange (OIX) in order to help with their moribund identity assurance programme now known as "GOV.UK Verify (RIP)".

23 December 2016, OIX published The value of digital identity to the financial service sector, which explores "the reuse of a GOV.UK Verify [RIP] digital identity in a financial service application process".

Does that report help GDS?

Executive Summary (pp.2-4)
In the Executive summary of their report, OIX tell us that GOV.UK Verify (RIP) "currently has 1 million users, with an ambition to scale to 25 million users by 2020" (p.2).

They're wrong.

Note 1 below demonstrates that there were fewer than 800,000 so-called "verified" accounts in late December 2016, not 1,000,000, and argues that these could represent fewer than 112,000 people.

Note 2 reveals that GDS's ambition is unrealistic in that, at the present rate, it could take until October 2074 to enrol 25 million people. Or March 2425.

And Note 3 questions the quality of GOV.UK Verify (RIP) accounts – are they any use to the financial service sector? To be told as we are seven times during the report that GOV.UK Verify (RIP) is endorsed by the government doesn't answer that question.

OIX say the financial service sector needs "an understandable, convenient, safe and trusted solution to manage and protect our identities online". They may or may not be right about that. The sector may need several such schemes, not just one.

But is GDS's GOV.UK Verify (RIP) a candidate? Given their inability to get the numbers right, confidence in OIX's ability to answer that question is undermined before the reader has even turned to p.3 of their 27-page report.

Participants (p.27)
OIX list eight participants in the production of their report

The list includes Verizon. Note 4 below suggests that Verizon is an odd choice by OIX to use to inspire confidence in GOV.UK Verify (RIP) – Verizon have been dropped from the register of approved "identity providers".

The Post Office are included. Their entry says: "The Post Office is proud to be one [of] the first certified providers of the GOV.UK Verify [RIP] scheme" (p.27).

That sounds straightforward.

Note 5 below demonstrates that it is anything but.

The Post Office isn't certified and it doesn't do any identity assurance work. Without telling the users, that work is actually done for it by another "identity provider", probably Digidentity. And what's more, Digidentity's service is governed by Dutch law, not English.

According to GDS, the other two uncertified GOV.UK Verify (RIP) "identity providers" – the Royal Mail and SecureIdentity – also quietly rely on third parties.

A straightforward proposition might be attractive to the financial service sector. A cloudy proposition, where the Post Office is really Digidentity and the Royal Mail is really GB Group, might not be.

Barclays are included in OIX's list of participants: "We're proud to be the only bank to be selected by UK government as a certified company to provide a safe, secure identity verification service" (p.27).

Unlike the Post Office Barclays are certified but, cloudy again, like the Post Office they don't provide their "safe, secure identity verification service" themselves. The Barclays privacy policy states that: "We may share your personal information with ... Verizon, our technical services partner, so they can perform certain parts of the Identity Service on our behalf".

The participant they don't include in the list is OIX themselves. You might expect OIX to be acting as a professional consultancy which maintains its objectivity by being independent. You might be wrong.

The OIX report is written by Bryn Robinson-Morgan. And according to his LinkedIn entry Mr Robinson-Morgan:
  • worked for the Royal Mail for 7½ years
  • then he worked for the Post Office for 8½ years including over two years on their identity assurance service
  • then he put in 17 months on the Barclays identity assurance service
  • followed by six months producing the OIX report with Innovate Identity, who are one of the five participants we haven't mentioned so far: "Our team have vertical industry expertise in financial services, payments, technology, telecoms, government, online retail, online gambling as well as breadth of geographical knowledge across multiple global jurisdictions ..." (p.27).
If the financial service sector wants an independent assessment of GOV.UK Verify (RIP) it's going to have to look elsewhere.

Financial Sector Analysis (pp.17-20)
OIX conduct a SWOT analysis – strengths and weaknesses, opportunities and threats – to assess the advisability of the financial service sector adopting GOV.UK Verify (RIP).

Under Weaknesses (pp.18-19) OIX note GOV.UK Verify (RIP)'s lack of scale, the failure of GDS to educate people with a digital identity public information campaign, the threats to people's privacy and the absence of any attribute exchange. As OIX say: "A central, commercial, driving force for the adoption of a standards driven digital identity scheme currently does not exist".

Under Threats (p.19) OIX worry that it is not certain that GOV.UK Verify (RIP) will succeed and that the scheme faces competition from Google, Apple, Facebook and Amazon.

The Strengths listed by OIX (p.18) are actually weaknesses:
  • OIX assume that GOV.UK Verify (RIP) provides "a strong identity that has been verified to the highest standards in comparison to existing methods generally deployed" but that's exactly what it doesn't do. (OIX ought to know that.)
  • "With consent and control of the personal data being with the customer", OIX say, "a sense of ownership is established". GOV.UK Verify (RIP) sprays its accountholders' personal information all over the world, out of anyone's control. Like the poor quality low level of assurance identities it peddles, lack of control/loss of ownership is another weakness of GOV.UK Verify (RIP)'s and not a strength.
Which leaves us with the Opportunities (p.19):
  • "Opportunities exist for financial service providers to reduce their costs by reusing an established digital identity". Really? By how much? No answer. When? No answer. OIX provide a SWOT analysis with no figures. And no logic. Just assertion and hope.
  • "Customers who currently abandon the application process can be capitalised upon by removing barriers of privacy ...". How many customers want to be capitalised upon by losing their privacy? No answer.
  • "The development of a unified, trusted brand, can be a catalyst to a reduction in fraudulent applications and opportunistic identity theft". Perhaps it can be. How big would the reduction be? No answer. Equally, a single unified service could make it easier to commit fraud and so increase its incidence rather than reduce it. This particular opportunity could just as well be included under Threats.
During the SWOT analysis on pp.18-19 OIX forget the p.17 "challenge" GOV.UK Verify (RIP) faces in "enabling those with a 'thin' credit file, such as younger people, new to country or those with limited recent financial transactions". Lack of penetration, one more weakness to add to the list.

OIX's hypothesis (p.17) is that: "Financial service institutions would accept an assured digital identity from a third party provider as part of their product application process if an established trust framework met their regulatory and service requirements". They may be right. But they haven't proved that GOV.UK Verify (RIP) is "an established trust framework". It isn't. It's not established. And it's not trusted.

Conclusions (p.25)
"A widely-adopted, fit-for-purpose, trusted, standards-based digital identity scheme could have significant value for the financial services industry ... it could simplify the initial digital engagement with a provider and subsequent transactions ... it could deliver a consistent approach to user identification and management and reduce the cost of onboarding and transactional business processes. It could facilitate the delivery of new services ...  it could provide the basis for delivering new user centric industry models ..." (p.25).

Yes. It could. It could do all sorts of things. The financial service sector probably know that and don't need a 27-page report from OIX to tell them.

They might be interested to know whether GOV.UK Verify (RIP) will be notified under eIDAS (Article 9). OIX don't say.

GOV.UK Verify (RIP) has until 25 May 2018 to comply with GDPR. Are GDS going to make it? The financial service sector might be interested to know but OIX don't say.

They might be interested to know how secure GOV.UK Verify (RIP) is but OIX are silent on the matter. (Not entirely silent, please see Note 6 below.)

They might be interested to know what they're supposed to do with GOV.UK Verify (RIP) which can't verify the identity of companies. Payments can't be authorised by companies via GOV.UK Verify (RIP) because GOV.UK Verify (RIP) doesn't know what a company is, the concept doesn't exist. OIX don't mention that Weakness/Risk. (Or is it a Strength/Opportunity?)

HMRC and Companies House use the Government Gateway for transactions with natural persons, companies, partnerships and trusts. It works and has done for 16 years+. Why are OIX reporting on GOV.UK Verify (RIP) and not the Government Gateway?

It can't be for the financial service sector. Who is this report for?

----------

NOTES

Note 1
GDS tell us that there were 966,767 accounts on 25 December 2016 of which 185,149 were "... ‘basic accounts’ created as part of a trial between May and July 2015. Basic accounts were not verified by certified companies, but allowed access to government services that required a lower level of certainty about identity". These self-certified "basic accounts" don't count, they are unverified Verify accounts, they should be deducted from the total.

That leaves GOV.UK Verify (RIP) with just 781,618 verified accounts in late December 2016. The OIX claim of 1,000,000 overstates the case by 28%. That's a poor start for the report ...

... and it gets worse. DMossEsq, for example, has created seven GOV.UK Verify (RIP) accounts for himself. He remains nevertheless just one person. GDS say there are 781,618 GOV.UK Verify (RIP) accounts. If everyone has done the same as DMossEsq and created seven accounts for themselves, then there are just 111,660 people involved and not OIX's 1,000,000, which overstates the case by 796%.

GDS's GOV.UK Verify (RIP) statistics go back over two years to October 2014. It could be that as few as 111,660 people have a GOV.UK Verify (RIP) account. By contrast, HMRC signed up 6.7 million users of their new personal tax account service in under 12 months.

Note 2
The ambition of GOV.UK Verify (RIP) is to "scale to 25 million users by 2020".

Since going live on 24 May 2016, GDS have been adding accounts at the rate of 1,172 per day. If 25 million users need 25 million accounts, that could take 21,331 days, which brings us to 18 October 2074, 54 years after GDS's ambitious target date of 2020.

Many of us will be dead by then and many new people will need to be registered. More so if everyone needs seven accounts, in which case we're looking at 18 March 2425, four centuries away.

Note 3
Doubts about the credibility of the OIX report set in before you have even turned to p.3. It's not just the number of GOV.UK Verify (RIP) accounts. It's the quality.

GDS admit that the 185,149 "basic accounts" are associated with a "lower level of certainty about identity". The other 781,618 aren't over-burdened with certainty either:
  • "... the original plan for Verify was for it 'to provide low to medium security ID assurance for citizens, and this hasn’t changed' ...", according to Civil Service World magazine (see also "wildly unrealistic expectations").
  • The US National Institute of Standards and Technology go further. GOV.UK Verify (RIP) doesn't even make it to a medium level of assurance according to them – the 781,618 so-called "verified" accounts are no better than self-certification (see also Table 2-1).
Note 4
"GOV.UK Verify is a federated identity scheme that uses an approved panel of certified private sector companies to confirm the identity of individuals". That's what OIX tell us on p.6.

Verizon is one of the 12 certified companies also known as "identity providers" who signed up to GOV.UK Verify (RIP) – Barclays, Cassidian, Experian, GB Group plc/GBG/CitizenSafe, Digidentity, Ingeus, Mydex, Paypal, the Post Office, the Royal Mail, Safran Morpho SecureIdentity and Verizon.

First Verizon were there on the register of "identity providers". Then, in March 2016, they disappeared. They reappeared in April 2016 and re-disappeared in July 2016, this time perhaps for good – "Verizon ... is no longer a certified company", GDS finally got round to telling the world in January 2017, with no explanation.

A. Consider these comments of OIX's:
  • "... a new approach for digital identities has emerged. One where the user is in control of their identity" (p.5).
  • "Customers are ... demanding greater levels of privacy, control and granular consent" (p.17).
  • "With consent and control of the personal data being with the customer, a sense of ownership is established" (p.18).
  • "Government endorsement being able to reduce customer friction and putting the users in control of their personal data were also seen as strengths" (p.20).
B. Then consider Verizon's claim: "Ultimately, we don’t see ourselves as a data provider; we see ourselves as an ad platform that helps brands and consumers connect". That, and the fine they received for using "supercookies", Verizon fined just $1.4m for stalker supercookies.

B. suggests that Verizon are pulling in the opposite direction from A. when it comes to the ownership and control of personal information.

Perhaps that's why GDS dropped Verizon from the register of "identity providers".

Or perhaps it's something to do with this – German government terminates Verizon contract over NSA snooping fears.

Perhaps GDS didn't drop Verizon, maybe they walked out because there's no money to be made from GOV.UK Verify (RIP).

Maybe Verizon will after all be back in the GOV.UK Verify (RIP) fold one day. They have not one but two identity assurance services approved trustworthy by tSchemeUIS and IPS/IBS.

Confusing, isn't it. No-one knows where they stand. It would help if GDS followed its own advice: "Make things open: it makes things better".

Note 5
Delivering Identity Assurance: You must be certified. That's what GDS promised everyone back in April 2013. "Certification ... is how government, and users, will know that the suppliers can be trusted". What they had in mind was certification by tScheme in the UK or by the Kantara Initiative in the US,

Is the Post Office certified by tScheme?

No.

The Post Office applied for approval of its identity assurance service in February 2014. A year later, its application lapsed:


The claim made by OIX or whoever that the Post Office is certified is false.

GDS claim that all their "identity providers" are certified:


How do GDS square that claim with the fact that neither the Post Office nor SecureIdentity nor the Royal Mail is certified?

A year ago, GDS told us that: "Post Office uses the same system as another provider which has been t-Scheme certified, so we have agreed that there is no need for a second certification of the same system unless and until ...".

Lovers of cockamamie logic will enjoy a related claim made by GDS last month: "It’s worth noting that all of our certified companies are certified by tScheme, but not necessarily separately".

The joke is likely to have worn off by the time it gets to members of the financial service sector. They are unlikely to be able to undertake payments apparently authorised by DMossEsq, whose identity is apparently verified by the Post Office or the Royal Mail or SecureIdentity but isn't really.

GDS refuse to say who the other "identity provider" is whose system the Post Office uses. We think it may be Digidentity's.

Digidentity's identity assurance service is "governed by Dutch law". This also may cause difficulties for the financial service sector.

We have no clue whose identity assurance system SecureIdentity are using.

The Royal Mail are thought to be using GB Group plc's identity assurance scheme, please see the Government Computing website: "From this week, users wishing to access specific online government services will be able to select the [Royal Mail] to verify their identity through a service which will be managed by GB Group (GBG) under the Royal Mail brand".

Please see also the Royal Mail's privacy policy: "In order to verify your identity, we will share your information with our partners, GB Group, who will check it against information held on databases maintained by ...".

It's more complicated than that. When you register with either the Royal Mail or GBG, you find yourself on the website of a third company, Avoco Secure. A user who thinks he or she is opening a GOV.UK Verify (RIP) account through the Royal Mail is actually using Avoco Secure and the account will actually be managed by GBG.

GOV.UK Verify (RIP) should be straightforward. It isn't. The public are being lured in with recognisable brands like the Royal Mail when, behind the scenes, whether they know it or not, they're really dealing with GBG and Avoco Secure. Your dealings with the Post Office turn out to be with Digidentity and to be governed by Dutch law. A more straightforward offering would surely be more attractive to the financial service sector.

Note 6
OIX conducted customer research for their report (pp.10-16) with the terms of reference set out at pp.7-9. The report takes 10 pages to explain that 15 individuals were given a "mid-fidelity clickable prototype" system (p.11) with which to try to open a bank account using a GOV.UK Verify (RIP) identity.

"That this was offered at no charge was highlighted as a positive" (p.13) – is there anyone left who still believes that government and/or bank services are free?

Are the reactions of 15 people to a prototype of any use to the financial service sector?

Apparently these people felt reassured as to the trustworthiness of GOV.UK Verify (RIP) because the government are involved (p.13).

They were using the Post Office to create their GOV.UK Verify (RIP) identity (p.14). This caused "a degree of confusion" (p.14). Were they told that the Post Office had failed to have their identity assurance service approved by tScheme (please see Note 5 above)? Would they still have felt reassured by the government's involvement?

"For most participants, a strong brand recognition was important in their choice of identity provider" (p.14). Were they told that they weren't really dealing with the Post Office, that's just a front, a deception, behind the scenes the identity registration work is actually being performed by another organisation, probably Digidentity, whose brand they probably wouldn't recognise at all (please see Note 5 above)?

Participants were asked "if they felt the process was secure" (p.9). So what if they did feel that it was secure? That has no bearing on the question whether it is secure.

And what did the participants feel after their sessions with the "mid-fidelity clickable prototype"? "Delight", apparently, "in the application journey being frictionless" (p.16).

The financial service sector regulators may not be so easily delighted, much friction to be expected, if the payments industry places any reliance whatever on these research findings of OIX's.

----------

Updated 1.3.17

Project points to using council data in Verify. That's what Mark Say said on 24 February 2017: "A discovery ... project, run by Tower Hamlets and Etive Technologies with the support of the Government Digital Service (GDS) and the Open Identity Exchange (OIX), has provided evidence that an aggregator such as the Digital Log Book could provide supporting evidence to verify the identities of some people who lack the right ‘digital footprint’ in the private sector".

That takes a bit of unscrambling.

"Digital log book" is another name for what we have in the past called a "personal data store (PDS)". Etive Technologies (ET), referred to in Mr Say's article, is a small version of Mydex, the famous promoters of PDSs here in the UK.

ET and Mydex are both small companies. ET claim that there are 11,000+ of their digital log books in existence.

Even if they were bigger, it wouldn't help. We have already demonstrated that a PDS/digital log book is irrelevant when it comes to attribute exchange.

OIX have blogged a bit about their Tower Hamlets project. 12 victims were subjected to user research with a prototype system, not a real one, rather like OIX's methodology above. Watch the video:

 

Some of the victims say quite clearly that they don't want to share their personal information with all and sundry. Others say that if that's the only way to claim their benefits then they will use digital log books. OIX's conclusion is that everyone (12 people) thinks PDSs are a tremendous idea and what the world needs is another OIX beta/trial.

How secure is ET's service? In what way do ET assist GPG45-style identity proofing? A lot of people have trouble registering with GOV.UK Verify (RIP). Would ET help to improve penetration? By how much? We don't know. We don't know the answer to any of those questions. OIX don't tell us.

All those involved in the registration of GOV.UK Verify (RIP) accounts are meant to be "certified". ET aren't certified. Given that even the Post Office and the Royal Mail and Safran/Morpho SecureIdentity have proved incapable of achieving certification, what chance do ET have?

Mydex never achieved certification either and finally dropped out of the running to become GOV.UK Verify (RIP) "identity providers".

When will OIX learn?

It doesn't matter.

But local authorities do need to realise that they can expect little if any benefit from GOV.UK Verify (RIP), with or without Etive Technologies.

Project points to using council data in Verify?
No it doesn't.


Updated 8.4.17

About 30 percent of attempts to register with GOV.UK Verify (RIP) end in failure. That's what the Government Digital Service (GDS) said. When they used to publish registration/enrolment statistics.

They wanted to get that failure rate down below 10 percent before declaring GOV.UK Verify (RIP) to be "live". In the event, the system is now supposedly live and we haven't the least idea how many people fail to get a GOV.UK Verify (RIP) account because GDS stopped publishing the statistics.

There's clearly still a problem, though, and once again here comes the Open Identity Exchange (OIX) to the rescue.

OIX oversaw an experiment involving GDS, Safran and Timpson. 16 people who had failed to register on-line with GOV.UK Verify (RIP) were invited to try again, off-line, face-to-face, in a Timpson shop, please see Face-to-face identity proofing to help people obtain an assured digital identity.

OIX mislead their readers when they say: "Obtaining a GOV.UK Verify [RIP] digital identity with a certified company - otherwise known as an identity provider - is an online experience" (p.3). Famously, Safran is not a certified company. Neither is Timpson.

Timpson have created a brand name, ArkHive, and OIX say: "Users were happy with the concept of creating an ArkHive account as a way of sharing access to documents with their identity provider" (p.3). An ArkHive account sounds like a personal data store (PDS) and "users" may care to think again before declaring themselves "happy with the concept".

How does visiting a Timpson shop overcome the problem of registering on-line with GOV.UK Verify (RIP)? The answer isn't clear. You have to do a bit of detective work.

OIX tell us that the 16 GOV.UK Verify (RIP) victims turned up at Timpsons with their passport and driving licence, both of which were scanned, then they had their photograph taken, then they went away and some days later they were told whether they had succeeded in registering. How does that work? OIX don't tell us.

We learn a bit about the reactions of the victims:
  • "Participants didn’t like having their photo taken. The process of capturing an ID photo in store was an area of great discomfort for participants, this being due to a natural dislike of their photo being taken, particularly by women" (p.19), for example.
  • And "Participants did not feel comfortable entering a password in the shop. Participants were most uncomfortable with entering a password when setting up their ArkHive account. Entering a password in store was considered the weakest link in the service, since it was a public computer" (p.26). Very sensible of the participants.
  • Then their good sense deserted them: "the process was changed to enable the participants to enter a password in their own time. Two-step authentication using an email address or mobile number allowed the participant to receive a text whilst in store with a temporary code that then prompted them to change their password when they first logged into their ArkHive account. It was clear that participants felt this was secure" (p.26). Why does this feel any more secure than entering your password in the shop?
  • “It’s an online document storage folder as secure as Dropbox, Google Drive or iCloud” – James, 38 (p.20). How does James know that?
  • "The participants’ trust in the service is transferred from its association with GOV.UK. Participants trusted the SecureIdentity brand [Safran] because it was recommended by GOV.UK. That trust then continued to the ArkHive brand as it had been recommended and certified by SecureIdentity [Safran]. Participants trusted the overall service" (p.18). There's not a lot supporting this trust house of cards and a fair amount undermining it (p.10):
The only one with access? Complete control?

But OIX do not tell us how this Timpson/Safran process amounts to face-to-face identity-proofing. Not in so many words, at least. But there's a graphic on p.10, a representation of the "user journey", which includes this at step #3:


Facial recognition technology.

So that's why Safran – the self-proclaimed world leader in biometric identity solutions – are involved in this OIX exercise.

Mass consumer biometrics are utterly unreliable. Facial recognition is the world leader in mass consumer biometrics utter unreliability. The Association of Chief Police Officers (now NPCC) told the House of Commons Science and Technology Committee that they were "not aware of [police] forces [in England and Wales] using facial image software at the moment" and that "the technology is not yet at the maturity where it could be deployed" (para.95).

GDS are being fooled, so are OIX and Timpson, and so are the public if they believe that mass consumer facial recognition biometrics technology will prove anyone's identity.

Why would the financial service sector (please see above) rely on an identity "proved" by facial recognition biometrics? They wouldn't.

Why would Her Majesty's Revenue and Customs pay a tax refund to an identity "proved" by facial recognition biometrics? They wouldn't.

Will mass consumer biometrics help GDS to increase the roll to 25 million GOV.UK Verify (RIP) accountholders in the next three years? No. 25 million times no.

OIX to the rescue? No.

GOV.UK Verify (RIP) will have to look elsewhere for the solution to its on-line registration/enrolment problem.


Updated 11.4.17

If a crook convinces your bank that he or she is you and gets some money out of your account, you slip into the well-oiled machine of the banks' fraud procedures, they compensate you and, if necessary, your new debit card turns up a few days later. That's an integral part of a live service.

The Government Digital Service (GDS) claim that GOV.UK Verify (RIP) is a live service. But they don't have well worked out procedures to follow in the event that your account is hijacked.

We know that because OIX have helped to test a suggested procedure, please see Identity repair in the GOV.UK Verify [RIP] federation:
  • "This report summarises the results of an Open Identity Exchange (OIX) discovery project conducted on the subject of Identity Repair ... The project tested out an online identity repair function ... It also considered how identity repair services should be branded and initiated ... Further work will be conducted following this initial project ..." (p.4).
  • "It is anticipated that this collaborative project will lead onto an alpha project that will design and refine the identity repair function" (p.21).
GDS hope to interest the UK financial service sector in GOV.UK Verify (RIP). Not a chance. Not with GOV.UK Verify (RIP) in this state of fatal vulnerability, with no "repair function".

---  o  O  o  ---

As a matter of interest, you may ask how is the proposed OIX repair function supposed to work? Biometrics (p.17):


Hopeless. GOV.UK Verify, RIP.

RIP IDA – OIX to the rescue 1

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.

14 June 2012, we discovered that the Government Digital Service (GDS) had joined the Open Identity Exchange (OIX) in order to help with their moribund identity assurance programme now known as "GOV.UK Verify (RIP)".

23 December 2016, OIX published The value of digital identity to the financial service sector, which explores "the reuse of a GOV.UK Verify [RIP] digital identity in a financial service application process".

Does that report help GDS?