Friday 26 October 2012

Identity assurance. Only the future is certain – doom 1

The ID cards scheme made IPS into pariahs in Whitehall.
The same fate awaits GDS.

Monday 20 September 2010, the aftermath of the comprehensive failure of Whitehall's plans to introduce government ID cards to the UK, and DMossEsq finds himself at a meeting to discuss identity assurance:
Attendees included suppliers -- consultants, PKI people, lawyers, telecommunications people, credit rating agencies, defence contractors and retailers -- and civil servants from the Cabinet Office, obviously, and DWP. No-one from the Home Office, HMRC, the Department of Health, the Department for Education ...
According to his contemporaneous notes:
No coherent case could be made for the NIAS [= National Identity Assurance Service, precursor to IdA, now IDAP, the Identity Assurance Programme]. No-one could see what the benefit would be to anyone, whether the assembled suppliers, the citizen consumers or even the government departments. There is no money on the table. The team in charge at the Cabinet Office comprises exactly two people and the Secretary of State, Francis Maude, needs to see private sector interest before there is any question of money being made available.
Further, and quite unexpected, the astonishing degree of No2ID's success, or of the Home Office's failure, depending on how you look at it, became painfully, embarrassingly and almost sadly evident as one supplier after another said that if there was the slightest hint in public that this (non-)project had anything to do with the National Identity Service and the Home Office, then they couldn't possibly be seen to be involved, and as if that wasn't enough, the person from DWP said the same. Any connection would be seen as diseased. A contagion. The Home Office and the Identity & Passport Service have become unmentionable.
The putative suppliers to the Government Digital Service's identity assurance programme may care to remind themselves of the reputational damage they face if they allow themselves to be linked with IDAP. Two years ago, with the example of the pariah IPS [the Identity & Passport Service] in front of them, the banks and the mobile phone companies and the credit referencing agencies understood the risks – all 32 of them. The risks haven't changed.

And GDS may care to take note of IPS's fate. Most of the GDS team imagine that they're working on a noble project to improve the user experience of a public service website. They are. But the other side of that coin, without which the project is pointless, is identity assurance, the same identity assurance sought by IPS.

The same affliction of disease and contagion awaits.

No comments:

Post a Comment