Saturday 27 October 2012

Identity assurance. Only the future is certain – doom 3

It's Monday 31 October 2011, and six months after his previous identity assurance meeting DMossEsq finds himself at another one. That's the meeting where ex-Guardian man Mike Bracken spoke and which he wrote up on the Government Digital Service (GDS) blog, Establishing trust in digital services.

Three points.

The event was called Ensuring Trusted Services with the new Identity Assurance Programme and there's a natural tendency to think of it as a Cabinet Office event or more specifically a Government Digital Service (GDS) event. It wasn't.

The event was held under the auspices of the Technology Strategy Board (TSB), which is "sponsored" by the Department for Business Innovation and Skills (BIS). There were eight speakers, of whom two were from the TSB and one was from the Skills Funding Agency, which is a "partner organisation" of BIS. That's three out of eight.

Francis Maude, Cabinet Office Minister, announced a £10 million investment by the Cabinet Office in the identity assurance industry and Iain Gray, chief executive of the TSB, announced a £14 million investment and the winners of that funding were exhibiting at the event.

When you consider identity assurance (IdA) you must consider both GDS and BIS as the sponsors/promoters/investors. That's point 1.

Point 2, there is a natural tendency to associate IdA with the administration of benefits. DWP have been chosen to pioneer IdA on UC, the Universal Credit initiative. But that's just the start. It's meant to go viral and crop up everywhere.

The government's White Paper on Individual Electoral Registration relies on IdA (see for example para.52, p.18):
The draft legislation will allow digital identity assurance to be used in future to verify an application to be added to the electoral register.
The BIS paper on A midata future: 10 ways it could shape your choices adds 10 further applications of IdA to the list being contemplated, including applying for a job, managing your budget, looking after your health and choosing a film to watch. BIS say, for example:
midata' could allow individuals to have access to information held about them by various organisations. When getting a new job, an individual could use verification programmes to send necessary proofs to a new employer. For example, instead of making copies and going to the post office, a new employee could get their driving licence, educational qualifications, CRB check and personal identity [emphasis added] all by ticking a set of boxes and clicking 'send'.
IdA is not just about UC. Its tentacles could reach into every aspect of your life.

And point 3?

After Mr Maude had spoken and debate was thrown open to the audience, Neil Fisher of Unisys said, what is true:
Any project with "identity" in the name is doomed to failure.
Thus the name of this little series of posts. Only one more to go.

----------

Updated three years later, 31 October 2014

That meeting in 2011 was energetic and cheerful and noisy.

What a contrast to yesterday's re-run, no Francis Maude this time and no Mike Bracken, please see Kable/Government Computing's Cabinet Office sets out identity assurance expansion aims.

The failure of IDA, the identity assurance scheme, to expand – or rather, its failure to start – is the fault of DWP's December 2011 framework agreement. It remains their fault to this today despite the fact that GDS took it over in March 2012.

Eight so-called "identity providers" had signed up to IDA by January 2013:
  • Three have already pulled out – Cassidian, Ingeus and PayPal.
  • Four of them have yet to be certified trustworthy and haven't signed up a single user – Digidentity, Mydex, the Post Office and Verizon.
  • Since they only get paid for signing people up, the return on their investment in IDA is nil.
  • Only one "identity provider" is left standing – Experian. They have signed up just under 800 people.
  • Since they get paid just pence per registration, they have something of the order of £8 to show for two years work.
And now GDS are planning a second framework agreement.

They've changed the name from "IDA" to "GOV.UK Verify". Otherwise it's business as usual:
  • Suppose they get five "identity providers" on board and suppose that 45 million Brits register with all five of them.
  • That's 225 million registrations for an estimated £105 million to be offered by the new framework agreement.
  • For approximately 47 pence each, the "identity providers" have to register you in the first place, check your registration once a year and assure an unknown number of relying parties an unknown number of times that you are you.
  • The liabilities are onerous. Nothing is ever GDS's fault. And all for 47p.
Who's going to jump at that opportunity?

No-one.

No-one who values their company, their career and their reputation.

Sauve qui peut.

RIP IDA.

No comments:

Post a Comment