Saturday, 30 May 2015

RIP IDA – nil by mouth

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

Last heard, 26 March 2015, GOV.UK Verify (RIP) was in maudlin mood, brooding about the meaning of life and the objectives for its vanishing future.

Speaking through its faithful assistants Janet Hughes and Stephen Dunn from its deathbed in the Kingsway hospice destined to be its final resting place, GOV.UK Verify (RIP) expatiated ungrammatically on its Objectives for live and "what ‘live’ means" for it as the end approaches. Ominously, there hasn't been a word from GOV.UK Verify (RIP) in the five weeks since.

It's what they don't say that counts, please see RIP IDA – what they omitted from the obituary. GOV.UK Verify (RIP) has now hobbled from having only three "identity providers" to four, but they didn't tell us that. As their energy seeps away, the only reason we know is that Neil Merrett (read him early, read him often) kindly told us on 14 May 2015 in Verizon joins GOV.UK Verify accredited suppliers list.

Maybe they just didn't have the heart. Following the story two days earlier, Sprint and Verizon to pay $158 MILLION over bogus 'cramming' fees, how were GOV.UK Verify (RIP) supposed to convince the British public that the unsavoury Verizon is an ornament to the Constitution and a safe repository for our personal information?

"We’ve written before about our work to expand the range of evidence people can use to verify their identity through GOV.UK Verify" they told us back in March, frustrated, and there's still no sign of a solution. What personal information/"evidence" does Verizon bring to the UK to help us to verify our identity? None.

You could ask the same of one of the other "identity providers", Digidentity, a Dutch company with no database of personal information about us Brits. But oddly enough, in their case, we know the answer to that one thanks to the following press release, Digidentity, working in partnership with Callcredit and Government Digital Services, announce the launch of their Virtual ID service for UK Citizens. Digidentity are working with Callcredit, a credit referencing agency, like Experian, one of the four accredited "identity providers".

So much for expanding "the range of evidence people can use to verify their identity". Another credit referencing agency. What is a person? As far as GOV.UK Verify (RIP) is concerned, a person is a credit history.

Why didn't GOV.UK Verify (RIP) tell us, their parishioners, that Digidentity are working with Callcredit? "We're building trust by being open", they've said in the past, "the sunlight of transparency is making things better". Doesn't look like it, does it. Who are Verizon working with? GOV.UK Verify (RIP) keep us in the dark.

There is one consolation for GOV.UK Verify (RIP) as it goes into that dark night. For some unknown reason the Americans have decided to model their public services IT on the UK's Government Digital Service (GDS), the operators of the Kingsway hospice whose achievements are the stuff of legend. Two US organisations, USDS and 18f, lose no opportunity to acknowledge their debt to GDS. The consolation is that at least GOV.UK Verify (RIP) will leave that American legacy, a visible testament to its short sojourn among us.

But just as the oscilloscope attached to GOV.UK Verify (RIP)'s wrist shows wan signs of life and a single pulse ping echoes around the intensive care unit what do 18f go and do? On 18 May 2015, et tu Brute, knife in the back, 18f only go and announce MyUSA – your one account for government. Is MyUSA modelled faithfully on GOV.UK Verify (RIP)? It doesn't look like it. They're not relying on Verizon. Or Digidentity. Far from the adolescent science fiction world of "identity providers", if anything the treacherous 18f's MyUSA looks more like the Scots myaccount initiative.

Dejected and rejected, crestfallen and broken-hearted, the patient slumps back into coma. And the doctors do what they always do. They put out a bulletin. The next 6 months: services that plan to start using GOV.UK Verify (RIP).

That was on 14 May 2015. The bulletin covers GOV.UK Verify (RIP)'s vital signs. E.g. the HMRC tax code/company car application. Number of users expected by November 2015? 20,000. That's 20,000 car-driving taxpayers, all identified by GOV.UK Verify (RIP), in six months time.

The doctors put out the same bulletin on 20 February 2015. Only that time they forecast 20,000 users by August 2015. The 5 January 2015 bulletin reckoned there would be 20,000 users by July 2015 and the 29 October 2014 version confidently promised 20,000 users by April 2015, a month or two ago.

The dates keep changing. But nothing else. GOV.UK Verify. RIP.

----------

Updated 20.12.17

2½ years ago we wrote:
On 18 May 2015, et tu Brute, knife in the back, 18f only go and announce MyUSA – your one account for government. Is MyUSA modelled faithfully on GOV.UK Verify (RIP)? It doesn't look like it. They're not relying on Verizon. Or Digidentity. Far from the adolescent science fiction world of "identity providers", if anything the treacherous 18f's MyUSA looks more like the Scots myaccount initiative.
How's it going, you ask? Tell us about MyUSA. And myaccount. And GOV.UK Verify (RIP).

Alright.

Here's Jason Miller of Federal News Radio to tell you that, following the failure of Federal Bridge and then E-Authentication and then Connect.gov and then MyUSA, the latest attempt at an identity assurance service for people to interact with on-line public services in the US is Login.gov. Quoting 18F, Mr Miller writes:
“To build this login platform, we’re using modern, user-friendly, strong authentication and effective identity proofing technology. This new platform will leverage the extensive lessons we’ve gained from agency efforts in the past, including lessons learned from our counterparts in the UK who built GOV.UK Verify [RIP].”
Mr Miller was writing in May 2016. MyUSA was already dead by then. So was GOV.UK Verify (RIP), of course, although that was the month when the surrealists at the Government Digital Service (GDS), 18F and USDS's "counterparts in the UK", declared the service to be live.

GOV.UK Verify (RIP)'s death notice was published last Friday 15 December 2017. Not by GDS, of course. In their Whitechapel terrarium GOV.UK Verify (RIP) is thriving. In the real world, Bryan Glick, the estimable editor of Computer Weekly magazine, delivered a masterly eulogy:
We will not see 25 million users of Gov.uk Verify – ever ...

A recent review of digital identity by McKinsey, commissioned by the Cabinet Office, focused on alternative schemes around the world ...

NHS England is now going its own way on digital identity, building its own platform for ID verification, according to its chief digital officer Juliet Bauer ...

HM Revenue & Customs (HMRC), ... has rejected Verify in favour of redeveloping its existing Government Gateway ID system ...
Mr Glick predicts that GOV.UK Verify (RIP) will become a brand name, a fig leaf for GDS. Working identity assurance schemes will be declared to be GOV.UK Verify (RIP)-compliant.

"Back in 2012, then-GDS chief Mike Bracken was clear in an interview with Computer Weekly [about] government’s role in online identity assurance", he says, and then quotes Mr Bracken: “It isn’t about building a product, it’s about supporting a protocol”. So why did Mr Bracken promptly set about building a product?

Piffle.

"The story will be that the money has been an important investment in understanding the requirements and getting the UK to a point where we can create a viable digital identity ecosystem".

More piffle.

We already had that understanding.

The identity ecosystem has done what all ecosystems do – killed all the useless adaptations. Federal Bridge, E-Authentication, Connect.gov, MyUSA and GOV.UK Verify (RIP) are all dead. The only survivor is the quite remarkably fit Government Gateway, which GDS in their ignorant arrogance ignored back in 2011 because they somehow knew better.

And how are the Scots getting on with myaccount? Another failed species, another victim of the ecosystem, not up to it, please see Stewart Hamilton's blog post on Scotland's new programme plan for on-line identity assurance:
David Moss says:

December 18, 2017 at 7:07 pm

Your Scottish Government Online Identity Assurance Programme Plan looks as though it has the same objectives as myaccount and involves pre-discovery and discovery work that must surely already have been done for myaccount.

In what way has myaccount failed?

It must have failed. Otherwise you wouldn’t be launching a new plan. Given that you are launching a new plan it is surprising that you would look to GOV.UK Verify (RIP) for inspiration.

GOV.UK Verify (RIP) has been rejected by most departments of central government and by local government and by the private sector.

It has a failure rate of over 60% when people try to use it, it can’t handle legal persons, it sprays personal information all over the world to so-called “identity providers”, their subsidiaries and their sub-contractors, its functionality has barely changed since it went “live” in May 2016 and the GOV.UK Verify (RIP) team stopped talking to the public months ago – no sort of an example to the Scottish Government Online Identity Assurance Project Team.

Take a look at ‘On digital identity in the UK – and the likely future for Gov.uk Verify’ [*] and you’ll see that the imminent demise of GOV.UK Verify (RIP) is predicted. Whatever the problems are with myaccount it’s unlikely that GOV.UK Verify (RIP) is any part of the solution.

———-

* http://www.computerweekly.com/blog/Computer-Weekly-Editors-Blog/On-digital-identity-in-the-UK-and-the-likely-future-for-Govuk-Verify

No comments:

Post a comment