Wednesday 20 January 2016

RIP IDA – the sunlight of transparency

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

GOV.UK Verify (RIP), currently being tested, uses a combination of passport details, driving licence and credit rating information to try to enrol people onto the population registers maintained by the Government Digital Service's so-called "identity providers".

Even if a computer-literate person with access to broadband would like a GOV.UK Verify (RIP) account, there can be problems. Among others, that person may not have a passport or a driving licence or a credit history.

The solution to those problems suggested by GDS is to increase the range of data sources available for GOV.UK Verify (RIP), which is why on 1 December 2014, 13 months ago, GDS published How we’re working to increase the range of data sources available for GOV.UK Verify [RIP]:
We’re working to identify more government data sources to add to the document checking service. We’re hoping to be able to say a bit more about our plans on this in the new year.

The use of any additional official data sources would be subject to formal agreements on how the data can be used, and government data sources will only be used on the basis of informed user choice and consent.
They were looking for "more government data sources". Such as? Two days later, DMossEsq suggested personal information recorded by the government about your education, travel or health. That was a guess.

It wasn't a wild guess. It was based on proposals made by the Department for Business Innovation and Skills for its midata project, a close cousin of GOV.UK Verify (RIP), in this video for mooncalves:

But it was a guess nevertheless.

What is the correct answer?

That should have been known shortly. Remember: "We’re hoping to be able to say a bit more about our plans on this in the new year [i.e. January 2015, a year ago]". Remember, too, that the Cabinet Office Minister at the time, Francis "JFDI" Maude, had promised:
Surprising and disappointing, in the event, GDS still haven't told us what additional government records will be pressed into service to populate their identity registers.

Their business partner OIX, the Open Identity Exchange, has floated an alternative solution. Rather than records held by the government, why don't the "identity providers" leaf through our bank accounts instead? Please see their August 2015 white paper, The use of bank data for identity verification.
The primary benefit for Identity Providers is the availability of an additional source of data to validate user-entered data ..., establish a link between the identity and the person ... and establish activity history ..., which would help them achieve ... identity assurance at level of assurance 2. [Please see p.11]
Level of assurance 2 is acceptable in a civil court but inadequate for a criminal court, where you need level 3. OIX are telling us that GOV.UK Verify (RIP) is having trouble reaching even level 2 and that adding our bank details might help.

GDS have neither confirmed nor denied wanting access to our bank accounts. The sunlight of transparency has been dimmed.

Until the day before yesterday when Neil Merrett, read him early, read him often, wrote Experian vows to expand GOV.UK Verify data sources. Experian, remember, are one of the four "identity providers" you can register with if you want a GOV.UK Verify (RIP) account.

Would we finally discover the answer? Educational attainments? Foreign travel history? Medical records? Current account transactions? Mobile phone logs? Don't get your hopes up:
Experian said it would not be providing further details on the nature of these data sets at this time.
Are Experian embarrassed to tell us what new data sources they intend to use? That might explain their reluctance to tell us. In which case, why are they embarrassed? Do they think that it's wrong to use these data sources? Do they fear that the public might object? And that Experian's reputation might suffer?

Come to that, why have GDS kept quiet for over a year now about the "government data sources" they were "working to identify" way back in December 2014?

We don't know.

The only thing that is clear is that the claim that GOV.UK Verify (RIP) will put us all in control of our own data is empty. Remember the "informed user choice and consent" mentioned by GDS in the opening quotation above? Forget it.

Meanwhile, others are looking on and, like us, wondering. More than just wondering, they're doing something about it – DWP building a separate ID tool as Verify can’t cut it, whisper sources, says the tireless Kat Hall in ElReg:
The Department for Work and Pensions looks to be developing its own version of an online identity tool intended as a way to ensure a secure transaction with government services, according to several sources.
And it's not just the Department for Work and Pensions. Her Majesty's Revenue and Customs, too:
A number of sources have told The Register that both the DWP and HMRC are building their own separate online identity systems due to the issues related to getting Verify off the ground.
These service providers have a job to do. HMRC, for example, has to raise the tax revenue on which the state depends. They can't hang around waiting on the off-chance that GDS might get their GOV.UK Verify (RIP) act together.

DWP and HMRC between them must account for the vast majority of GOV.UK Verify (RIP)'s accountholders. The other huge service provider is the National Health Service. But they've already rejected GOV.UK Verify (RIP) on the basis that they're a better "identity provider" than Experian and the other three members of GDS's team, digidentity (Dutch), the Post Office (uncertified) and Verizon (American and banned from any government contracts in Germany).

There's always the private sector, of course. Perhaps they might like to use GOV.UK Verify (RIP)?


Back to Neil Merrett and his June 2015 article, GOV.UK Verify potential in focus as private sector talks begin. GOV.UK Verify (RIP) is no use to the UK finance sector, who are building their own "digital passport". It's no use to merchants who need to conduct on-line age verification. It's even been rejected by the on-line adult entertainment/pornography sector.

The sunlight of transparency reveals an identity assurance scheme with no suppliers and no customers and a data source that dare not speak its name. RIP.


Updated 26.1.16

Yesterday saw the publication of GOV.UK Verify [RIP]: understanding who can be verified and Estimating what proportion of the public will be able to use GOV.UK Verify [RIP].

The Government Digital Service (GDS) have got their slide rule out and used a mathematical model to predict what percentage of its target population – us – can in theory be enrolled onto the registers maintained by its "identity providers".

This is the picture of their prediction, categorising us by age:

Will GDS's model prove more accurate than, say, Her Majesty's Treasury's models of the UK economy? The massed brains of the Treasury assured us in 2002 and 2003, you will remember, that we had now seen the end of boom and bust. It didn't work out that way.

"Our next piece of analysis will be conducting logistic regressions and correlation matrices to gain further insights across demographic groups", they say at GDS. Good. Just like the political pollsters who predicted a dead heat between the Labour and Conservative parties at the May 2015 general election. The Conservatives won 99 more seats than Labour.

While we're waiting to see the outcome, take a look at the graph above. It shows a large increase in "verification rates" over the next few weeks.

It needs to if GDS are to meet their April 2016 target of 90 percent coverage.

The "verification rate" for orange people is due to rise from about about 40 percent to about 80 percent. Is there anything more than wishful thinking to support that large increase?

Are GDS expecting their new "identity providers" to provide that increase? No new approvals have been granted by tScheme. So there can't be any new "identity providers". Their services all have to be approved before they're let loose on the unsuspecting public.

If the expected increase isn't predicated on new "identity providers", then have the existing ones gained access to new data sources? And if so, which data sources? What personal information of ours are we about to discover that we have given permission for Verizon et al to access? For all their claims to openness, GDS still haven't told us.

Updated 29.2.16

GDS have added a fifth "identity provider", Safran Morpho, to their identity assurance platform, GOV.UK Verify (RIP). The registers underlying GDS's platforms provide a "single source of truth" according to Tom Loosemore.

Turn to the GOV.UK Verify (RIP) dashboard on the GOV.UK Performance platform, and what do we see under Certified companies? Digidentity, Experian, the Post Office and Verizon. But no Safran Morpho.

Presumably this single source of truth has to be updated manually from another single source of truth. That would explain the absence of Safran Morpho and the absence further down the dashboard page of any statistics for the week ending 28 February 2016, yesterday.

The GOV.UK Verify (RIP) Account creation success rate, all services stood at 74% on 3 January 2016.

That is consonant with the figures on the graph produced by GDS's new mathematical model.

The model predicted that "verification rates" would climb over 80% soon after 16 January 2016, please see the thick pale blue line for "total verified", i.e. everyone over the age of 16.

In the event, according to the dashboard, the single source of truth, the "verification rate" had fallen to 72% by 21 February 2016. It's going the wrong way.

Even with Safran Morpho's unregistered assistance, what chance the "verification rate" will exceed 90% in June/July 2016 as predicted by the model?

Updated 8.3.16

Another week, and another fall in the Account creation success rate, all services, down from 72% to 67% when, according to GDS's mathematical model, it was meant to be heading up through 80% towards 90%:

Updated 15.3.16

Another week, and another fall in the Account creation success rate, all services, down from 67% to 62% when, according to GDS's mathematical model, it was meant to be heading up through 80% towards 90%:

Updated 22.3.16

The dead cat bounce

It's been a goof week for GOV.UK Verify (RIP). It's in remission. The Account creation success rate, all services is up, at last.

To 90%, as predicted?

No. 66%.

Take a look at our favourite graph from GOV.UK Verify [RIP]: understanding who can be verified:

By now, late March, pink people – age 75 and over – should have a success rate over 70% according to GDS's mathematical model and for everyone else the success rate should be over 80%.

66% is off the scale. Lower than the lowest projection.

In the charming terminology of the securities world, this week's increase from 62% to 66% is a "dead cat bounce".

Updated 6.4.16

Week ending 20 March 2016, the GOV.UK Verify (RIP) dead cat account creation success rate bounced up to 66%, as noted above. A week later it was falling again, to 63% (27 March 2016) and last week it fell further, to 62% (3 April 2016). Not a good sign for a moggy that's meant to be dancing around the 90% mark.

Looking back at 25 January 2016 and Estimating what proportion of the public will be able to use GOV.UK Verify [RIP], someone spotted that there'd been an update on 29 March 2016:
Update, 29 March 2016: We are now able to publish a CSV file (663 kb) containing the data used for the web tool for 7 of the 9 demographic variables provided by the ONS omnibus survey. This is combined with our model's estimate of the individual's probability of being verified by certified companies over time. This is the maximum number of variables we could make public, whilst preserving the anonymity of respondents.
Take a look at the CSV file linked to in that update.

What you'll see is that GDS's own model predicts that:
  • GOV.UK Verify (RIP) tends to exclude individuals with a low income, people outside the managerial and professional classes, the unemployed, the very young, the very old, urbanites, women and Northerners.
  • And for everyone else, even theoretically, it's still miles away from the 100% identity verification rate you might, if you're old-fashioned, associate with a public service public provision.
The logistic regressions and correlation matrices team in GDS have estimated the probability of GOV.UK Verify (RIP)'s "identity providers" being able to verify people's identity on four different dates as follows:

Verification probability
13 October 2014
3 December 2015
1 March 2016
1 July 2016

There is no indication how those probabilities were calculated. Or what assumption is made to achieve that huge increase from the 70s to the 90s. Or whether the model is wrong or maybe it's the world that's wrong, with its limp 62% account creation success rate last week.

The data in GDS's model is analysed by geographical region of Great Britain and if you calculate the average verification probability across all four dates you get:

Verification probability
North West
North East
West Midlands
South East
Yorkshire and Humberside
Eastern England
South West
East Midlands

Something in GDS's model suggests that GOV.UK Verify (RIP) should be more successful in the South West and the East Midlands than it is in the North West and Scotland.

The data is also analysed by age:

Verification probability
16 to 24
75 and over
65 to 74
25 to 44
55 to 64
45 to 54

GDS's model predicts significantly greater success with 25 to 74 year-olds than with the under-25s and the over-74s.

The model has four categories of employment status:

Employment status
Verification probability
economically inactive
unpaid family worker
in employment

GOV.UK Verify (RIP) doesn't look much good for the unemployed and the economically inactive.

Analysing by socio-economic status, we get:

Socio-economic status
Verification probability
not classified 
routine and manual
managerial and professional

GOV.UK Verify (RIP) works best for the managerial and professional classes – senior civil servants? – and steeply worse for everyone else.

It's supposed to work better in rural areas (86.46%) than urban areas (80.53%) according to GDS's model. It's supposed to work better for males (83.21%) than for females (79.96%). And the more income an individual has, the better GOV.UK Verify (RIP) can verify his or her identity:

Individual income
Verification probability
up to £10,399 
no source of income
don't know
£10,400 to £19,759
£19,760 to £28,599
£28,600 and over

Updated 12.4.16

Last week the dead cat bounced up from 62% to 67%. An account creation success rate of 67% is lower than the worst verification probability predicted (Foreshewn?) by GDS for any UK income group.

GOV.UK Verify (RIP) is meant to be able to verify the identity of 70.09% of individuals with an annual income up to £10,339, please see immediately above. That would exclude 29.91% of these people from public services if the UK relied on GOV.UK Verify (RIP).

That's bad enough but it looks as if the exclusion rate may be more like 33%.

Anyway, nothing like the 10% exclusion rate GDS said was acceptable for GOV.UK Verify (RIP) going live this month, April 2016, 18 days left.

Updated 18 April 2016

Last week, 11-17 April 2016, the GOV.UK Verify (RIP) account creation success rate went up to 71%, just under the 72% peak reached in the last fortnight of February 2016.

This increase could be the result of GDS herding people away from the poorly-performing "identity providers" – Barclays, GB Group/CitizenSafe, Royal Mail, Safran Morpho/SecureIdentity and Verizon.

It could also be the result of increasing the minimum age of registration from 19 to 20, thereby excluding another 1.2% of the UK population from getting one of GDS's on-line identities to transact with public services.

The success rate of 71% is bought at the expense of five "identity providers" and all the under-20s.

It's an increase, but 71% is still miles away from the 90% GDS require before GOV.UK Verify (RIP) can go live. It's not going to be achieved this month. Meanwhile, the outside world isn't standing still.

Updated 25.4.16

In the week to 24 April 2016, the account creation success rate fell to 70% from 71% the previous week. There's nothing much to be said about that except that it remains well below the 90% threshold required to declare GOV.UK Verify (RIP) live but GDS may declare it to be live later this week anyway and hang the consequences.

Updated 3.5.16

In the week to 1 May 2016, the account creation success rate rose to 71% from 70% the previous week. There's nothing much to be said about that except that it remains well below the 90% threshold required to declare GOV.UK Verify (RIP) live. GDS claimed to be "nearly there" last week, but sensibly delayed the live announcement. Another day, another deadline missed.

Updated 9.5.16 1

Has the account creation success rate surged to 90%+ in the past week?

We don't know.

At midday 12 noon on Monday 9 May 2016, the Government Digital Service's performance platform dashboard for GOV.UK Verify (RIP) still hasn't been updated. We're left looking at the statistics up to 1 May 2016, eight days ago:

You might think that the Government Digital Service is digital. And that dashboards on the performance platform get updated automatically and at the speed of light.

Clearly not.

Are GDS waiting for the sign-writers to turn up? Do they have to doctor the figures before publication in some way that can't be encoded in an algorithm?

Updated 9.5.16 2

Whatever you do, don't look down

Gravity is a harsh mistress
Since about 2 p.m. we now know that in the week to 8 May 2016, the GOV.UK Verify (RIP) account creation success rate fell from 71% the previous week to 68% .

There's nothing much to be said about that except that it remains well below the 90% threshold required to declare GOV.UK Verify (RIP) live.

In the same week, the authentication completion rate fell from 40% to 36%.

GDS claim to be "nearly there" but what they mean is that they're a bit further away.

Updated 16.5.16

2:19 p.m. Monday afternoon here in the metropolis and the only question is how did GOV.UK Verify (RIP) do last week? As at 8 May 2016, a week ago, 64% of attempted authentications failed. I.e. the authentication completion rate was a princely 36%.

GOV.UK Verify (RIP) is meant to replace the Government Gateway by the end of March 2018. 22½ months time. The Government Gateway is the system HMRC depends on to raise the revenue to pay for public services in the UK. A 64% failure rate for authentications in GOV.UK Verify (RIP) could induce an uncomfortable clammy feeling here and there in Whitehall.

So has the rate improved this week?

We don't know. The GOV.UK Verify (RIP) dashboard on GDS's performance platform still hasn't been updated.

So much for digital by default.

Updated 3.6.16

It will come as news to nobody that today is Friday.

Friday 3 June 2016.

That's four days after Monday 30 May 2016, which is when we might all have expected to see the updated figures on the performance of GOV.UK Verify (RIP) for the week ending Sunday 29 May 2016.

Well hard luck us. The figures weren't available then and they still aren't now (10:00). We are left with the antique performance figures to 22 May 2016 – account creation success rate 68% (not 100%) and authentication completion rate 34% (not 100%).

We have noted that ever since GOV.UK Verify (RIP) was declared live on 24 May 2016 the Government Digital Service (GDS) immediately went into retrenchment mode. The will gone, their energy sapped, is this silence on the system's performance more of the same? Have GDS simply lost interest?

Updated 23.62016

For the week ending 29 May 2016, we finally discovered, the GOV.UK Verify (RIP) account creation success rate was 69%. A week later it rose to 72% (5 June 2016), then fell again to 71% a week after that (12 June 2016).  And for the week ending 19 June 2016? We would normally expect to have the figure some time on Monday 20 June 2016. But no. Here we are on Thursday 23 June 2016 and we still don't know how GOV.UK Verify (RIP) account creation fared last week.

It's not just you losing interest. Clearly, GDS couldn't care either.

Updated 27.6.16 10:55 a.m.

What was the GOV.UK Verify (RIP) account creation success rate for the week ending 19 June 2016? That's what we were asking last week.

We now know that it fell from 71% to 69%. We also know that it fell again, to 68%, for the week ending yesterday.

We were assured that GOV.UK Verify (RIP) could not be declared live until the account creation success rate reached at least 90%. It has missed that low target by at least 20% and yet the system has nevertheless been declared live.

The GOV.UK Verify (RIP) authentication completion rate was 33% in the week ending 12 June 2016. I.e. 67% of attempted authentications failed. Not good. Has that performance improved? We don't know. The performance figures haven't been updated for a fortnight now.

Ditto the certified company completion rate and the certified company choice rate. Ditto, not surprisingly, all three measures of user satisfaction.

Updated 19.8.16

Seven months on from where we started, and GDS have published Improving GOV.UK Verify’s demographic coverage - an update.

Coverage of the UK population by GOV.UK Verify (RIP) may or may not have improved. Either way, it's still below the 90% GDS said they needed for the system to go live and yet go live it did back in May.

What's more, in July, GDS stopped publishing statistics for the account creation success rate on the dashboard, claiming that they don't "tell us or the user much about how well GOV.UK Verify [RIP] is performing". Actually, these statistics speak volumes. Here's GDS's latest graphic:
There's no vertical axis and GDS, supposedly the custodians of data analysis in the UK, don't tell us in their blog post what the different colours mean, but GOV.UK Verify (RIP) clearly has problems authenticating people's identity outside the age range 25 to 44. That is a matter of great interest to the users, pace GDS.

And don't forget, according to the US National Institute of Standards and Technology, even when GOV.UK Verify (RIP) does claim to have proved someone's identity, it hasn't. It's merely recorded an act of self-certification.

No comments:

Post a Comment