Thursday, 24 May 2018

Understanding the ethos and ethics of identity in public services

Last Friday 18 May 2018 was the Think.Digital Identity for government conference. The following speech was prepared but not delivered:

It's been 17 years since we've seen any progress
in identity
in on-line public services in the UK.
The U-bend is blocked.
And it’s our job as the plumbers here at this conference today
to see if we can unblock it.

Some people would have us believe
that we have a major problem in the UK
identifying ourselves adequately
to access on-line public services.

Those gloomy people are not obviously right.

We're already identifying ourselves to on-line UK central government services
over 400 million times a year
using the Government Gateway.

The Gateway has been in operation since 2001,
it maintains over 50 million active accounts
and it allows us to access 123 public services
400 million times a year.

We don't have any trouble applying for planning permission on-line
with our local authority
and we don’t have any trouble paying their parking fines on-line.

In the private sector,
we Brits participate in a vast and growing on-line economy.
We’ve been able for years to press a few buttons and,
without leaving the house,
pay to have a new dishwasher delivered and installed
and the old one taken away.

Think twice before agreeing that on-line identity in the UK is nothing but problems.


We’re in the internet era now
and that’s the justification given for all sorts of nonsense.
Some people say that the internet era ethos
dictates that we should use the same on-line identity assurance system
in both the public sector and the private sector.


What’s wrong with having multiple systems?
Nature is our model
and it happens in nature all the time,
where the badly adapted loser species get killed off
while plurality promotes survival.

HMRC have been happy enough with the Government Gateway for 17 years now.
But if the NHS can't use the Gateway and need a different system for their purposes,
fine – let them develop their own.
DWP, too.
And Scotland.
And above all,
because that's where most government takes place,
local government – let local government adopt its own identity assurance systems.

To insist that there should be one and only one identity assurance system
is an ideological neurosis blocking the U-bend.


Some people assert that establishing our credentials to use any on-line service
should be frictionless.
It should be as easy,
they say,
to sign up for on-line government services
as it is to open an account with Amazon.


The only reason it's so easy to open an account with Amazon
is that we've already got a bank account.

And the only reason we've already got a bank account
is that we and our bank overcame the friction
and put in the effort to open it.

Getting a bank account is important.
We would expect the process to involve friction.
It would be suspicious if it didn't.


Some people offer us control over our personal information
when it’s stored in their snazzy innovative identity assurance system.
The suppliers of personal data stores make that offer.
They can't deliver.
It's not in their gift.
The purveyors of open banking offer us that control.
Open banking was supposed to start in the UK on 13 January 2018.
Four months later there's still no sign of it.
The BBC ask us to create an account to use their services
and they, too, promise us control over our personal information.
So does the UK government's identity assurance programme,
popularly known as “GOV.UK Verify (RIP)”.

In the event,
once we've handed it over to these strangers,
it turns out that we have no control whatever over our personal information.
Our personal information can be stored anywhere in the world,
and we haven’t got a clue who’s got access to it
or what they’re doing with it.
These strangers could trash our privacy
and misuse our personal information.
We can't rely on their corporate conscience to stop them from doing so.
This isn’t a question of ethics.
That’s wrong.
We need laws to step in and take control where we can’t because it’s beyond us.


The word "control",
like the word "friction-free",
should be a trigger warning.

Ditto "secure".
That’s another trigger warning.
It is unethical to promise security without qualification
as some identity assurance systems do.
That promise can no more be delivered on
than the promise to give us control over our own personal information.

Better to be like the lumbering old retail banks
who promise in their privacy statements to do what they can,
but warn us that the internet is not a safe space,
there will be breaches.

And that's another thing.
The retail banks are legally obliged to take on liability.
If our bank account is emptied by a fraudster and it's not our fault,
then the banks compensate us.
"Liability" is a word we don't often hear from the internet era promoters.
That's a shame.
Liability is what keeps the retail banks' noses clean.
Always remember,
when presented with a proposed identity assurance system,
to get an answer to the question who’s liable.


Some people place their faith in mass consumer biometrics
to bind us to our digital identities.

Demand proof before joining the faith yourself.

Large-scale field trials used to reveal this flaky technology
to be laughably unreliable.

That gave the biometrics salesmen a problem,
a problem they have solved by not conducting any more large-scale field trials.

Don't fall for it.
Trigger warning.


With no progress in 17 years we've got a growing list
of new and not-so-new
requirements for identity assurance.
Age verification.
Registering to vote.
Voting at elections.
Proof of UK residence rights.
Access to health records.
And more.

We know we can crack these problems.
Despite what the gloom merchants tell us,
we have a good record –
400 million transactions a year is not to be sneezed at.


In unblocking the U-bend,
expect the retail banks to be involved.
It's not going too far to say that their business is identity assurance.
They're good at it.

Expect the mobile phone industry to be involved.
Your ticket to the Royal Academy Summer Exhibition
doesn't have to be a material piece of card
posted to your house.
It could just as easily be a dematerialised digital certificate
transmitted by the Academy
to your phone
using public key infrastructure to authenticate every step of the transaction.


To sum up:
  1. Make the most of the mobile phone industry ...
  2. ... and the banks.
  3. Remember that mass consumer biometrics is pitifully unreliable.
  4. Check where the liability lies in any proposed identity assurance system.
  5. Beware of offers of  security without qualification ...
  6. ... and offers of control over our personal information.
  7. Embrace friction ...
  8. ... and don't get trussed up in fatuous claims that there must be one and only one identity assurance system – the more the merrier.
That’s my advice
if we want an unbunged-up U-bend in the internet era.


Updated 6.12.18

Think.Digital's 18 May 2018 conference on Identity for Government was followed by Think.Digital's 29 November 2018 conference on Identity for Government.

Any progress in between?


In May, despite being dead, GOV.UK Verify (RIP) somehow held the ring. By November the conference was saying Turns out there is very much 'life beyond verify' ...

Where have you heard that before?

In May, despite being silly, the received wisdom was that there should be one national digital ID scheme and only one. But there are other numbers and by November the conference was saying Why HMG needs a 'pantry' full of good ID solutions.

Ring a bell? Please see "to insist that there should be one and only one identity assurance system is an ideological neurosis blocking the U-bend" above and "don't get trussed up in fatuous claims that there must be one and only one identity assurance system – the more the merrier".