Those who optimistically believe they are breaking new ground by improving the online experience are often merely tracing footprints on a path already much trodden, reinventing and rediscovering anew the same things – from a common website to cross-government platforms. The result has been several generations of faster horses.
Friday 1 April 2016
Faster horses
http://www.cio.co.uk/blogs/political-debate/digital-public-services-20-years-of-faster-horses-3636630/:
Faster horses
http://www.cio.co.uk/blogs/political-debate/digital-public-services-20-years-of-faster-horses-3636630/:
Those who optimistically believe they are breaking new ground by improving the online experience are often merely tracing footprints on a path already much trodden, reinventing and rediscovering anew the same things – from a common website to cross-government platforms. The result has been several generations of faster horses.
No-one's ever done payments before
Building GOV.UK Pay
Ian Maddison, 31 March 2016 — GOV.UK Pay
We previously introduced GOV.UK Pay, a new Government as a Platform product, to make payments more convenient and efficient. We’ve spent 6 months building our beta, and very soon we’ll be taking our first real payments with our first partner services. We wanted to give you an update on our public API, how we're making integration straightforward, security and our technical choices.
As a greenfield project ...
No-one's ever done payments before
Building GOV.UK Pay
Ian Maddison, 31 March 2016 — GOV.UK Pay
We previously introduced GOV.UK Pay, a new Government as a Platform product, to make payments more convenient and efficient. We’ve spent 6 months building our beta, and very soon we’ll be taking our first real payments with our first partner services. We wanted to give you an update on our public API, how we're making integration straightforward, security and our technical choices.
As a greenfield project ...
RIP IDA – decision time
No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.
IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
Whose decision is it? And what does "live" mean?
"Live" must mean something. We can't have another débâcle like GDS's 25 transformational exemplars, when eight exemplars had gone live 800 days after GDS gave themselves 400 days for the project but, if you added in the nine exemplars that were in public beta, then that meant 17 were live, call it a round 20.
Let's assume that "live" means no longer in beta testing, it means that GOV.UK Verify (RIP) is now in operation, it's being relied on, the relying parties are committed, the safety net's been rolled up and stowed away, GOV.UK verify (RIP) is on its own, it's out there in full view, there's no alternative, alea iacta est.
Relied on by whom?
- Not the Scots. They've got their own identity assurance system for access to public services.
- Not local government. They don't need GDS, who are still working on their model for local government.
- Not the NHS. They've explicitly rejected GOV.UK Verify (RIP).
- Not DWP. They've got enough problems with Universal Credit. And they remember the promise that identity assurance for 21 million claimants would be "fully operational from Spring 2013".
As we repeatedly discover, "on-line access to public services" means on-line access to HMRC.
What are the chances of anyone deciding that HMRC should depend on GOV.UK Verify (RIP)?
Nil.
GOV.UK Verify (RIP) still can't verify the identity of a company. So it can't be used to collect corporation tax, for example, nor the bulk of PAYE, NI and VAT. For that, HMRC will have to continue to rely on the Government Gateway.
But GOV.UK Verify (RIP) is meant to be able to verify the identity of individuals. What are the chances of anyone deciding that HMRC should depend on GOV.UK Verify (RIP) and switch off the Government Gateway at least for individuals?
The enormity of that decision makes it clear that it won't be taken by DCMS, who have somehow inherited nominal responsibility for the national
GDS is in the Cabinet Office. The permanent secretary, John Manzoni, is also the CEO of the civil service. He starts to look senior enough to be involved in the decision. So does Matt Hancock, the Cabinet Office minister.
But only involved. HMRC also would have to be party to the decision. And the Treasury. Which means not just the permanent secretary at the Treasury but the Chancellor of the Exchequer as well. So now we're into the Cabinet. And the Cabinet Secretary, Sir Jeremy Heywood.
This decision is going to have to be taken by a team of senior ministers and their top officials.
It's an unenviable job.
The decision team might look at the criteria established a year ago in GOV.UK Verify [RIP]: Objectives for live. There, GDS set out six objectives that have to be achieved before GOV.UK Verify (RIP) can go live:
Criterion/objective | Outcome | |
| 1 | Readiness for services to adopt GOV.UK Verify (RIP) | GDS claim that there are nine public services currently available through GOV.UK Verify (RIP). The true figure might generously be seven. GDS sometimes claim that there will be 50 public services available through GOV.UK Verify (RIP) this month but they also row back from that figure to some smaller, unknown number. Who knows who's ready for what? |
| 2 | Demographic coverage: 90% for services using GOV.UK Verify (RIP) by April 2016 | Relying, as it does, on credit history information, passports and driving licences, GOV.UK Verify (RIP) has had particular trouble registering the very young and the very old. There is no sign that those problems have been solved. According to GDS, the solution lies in using more personal information to identify people. They have never said what additional personal information they have in mind and we have no idea whether people would consent to the intrusion. Who knows what the demographic coverage rate is? |
| 3 | Success rate: 90% | 63%. Allegedly. That's the authentication success rate. Meanwhile, the authentication completion rate languishes at 33%. Neither figure is anywhere near the 90% minimum |
| 4 | Everyone can use GOV.UK Verify (RIP) to access services | No. Some people refuse to use it. Among the willing, some don't have the IT skills. Among those willing who have the IT skills, they don't all have access to viable broadband. Not everyone has a live-looking credit history and a passport and a driving licence. GDS's assisted digital initiative has never made any headway. There is no hope whatever that everyone can use GOV.UK Verify (RIP) to access either the public services or the private sector services GDS have been vainly lobbying. |
| 5 | A range of high quality certified companies for people to choose from | Their quality is a matter of opinion. The nine "identity providers" promised fell to eight when PayPal pulled out. Verizon have been hacked and are currently out of action which takes us down to seven. Of those seven "identity providers", only three are certified and no-one's ever heard of two of them, trustworthy though they may be. All the "identity providers" want to collect colossal amounts of personal information and share it with other companies all over the world out of the owners' control. Why would people choose any of them just to check the points on their driving licence? |
| 6 | The product and service are scaled, resilient and operationally ready for live | Who knows? |
Quite rightly, GDS have never had to take a decision of national importance. The decision team are likely to have very different criteria. But even by GDS's own lights, the decision now can't possibly be yes, GOV.UK Verify (RIP) is ready to go live. Just look at the table above. The decision team have careers and reputations to consider. And there is something called "the national interest", to which they will not be blind.
The decision team might decide to take the traditional Whitehall route and delay the live date. But delay it for how long? A month obviously isn't long enough. Three months? Six months? GOV.UK Verify (RIP) has already been in development for four years and in beta for two. What reason is there to believe that matters will have improved in six months time? How many more "identity providers" will walk away in the meantime? What miracle or magic needs to take place? What needs to change? And if someone knows the answer to that, why hasn't it already been changed?
The decision team might even take the radical option and decide to cancel GOV.UK Verify (RIP) now. Bow to the inevitable. The first cut is the deepest. Stop-loss. TSR2. GDS set out to avoid the creation of a national identity register,
The decision team could take the Government Gateway away from DWP, who have been poor custodians, and give it to someone else to improve, not the Home Office, maybe HMRC. Or they could give the identity assurance job to Scotland. But not Estonia. Or – think back to Taurus and Crest – they could get the Bank of England to sort something out, probably with the banks, who have on-line identity assurance systems and experience coming out of their ears.
There's face-saving to consider, of course. And not just nationally – blatant log-rolling has seen GDS celebrated abroad and credited with the creation of copycat operations in the US, Australia and now Argentina which in turn validates GDS as the hip option for the politician who wants to be seen as transformative and modern. It remains the case that, the sooner the decision team act radically, the less the loss of face.
----------
Updated 6.4.16
Hard to believe but the decision has been taken.
We know that because Neil Merrett told us yesterday GOV.UK Verify [RIP] on course for live service switchover this month.
GDS caught up today: "We and the certified companies are now working towards our next milestone - going from beta to live later this month".
Verizon have now limped back into action, registering new victims of GOV.UK Verify (RIP).
GDS say that "having a range of high quality certified companies for people to choose from is one of our objectives for live". They have these objectives, none of them have been met, please see above, but GOV.UK Verify (RIP) is to be inflicted on the public nonetheless.
Talking of all eight "identity providers", GDS are "sure their solutions are secure". Barclays, on the other hand, say "the internet is not completely secure ... we cannot guarantee the security of your data ... we will ... try to prevent unauthorised access". They can't both be right.
GDS will "continue to help GOV.UK Verify [RIP] work for more people". That's not going very well, as we were saying only this morning:
What is the probability today that GOV.UK Verify (RIP) can verify your identity? According to GDS:
- GOV.UK Verify (RIP) tends to exclude individuals with a low income, people outside the managerial and professional classes, the unemployed, the very young, the very old, urbanites, women and Northerners.
- And for everyone else, even theoretically, it's still miles away from the 100% identity verification rate you might, if you're old-fashioned, associate with public provision.
GDS want to go live even though they know that between 20 and 30 percent of low-paid individuals can't register for a GOV.UK Verify (RIP) account. So much for putting the user first, these people will be excluded by default from public services.
"... no reason for GOV.UK Verify [RIP] to be used ..."
The Privacy and Consumer Advisory Group (PCAG) have devised guidelines under nine headings for the privacy aspects of GOV.UK Verify (RIP). The Government Digital Service (GDS) claim to abide by all nine while actually abiding by none of them.
Hat tip someone, the minutes of PCAG's 10 February 2016 meeting have been published. It would be a pleasure to write several thousand words commenting on the matters arising but let's concentrate on item 2.4:
In five years time the Office for National Statistics (ONS) will conduct the 2021 UK census. We have been prepared ever since the 2011 census to see new methods used.
GROUP BUSINESS - ONS Census (Terry Makewell, Jo Neagus - ONS)
Following a presentation on the potential use of GOV.UK Verify [RIP] for the 2021 Census, Group members recommended that there was no reason for GOV.UK Verify [RIP] to be used on this occasion given that the Census is a count of households rather than individuals and that it would be inappropriate to do so. However, the Group further suggested that GOV.UK Verify [RIP] could be used for other surveys run by ONS, but that this would be a separate discussion and the potential role of Verify would depend on the specific surveys under consideration.
Digital methods. 2021's will be a digital-by-default census. The census will be a service resting on one of GDS's data-sharing platforms, underpinned by a canonical population register compiled, surely, by GOV.UK Verify (RIP).
No. The decision has been taken. The ONS will do its census. It won't rely on GOV.UK Verify (RIP). For whatever reason, GOV.UK Verify (RIP) is out of the running.
Updated 15.4.16
GDS work tirelessly to improve everyone's lot. They tinker around with the front end of GOV.UK Verify (RIP) like top hairdressers trimming and shaping and layering, always seeking to retain a certain look while everything under their expert hands is actually alive and constantly changing.
There was Todd Anderson, for example, telling us the other day in GOV.UK Verify: [RIP] Technical delivery update, 11 April 2016 that "to improve GOV.UK Verify [RIP] and make it better for end users, since our last update we’ve … added new journeys to the hub to reflect the new features released by the certified companies".
Keen-eyed stylewatchers will have spotted some of the primping done on the registration dialogue for new victims of GOV.UK Verify (RIP). For example this screen ...
... used to ask victims to confirm that they are aged 19 or over. That was before 12 April 2016. Now it's 20. And that makes it "better for end users".
Think about it.
According to the Office for National Statistics (ONS), the breakdown of the UK population by age and by sex in mid-2014 was something like:
 |
Source: Office for National Statistics Notes: Ages above 105 are not included on the population pyramid. |
The ONS's data sheet estimated that there were 790,575 19 year-old victims in the UK in 2014 and that there will be 864,872 by 2039. Let's say there are roughly 800,000 of them at the moment.
What Sweeney Todd Anderson and his team have done is to reduce the GOV.UK Verify (RIP) universe by 800,000. Just like that, they've excluded 800,000 people from the possibility of getting on-line accounts which would allow them to transact with government.
GOV.UK Verify (RIP) already had a problem reaching its target 90% coverage. It's languishing at the moment around the 67% mark. GDS have just chopped another 1.2% off GOV.UK Verify (RIP)'s reach.
These are enormous decisions to take. And they're being taken -- in the modern, transformed, agile Whitehall way -- by the hairdressers of GDS.
Updated 18.4.16
An ex-maths teacher writes:
A The Government Digital Service (GDS) say that the demographic coverage for services using GOV.UK Verify (RIP) must be 90% if the system is to go live in April 2016.N The ex-maths teacher's contribution isn't very impressive, is it. GOV.UK Verify (RIP) is no use for age verification of the young. We already knew that. Otherwise, five year-olds don't need to view their driving licence details or apply for rural payments, for example, so it doesn't matter if they're excluded.
B At the same time, GDS are trying to dissuade anyone under the age of 20 from registering:
The Office for National Statistics (ONS) estimated that there were 15,259,986 people under the age of 20 in the UK in mid-2014 and that there would be 16,647,588 of them by mid-2039. Those figures represent 23.62% and 22.41% of the ONS's estimated UK population, respectively.
B implies that it is impossible for GOV.UK Verify (RIP) to achieve a coverage of 90% and A implies that it is therefore impossible for the system to go live in April 2016.
Despite professing its virtues, GDS seem to be strangers to data science.
RIP IDA – decision time
No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.
IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
Whose decision is it? And what does "live" mean?
Tuesday 29 March 2016
RIP IDA – not good enough for the NHS and not good enough for you
No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.
IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
This is what the Government Digital Service (GDS) have to say about the security of GOV.UK Verify (RIP). It's secure. And it stops someone pretending to be you. And it fights the growing problem of on-line identity theft.
 |
| The splash screen you see if you bravely register for one of GDS's GOV.UK Verify (RIP) accounts |
HSCIC
Health and Social Care Information Centre
We are the trusted national provider of high-quality information, data and IT systems for health and social care.
But it's not quite as clear-cut as that. According to Computer Weekly magazine, Gov.uk Verify [RIP] not secure enough for NHS, says HSCIC.Health and Social Care Information Centre
We are the trusted national provider of high-quality information, data and IT systems for health and social care.
Not only that, but "The government’s Verify identity verification platform isn’t secure enough for the NHS, so Liverpool Clinical Commissioning Group and HSCIC are working to add extra levels of security".
NHS Liverpool CCG
National Health Service Liverpool Clinical Commissioning Group (CCG) is responsible for planning and buying most NHS services for the people of Liverpool …
And "Liverpool Clinical Commissioning Group (CCG) is working to make the government's identify authentication platform secure enough for the NHS to use".National Health Service Liverpool Clinical Commissioning Group (CCG) is responsible for planning and buying most NHS services for the people of Liverpool …
Why do Computer Weekly keep banging on about security? Because Rob Shaw of HSCIC told them there is a security problem with GOV.UK Verify (RIP), "we absolutely have to make sure it’s secure enough" and "Verify is not quite there in terms of the level of security we’ll need in terms of the health services" and "we’re likely to take it to the next level in terms of security".
The Cabinet Office helpfully chimed in with "We take our users’ privacy and the security of their data very seriously and the new system is safer and more secure than previous ways of proving who you are online".
Followed by Dave Horsfield of the Liverpool CCG, "the programme is about giving patients access to their records for whatever purpose they want, securely and easily".
Apparently "the NHS is worried that Verify won’t be, or won’t come across as, secure enough for people’s health records ... we’ve got an extra layer in health where people are very worried about security".
In case you haven't been counting, that's
|
It's wrong in that case to say that GOV.UK Verify (RIP) isn't secure enough for the NHS. Better to say that it's not good enough at stopping people from pretending to be you. Or that it's lost the fight against the growing problem of on-line identity theft.
Mr Horsfield thinks he may be able to solve the GOV.UK Verify (RIP) problem with a combination of social media and biometrics – the triumph of hope over experience.
Jim's right. As usual. Identity-proofing and security are two different things and shouldn't be confused.
It remains the case that GDS's splash screen is wrong and that GOV.UK Verify (RIP) isn't "good" enough for the NHS. So it isn't good enough for any other "relying party" like HMRC or DWP either. Or for a bank. Or for a criminal court. Or even for a civil court. And it's certainly not good enough for you.
RIP IDA – not good enough for the NHS and not good enough for you
No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.
IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
This is what the Government Digital Service (GDS) have to say about the security of GOV.UK Verify (RIP). It's secure. And it stops someone pretending to be you. And it fights the growing problem of on-line identity theft.
|
| The splash screen you see if you bravely register for one of GDS's GOV.UK Verify (RIP) accounts |
HSCIC
Health and Social Care Information Centre
We are the trusted national provider of high-quality information, data and IT systems for health and social care.
But it's not quite as clear-cut as that. According to Computer Weekly magazine, Gov.uk Verify [RIP] not secure enough for NHS, says HSCIC.Health and Social Care Information Centre
We are the trusted national provider of high-quality information, data and IT systems for health and social care.
Friday 25 March 2016
RIP IDA – Verizon
No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.
IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
The Government Digital Service (GDS) claimed until recently that they had nine "identity providers" through whom we proles could register an account with GOV.UK Verify (RIP).
Then PayPal bolted. One minute you see them. Next minute they're gone.
PayPal gave no explanation. Neither did GDS.
Whatever, GDS were then down from nine to eight "identity providers". Or should that be seven?
|
|
|
|
|
|
Why?
On 8 March 2016 GDS tweeted their first and last attempt at an answer: "Verizon are preparing their service under the new contract. More news on this soon. They remain available for existing users".
The "new contract" referred to is Framework 2. It's been well over a year since the terms of Framework 2 were known.
GDS presumably expect us proles to believe that Verizon are so incompetent that, unlike any other "identity provider", they have to take their service down for several weeks just to change their terms and conditions.
That looks so unlikely by way of an explanation that the unsatisfied mind starts to look for other explanations.
On 7 March 2016 ElReg reported Verizon fined just $1.4m for stalker supercookies.
Verizon were fined for using supercookies. What? "That means that over time, it is possible to ... build a strong profile on a particular individual, which advertisers then use to show you so-called relevant adverts".
Is that why Verizon had gone dark GOV.UK Verify (RIP)-wise? "Nah", said security expert Peter Bance, par for the course, already priced in, that's just how Verizon operate, bit of an eye-opener for us proles maybe but not for GDS, Her Majesty's public officials in the know.
GDS tell us that GOV.UK Verify (RIP) is needed to help us view our driving licence details. So Verizon are involved because they want nothing more than for us to view our driving licence details?
Not exactly. Verizon are quite open about it: "Ultimately, we don’t see ourselves as a data provider; we see ourselves as an ad platform that helps brands and consumers connect".
But if Verizon haven't bolted like PayPal, and if it isn't the Framework 2 terms and conditions, and it isn't the shame of being caught using supercookies and the derisory fine of $1.4 million, then what is the reason for Verizon's temporary absence from the host of "identity providers"?
Note first that Verizon already have their GOV.UK Verify (RIP) service approved by tScheme, the experts in trustworthiness. What's more (hat tip: someone), they've applied for tScheme certification of a second identity proofing service. It doesn't look as if they intend to bolt.
Note also that Verizon's GOV.UK Verify (RIP) problems go back to before 7 March 2016. "Verizon have identified an issue within their environment", it said on 26 February 2016 (hat tip: someone), "there will be a short period of downtime to implement an emergency change". That's on GDS's GOV.UK Verify (RIP) status log,
The emergency was over 102 minutes later according to the log and Verizon were fully operational again. Except that four weeks later they're not.
Note finally security expert Brian Krebs's latest revelation, Crooks Steal, Sell Verizon Enterprise Customer Data: "Earlier this week, a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise ... Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site".
That's more like it. That's more like an explanation for Verizon taking their GOV.UK Verify (RIP) registration site down for four weeks. Their security has been breached and 1½ million of their customers are now at more risk than usual as a result.
GDS are always blithely optimistic about security:
GOV.UK Verify (RIP) – "It's secure". No qualification. It's secure and that's all there is to it.
No. No-one believes that and it's a mystery why GDS keep saying it.
It's a false prospectus. Just ask Verizon. GDS's claim amounts to luring in the innocent. GOV.UK Verify (RIP) would never be admitted to the London Stock Exchange's Daily Official List if their broker came along with a whopper like that.
Mystery cleared up, Verizon have gone dark because they've been taken to the cleaners.
Don't let the same happen to you.
According to Verizon's GOV.UK Verify (RIP) privacy policy (hat tip:someone), "... it will also be necessary, in order to provision the service to you [prole] to share the personal information we [Verizon] collect, as described above, to companies that perform services on our behalf as follows ... The identity service product is owned by Zentry LLC. Zentry LLC is a US based company who will receive your information in order to issue the identity credential on your request ...".
Verizon will share your personal information with Zentry. And who are Zentry? According to Bloomberg:
And according to FindTheCompany, "Zentry Technology LLC is a small organization in the business services industry located in Salt Lake City, UT. It opened its doors in 2010 and now has an estimated $90,000 in yearly revenue and approximately 2 employees".
When Verizon reappear in GDS's GOV.UK Verify (RIP) firmament you can entrust all your personal information to them and to Zentry if you like so that you can view your driving licence details. It's up to you.
----------
Updated 29.3.16
GDS's claim that Verizon have stopped registering new GOV.UK Verify (RIP) account-holders because they have to update their terms and conditions of business is cheeky. The other Framework 1 "identity providers" all managed to convert to Framework 2 on the fly.
Is the theory that Verizon are still off air because they've been hacked any better as an explanation?
Not necessarily.
Experian were taken to the cleaners, too, like Verizon, please see RIP IDA – 16 June 2014 and Brian Krebs's Experian Lapse Allowed ID Theft Service Access to 200 Million Consumer Records. Experian are still happily registering new GOV.UK Verify (RIP) victims.
Updated 5.4.16
Here's a snapshot from Verizon's contract with GDS, the bit dealing with key performance indicators:
... a "measurement window" is seven days and those customer-facing services include:
"Availability" means that the on-line Customer facing Services described in paragraph A (Overview) of Schedule 1 (Services) shall be operational and available 24 hours a day, 365 days a year, excluding Scheduled Downtime and shall be samples [sampled?] at intervals of no more than 5 minutes.
Verizon haven't provided those services since 7 March 2016, at least four measurement windows ago. This is no mere KPI failure. This is a critical KPI failure, as defined.
And what happens when a provider like Verizon suffers critical KPI failures? Answer, the authority, in this case GDS, may terminate their contract:
The authority may terminate the contract. They have that right but it's not a duty. Would GDS terminate Verizon's contract just for suffering at least four critical KPI failures? Apparently not.
The Provider shall at all relevant times meet or exceed the KPIs set out in Table 1 (KPIs) below in performing the Services. The Authority may terminate this Contract under Clause H2 (Termination for Default) in the event that the Provider commits three (3) Critical KPI Failures.
There's all sorts of other interesting detail available in the Verizon contract. But before we get too excited, this is their Framework 1 contract, which must by now presumably have been replaced with a Framework 2 contract.
The Framework 2 contract is likely to have similar service availability conditions in it. In which case it is relevant to note that, yes, Verizon are still not registering new GOV.UK Verify (RIP) victims.
Updated 6.4.16
Some time today, Verizon reappeared:
"Did you know", they ask, without ever reaching a question mark, ...
"You can be confident that we know how to protect you to the highest standards"? Not very confident. Don't forget Crooks Steal, Sell Verizon Enterprise Customer Data.
... Verizon has customers in 150 countries and manages identity programs for 25 governments. Millions of people across the globe trust their security and personal data to Verizon every day, so you can be confident that we know how to protect you to the highest standards.
Verizon have been closed to new GOV.UK Verify (RIP) victims for the past month or so. Why?
It's because they've been "preparing their service under the new contract", GDS told us on 8 March 2016.
That's not what Verizon told Neil Merrett yesterday:
Neither proposition explains taking Verizon's registration service down for a month.
"We have been working to make sure that the platform gives the best results possible. We have been introducing two new mobile features to make our service more mobile friendly."
If you want to register with Verizon, you're on your own. Even though "there's no charge for this service" and Verizon has "met security standards set by government", DMossEsq couldn't find a single volunteer prepared to try it out:
- Verizon fined just $1.4m for stalker supercookies
- German government terminates Verizon contract over NSA snooping fears
- "We see ourselves as an ad platform that helps brands and consumers connect"
- "Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site"
Especially if next time Verizon go on holiday you might find your identity, and thus your existence, suspended for a month.
Updated 9.12.16
Verizon is one of the "identity providers" for GOV.UK Verify (RIP).
At least, they're meant to be.
Nine months ago, Verizon disappeared without convincing explanation. A month later, they re-appearaed without convincing ditto.
That doesn't inspire confidence.
We, the public, need to feel that GOV.UK Verify (RIP) is stable.
So do the "relying parties", i.e. the likes of the Driver and Vehicle Licensing Agency (DVLA). They need to know that we are who we claim to be when we connect to the on-line public services they operate.
How are the relying parties supposed to feel confident in the assurances of the "identity providers" that we are who we say we are when "identity providers" themselves can just whimsically come and go.
 |
| Verizon – now you see them … |
 |
| … now you don't. |
In time for Christmas?
Will the Government Digital Service ever deign to explain to us, their parishioners, what on earth is going on?
And can you see why sensible relying parties are sticking to the Government Gateway?
RIP IDA – Verizon
No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.
IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
The Government Digital Service (GDS) claimed until recently that they had nine "identity providers" through whom we proles could register an account with GOV.UK Verify (RIP).
Then PayPal bolted. One minute you see them. Next minute they're gone.
PayPal gave no explanation. Neither did GDS.
Whatever, GDS were then down from nine to eight "identity providers". Or should that be seven?