Tuesday 11 October 2016

RIP IDA – local government, the lender of last resort

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.


The Government Digital Service (GDS) have convinced 19 local authorities to conduct trials of GOV.UK Verify (RIP).

11 local authorities are going to try to use GOV.UK Verify (RIP) to issue concessionary travel passes. And 14 local authorities are going to try to use it to issue residents' parking permits.


The plan previously was to see if GOV.UK Verify (RIP) could help with issuing taxi licences as well. It was always a peculiar plan and now it's been dropped.

GDS are demanding that local authorities commit to the trials/pilot runs. Once they've started they have to finish – GDS lays down law on council Verify adoption criteria. It's expensive, conducting trials ...

... and local authorities only want to use GOV.UK Verify (RIP) if it saves them money. That plan hasn't been dropped. GDS still haven't provided a price list but they're going to have to soon.

What should we expect to see as these trials unfold?

Let's work our way through an example.

Which local authority to choose? We've done Warwickshire County Council before. This time, let's choose Brighton & Hove City Council (B&HCC).

Which application? Residents' parking permits or concessionary travel passes? Let's go with the former. There's a form to fill in. Which kicks off with:


Standardisation v. localisation
This is quite different from the form we fill in here in the London Borough of Merton, for example. The two forms are doing one job. Why have two forms? That looks like the sort of duplication GDS normally abhor.

Getting everyone to use the same tools to do the same job is precisely the rationale for Government as a Platform. Are GDS happy to see different parking permit application systems developed in each local authority? Hundreds of different forms? Hundreds of different on-line application systems?

It seems unlikely while they are at the same time telling central government departments that they should all use the same (non-existent) payments platform, GOV.UK Pay.

Two years ago the BBC were belabouring local government. They were said to be wasting money by failing to standardise. Bull Information Systems joined in with the criticism. So did Skyscape. And the Taxpayers' Alliance. And Policy Exchange. GDS threw in their contribution by claiming that most government IT applications are about as difficult as the requirements of a medium-sized dating website.

Not a single local authority among them, of course, these critics are all confident because they've never done the job. Most attempts to share services between local authorities seem to fail. But the ignorant faith in standardisation remains.

As the pilot projects to which both GDS and the local authorities are committed unfold, expect to see an element of this tension between standardisation and localisation.

Data protection
Right at the top of the form, before any other business, there's B&HCC quite properly reassuring its parishioners about the personal information they're about to enter on the residents' parking permit application form:
Brighton & Hove City Council is the Data Controller for the purposes of the Data Protection Act 1998. This means that Brighton & Hove City Council is responsible for making decisions about how your personal data will be processed and how it may be used. The purpose(s) for which your data will be processed is Parking Permits. The information you provide may be used in detecting possible fraud. The information you provide will be treated confidentially at all times. Security safeguards apply to both manual and computerised held data, and only relevant staff/named disclosures can access your information.

If you have any queries contact the Data Protection Officer Tel: 01273 291207
That is a set of statements B&HCC can't possibly make if GOV.UK Verify (RIP) is inserted into their residents' parking permit application system. B&HCC will have no control over what information is collected, the uses to which this information is put, who can see it or where it will be stored. You can ring 01273 291207 all you like ...

... you won't get anywhere. GOV.UK Verify (RIP) is the end of privacy. In Brighton, and Hove, and anywhere else it infects. As long as that is understood, these trials may proceed smoothly. If there's any objection to local authorities abdicating their responsibilities and throwing their parishioners to the wolves, then it's going to be a bumpy ride.

Exclusion
Let's take it for granted that B&HCC need to know who is applying for a parking permit:


GOV.UK Verify (RIP) doesn't collect titles. Further, when you come to register for a GOV.UK Verify (RIP) account with one of GDS's remaining "certified companies" which often aren't certified:
The certified company will also ask your gender. Anyone, for any reason, can opt out of identifying themselves in this way and choose an ‘I prefer not say’ option. You’re not required to provide an answer and - even if you choose to do so - the certified company won’t verify it.
But that's the least of B&HCC's problems if they rely on GOV.UK Verify (RIP) to identify applicants for parking permits.

The level of assurance offered by GOV.UK UK Verify (RIP) that the applicant is who they say they are is low. The US National Institute for Standards and Technology believe that GOV.UK Verify (RIP) achieves no proof of identity whatever, it's no more than a self-certification scheme.

And that's the case for people who manage to register. Lots of people can't even self-certify.

The verification success rate with GOV.UK Verify (RIP) hovered around the 70% mark for a while until GDS stopped publishing the figures. They had previously made 90% success a condition of going live. 70% is less than 90%. GOV.UK Verify (RIP) shouldn't have gone live in May 2016. It hadn't satisfied GDS's own conditions.

If B&HCC can only use GOV.UK Verify (RIP) to get about 70% of applicants to self-certify – and it may be less than that – how is it going to save them money? They're going to need to operate other systems in addition. That looks like costing more, not less.

B&HCC may have a greater commitment to data science than GDS. Oh to be a fly on the wall when the Council discusses the merits of spending more money to automate the worthless self-certification of parking permit-holders.

Re-engineering
The B&HCC form moves on to:


It's quite a mouthful. There's a lot there. Let's take a step back.

GDS's "dream" was outlined by their ex-deputy director, Tom Loosemore.

"Just sort it all out for me"
The idea is that when government is fully digitised there will be no need to apply for anything, including parking permits. The government will know what you need and will provide it. (Pre-parking. C.f. pre-crime.)

There should be no need for the applicant to specify the controlled parking zone they want a permit for (A, C, E, F, G, H, M, N, O, Q, R, T, U, W, Y or Z), that should be deducible from the address GOV.UK Verify (RIP) has already provided. B&HCC know the zones, they're B&HCC's zones for goodness sake, the applicant doesn't have to tell them.

Ditto, B&HCC can find out whether the application is for a low-emission vehicle as soon as they have the registration number. Certainly if it's a UK-registered car – DVLA, DVSA and the car insurance companies are already sharing this data. And even for foreign-registered cars – at least in our dreams. There's no need for the applicant to tell B&HCC.

Is the applicant a Blue Badge-holder? B&HCC probably already know the answer, they probably processed the Blue Badge application themselves, there's no need for the applicant to tell them.

GDS believe that transactions with government should be "friction-free". Asking the applicant to confirm information B&HCC already has is just friction. Out with it.

In GDS's dream CCTV camera records and other records will have alerted B&HCC to the existence of a car which is about to be transferred to one of their parishioners and if the council just interrogate enough databases/registers they can easily work out who is involved and offer them a parking permit before the applicant has even thought about it.

Taking into account their income from all sources, their savings and their financial commitments, an algorithm could calculate better than the applicant whether to opt for the 3, 6 or 12 month permit and even – to save inconvenience/friction – take the payment from the applicant's bank account.

There's no need to issue a material parking permit, of course. An entry on a database is quite enough by way of proof of the entitlement to park for B&HCC's digitised enforcement officers. At most, the applicant might be issued with a digital certificate to be stored on his or her mobile phone as a receipt for the payment made.

Too much to expect from B&HCC?

You may be right. Perhaps this work should be centralised in Whitehall. There's no need to duplicate these functions in each local authority.

That is the at once childish and sinister vision of GDS's Government as a Platform. A panopticon in which algorithms exercise your will for you based on what the pious Mr Loosemore calls a "single source of truth", i.e. hundreds of registers full of personal information about you.

It's quite beyond them to bring it about, of course. GDS couldn't even computerise farm payments. It's all just "internet jibba jabba", as Mr Loosemore was told, on his way out of GDS.

When B&HCC and GDS sit down to re-engineer or re-imagine or "imagineer" the new residents' parking permit application scheme, let's hope that someone remembers the benefits of friction.

-----  o  O  o  -----

GOV.UK Verify (RIP) is having trouble establishing itself with central government and with the public.

GDS approach local government now as supplicants. Local government is GOV.UK Verify (RIP)'s last hope.

No doubt local government is generally kindhearted but they are in no position to take on what everyone else has rejected. Why should they? What does GOV.UK Verify (RIP) have to offer them? What do GDS have to offer them?

GDS will tend to fight the "local" in "local government". GOV.UK Verify (RIP) will take the "protection" out of "data protection". It will exclude large chunks of B&HCC's population. And all for the sake of what? Some pie in the sky imagineering about Government as a Platform.

April 2016, Stephen Foreshew-Cain, writing in Where we’re at, and where we’re going:
Imagine being able to create a new service in hours, not months. Imagine being able to create two slightly different versions of a service, and see which one works best. And then, having done the research and iterated and improved the better one, simply killing off the one that didn’t make the cut ... Imagine being able to do that at negligible cost ...
Mr Foreshew-Cain took over as executive director of GDS when Mike Bracken left, at the same time as Tom Loosemore, in September 2015. Now he, too, is gone. As is Janet Hughes, GOV.UK Verify (RIP)'s sometime funeral programme director.

"Wildly unrealistic expectations". That's the verdict on GOV.UK Verify (RIP) ...

... the verdict of its supporters.

Too much imagining. That's where GDS are at. It's hard to believe that that's where local government is going.

----------

Updated 4.3.17

It's been a few months since the Government Digital Service (GDS) started its GOV.UK Verify (RIP) trials with local government. How's it going?

Answer, please see Local authority use of GOV.UK Verify – Discovery case for transforming local public services using GOV.UK Verify, published by the Local Digital Coalition (LDC).

The LDC say: "This document is the first iteration of the case for local authorities to transform their digital services through the use of GOV.UK Verify [RIP] and other common components". It's a piece of sales literature. What's the pitch?

GOV.UK Verify (RIP) provides "strong online identity assurance", apparently. Local government will be able to create "secure, safe, fast and convenient" digital services thanks to GOV.UK Verify (RIP) and other GDS gifts. Their costs (i.e. staff) will be reduced and they will save billions. Privacy will be protected and trust will be ensured.

A traditional sales line, everyone's seen it before, and some people may even still believe it.



The LDC add weight to their claims by citing supporting documents:
  • A combination of GDS gifts "lowers the barriers to ‘moving between suppliers’ and allows to switch from underperforming contracts4", for example, refers the reader to another document produced by the LDC.
  • And something else the LDC recommend "can achieve reductions of up to 5% of savings in local authorities expenditure5" is supported by reference to a CIPFA document. (Savings will be reduced by 5%?)
This is laudable practice, to provide independent support for your argument, but it makes it stand out like a sore thumb when you fail to.

The LDC give four examples (p.6) of how savings have been achieved by using GDS products, services and standards. Three of them have supporting citations ...

... and this one doesn't: "£111.44 million National Audit Office (NAO) approved savings through GOV.UK Verify [RIP]". No evidence of any such NAO approval has been found yet. This may explain the lack of a citation.


Updated 13.4.17

As noted above last October, 11 local authorities were going to try to use GOV.UK Verify (RIP) to issue concessionary travel passes. And 14 local authorities were going to try to use it to issue residents' parking permits:

Residents’ Parking Permits Concessionary Travel Pilot
Brighton and Hove City Council Brighton and Hove City Council
Buckinghamshire Councty Council Buckinghamshire Councty Council
Southampton City Council Southampton City Council
Northumberland County Council Northumberland County Council
Camden Camden
Hillingdon London Hillingdon London
Chelmsford City Council Luton
Barnet London Borough Central Bedfordshire
Oxfordshire County Council Essex County Council
Canterbury City Council Hertfordshire
Tunbridge Wells Borough Council Warwickshire Councty Council
Wigan Council
Newcastle City Council
Sunderland City Council

Next month the Local Digital Coalition (LDC) are going to lay on a showcase to "share the products we've delivered during the alpha phase of #VerifyLocal work - from prototypes to user research, and technical patterns to business case findings".

Will all 19 local authorities be there?

No.

It can be inferred from the LDC website that many local authorities have pulled out of these pilot schemes:

Residents’ Parking Permits Concessionary Travel Pilot
Brighton and Hove City Council Brighton and Hove City Council
Buckinghamshire County Council Buckinghamshire County Council
Southampton City Council Southampton City Council
Northumberland County Council Northumberland County Council
Camden Camden
Hillingdon London Hillingdon London
Chelmsford City Council Luton
Barnet London Borough Central Bedfordshire
Oxfordshire County Council Essex County Council
Canterbury City Council Hertfordshire
Tunbridge Wells Borough Council Warwickshire County Council
Wigan Council
Newcastle City Council
Sunderland City Council
Cambridgeshire County Council (new entrant)

Eight of the original 14 local authorities (57%) have pulled out of the residents' parking permits pilot scheme and six of the original 11 (55%) have pulled out of the concessionary travel scheme.

An unwary observer might believe that there are still 19 local authorities taking part in these GOV.UK Verify (RIP) pilots. Neither GDS nor the LDC have blogged to tell us that 10 of the original 19 local authorities (53%) are no longer involved.

That's a pretty hefty attrition rate that's going to be showcased.



Updated 28.4.17

There's no progress on the concessionary travel pilot that the Government Digital Service (GDS) is conducting with local authorities. Or, at least, with the five local authorities left, out of the 11 that started.

But there is progress on the residents' parking permits pilot, we learn today, please see Verify parking permit prototype to move to beta.

Eight of the original 14 local authorities have pulled out but for the survivors: "A key step has been reducing the level of assurance required for parking permit applications, reflecting the fact that permit applications are less sensitive than other services for which Verify could be used". I.e. GOV.UK Verify (RIP) is the wrong product to be using ...

... all a local authority really needs to know is that a car is registered at an address in their area. But, wait for it ...

... "Plans for the [Driver and Vehicle Licensing Agency (DVLA)] to enable checking of the vehicle registration to a given address have not been included in the current prototype as the agency is going through a transformation programme".

The residents' parking permits pilot is using the product it shouldn't be using and it isn't using the product it should be using. Good luck to the guinea pig residents of Buckinghamshire, Northampton, Sunderland, Oxfordshire, Tunbridge Wells, Sunderland and Cambridgeshire with that.

"The Theatre of the Absurd attacks the comfortable certainties of religious or political orthodoxy. It aims to shock its audience out of complacency, to bring it face to face with the harsh facts of the human situation", as we used to say.

GDS's religious/political orthodoxy has been confronted with the harsh fact that they have promised to sign up 25 million people to the unwanted moribund GOV.UK Verify (RIP) in three years time. Shocked out of their usual ineffable complacency, their absurd response is to reduce the already low level of assurance offered by GOV.UK Verify (RIP) and to ignore the essential DVLA product that is needed to meet residents' parking permit needs.

Absurd. It makes for amusing theatre. But the digital transformation of government in the UK it ain't.


Updated 11.5.17

13 April 2017, DMossEsq's millions of readers learned that over half the local authorities taking part in GDS's trials of GOV.UK Verify (RIP) had walked away.

3 May 2017 and the PublicTechnology.net (PT) readers learned the same thing, please see Local government Verify pilot hit by council departures.

PT followed up on the story. Why are the councils walking away?

We don't need GOV.UK Verify (RIP):
When asked by PublicTechnology for their reasons for leaving the trial, two councils - Hillingdon and Southampton - indicated that they were happy that their existing systems. Southampton said that its existing online verification service for bus passes “provides a similar functionality to the Verify solution”.
We've got more important things to do:
Brighton and Hove - which left in February, just before the pilot entered alpha phase - said in a blogpost that it was “a great project but currently the timing isn’t right for us”, as the digital team “has a lot to deliver this year”.
Maybe later:
[Brighton and Hove] added that its plans for a virtual permits service “stands to benefit from a tie up with Verify at a later date”.

Camden made a similar point, saying that it had already invested in master data management, which it was looking at “fully integrating into the next phase of Verify”.

Wigan, Chelmsford and Newcastle councils all issued the same statement: “We are not participating in the current phase of the GOV.UK Verify [RIP] local authority pilots. We remain in contact with GDS on further GOV.UK Verify [RIP] developments and hope to include the system in local services in the future.”
Local government is hopelessly old-fashioned:
“Councils are used to procuring not building tech. Councils mostly lack the skills to do discovery, work in sprints and collaborate cross border,” said Adam Walther, project director at FutureGov.
GDS don't understand:
“... [GDS's Verify local team] have probably underestimated the complexity of working with this sector, and lack some of the design, delivery and political skills.

“To move beyond central government to support other parts of the public sector requires more humility, better design and reaching out to partners by everyone involved.”

... Matthew Cain was head of digital at Buckinghamshire County Council ... said that some of the initial requirements and expectations were unrealistic - for instance on the level of tech spend available to councils and in asking for roles that “didn’t even exist in the authority” ... in order to make headway, there needs to be more understanding on both sides.
Maybe it would help if GOV.UK Verify (RIP) didn't verify people's identity:
Kat Sexton from Cambridgeshire County Council - which joined the trial at a later date - told the Socitm spring conference last week that GDS was working on allowing Verify to offer a lower level of assurance that someone is who they say they are.
Maybe it would be best if GOV.UK Verify (RIP) didn't do anything at all. That would make its use completely frictionless:
GDS have gone away and...they’re actually creating a lower level of assurance, which is great because we’ll be [keen to use] that,” Sexton said.
Good luck Cambridgeshire County Council with your starring rôle in the theatre of the absurd.

There's more ...
  • HMRC and DWP don't want to use GOV.UK Verify (RIP).
  • Why not use the Government Gateway, like "138 public services" already do?
  • These trials concern residents' parking permits and concessionary travel, relatively easy applications, and yet there's no progress – suppose GOV.UK Verify (RIP) tried something difficult like the social care of vulnerable children or the victims of Alzheimer's, the sort of problems local government has to solve all day every day?
... but that's quite enough to be going on with.

Eight of the original 14 local authorities (57%) have pulled out of the residents' parking permits pilot scheme
and six of the original 11 (55%) have pulled out of the concessionary travel scheme.


Updated 18.8.17

11 local authorities started the concessionary travel pilot for GOV.UK Verify (RIP). When we last looked there were only five left. Now that Hertfordshire and Warwickshire County Council have pulled out we're down to just three survivors.

Residents’ Parking Permits Concessionary Travel Pilot
Brighton and Hove City Council Brighton and Hove City Council
Buckinghamshire County Council Buckinghamshire County Council
Southampton City Council Southampton City Council
Northumberland County Council Northumberland County Council
Camden Camden
Hillingdon London Hillingdon London
Chelmsford City Council Luton
Barnet London Borough Central Bedfordshire
Oxfordshire County Council Essex County Council
Canterbury City Council Hertfordshire
Tunbridge Wells Borough Council Warwickshire County Council
Wigan Council
Newcastle City Council
Sunderland City Council
Cambridgeshire County Council (late entrant)


Updated 27.11.17

The incredible shrinking band continues to shrink:

Residents’ Parking Permits Concessionary Travel Pilot
Brighton and Hove City Council Brighton and Hove City Council
Buckinghamshire County Council Buckinghamshire County Council
Southampton City Council Southampton City Council
Northumberland County Council Northumberland County Council
Camden Camden
Hillingdon London Hillingdon London
Chelmsford City Council Luton
Barnet London Borough Central Bedfordshire
Oxfordshire County Council Essex County Council
Canterbury City Council Hertfordshire
Tunbridge Wells Borough Council Warwickshire County Council
Wigan Council
Newcastle City Council
Sunderland City Council
Cambridgeshire County Council (late entrant)
Only 3 left out of 15 starters
Only 2 left out of 11 starters

RIP IDA – local government, the lender of last resort

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.


The Government Digital Service (GDS) have convinced 19 local authorities to conduct trials of GOV.UK Verify (RIP).

11 local authorities are going to try to use GOV.UK Verify (RIP) to issue concessionary travel passes. And 14 local authorities are going to try to use it to issue residents' parking permits.


The plan previously was to see if GOV.UK Verify (RIP) could help with issuing taxi licences as well. It was always a peculiar plan and now it's been dropped.

GDS are demanding that local authorities commit to the trials/pilot runs. Once they've started they have to finish – GDS lays down law on council Verify adoption criteria. It's expensive, conducting trials ...

... and local authorities only want to use GOV.UK Verify (RIP) if it saves them money. That plan hasn't been dropped. GDS still haven't provided a price list but they're going to have to soon.

What should we expect to see as these trials unfold?

Let's work our way through an example.

Thursday 29 September 2016

"Stale" and "self-legitimising" public administrators

"... we foster a user-centred culture in GDS and across government by getting everyone involved in user research", it says in a Government Digital Service blog post today, Don’t forget! 2 hours every 6 weeks. "We have user researchers as part of agile teams, for example. That's part of our DNA ... Our natural state can be to look inwards [horror], towards our teams [awful], not outwards towards our users [that's better] ...".

This is all part of putting user needs first, rule #1 in the GDS Design Principles: "Service design starts with identifying user needs. If you don’t know what the user needs are, you won’t build the right thing. Do research, analyse data, talk to users. Don’t make assumptions. Have empathy for users, and [you] should remember that what they ask for isn't always what they need".

This initially clear picture is clouded by the genetically modified Government as a Platform (GaaP) team at GDS, who said in May 2016: "Everyone knows we start with user needs. Except we don't. We start with the needs of our team ... When we don't do this our research isn't useful to our team and they ignore it. There's nothing more pointless than doing research that no one listens to". That's one of their Eight principles for user researchers on Government as a Platform.

Should GDS "look outwards towards [their] users" and start with "identifying user needs"? Or is that "pointless"? Should they rather "start with the needs of [the GDS GaaP] team"?

Confusing, isn't it. Which one is the doctrine? Outwards? Or inwards?

"... remember that what [the users] ask for isn't always what they need" suggests that GDS can ignore their research data and revert to their prejudices on the grounds that the users don't know what they're talking about whereas GDS do.

We've been here before, in November 2013: "What does 'putting the user first' mean? Nothing? Whatever you want it to mean?".

We're not the only ones. See also June 2016's Digital Government: overcoming the systemic failure of transformation, where two Brunel University academics, Paul Waller and Professor Vishanth Weerakkody, point out that: "not much of a government or public administrative function directly involves citizens so a focus on the interface misses the point about 'transforming government processes' ..." (p.8).

And they're not the only ones. Our old friend Mark Thompson of the Methods Group and the Judge Business School at Cambridge University popped up in Computer Weekly magazine this month with Digital government isn’t about user needs – it’s more fundamental than that where he refers to the "stale, self-legitimising talk by public administrators about how they are building stuff to 'meet user needs' ...".

Have GDS already become stale and self-legitimising public administrators?

Are GDS part of the systemic failure of digital government transformation?

Are GDS going to be teaching the right syllabus in their new National Agile Polytechnic?

A bit of agile discovery work on the oldest rule in GDS's design principles book might help them and the rest of the world to get the user needs story straight.

"Stale" and "self-legitimising" public administrators

"... we foster a user-centred culture in GDS and across government by getting everyone involved in user research", it says in a Government Digital Service blog post today, Don’t forget! 2 hours every 6 weeks. "We have user researchers as part of agile teams, for example. That's part of our DNA ... Our natural state can be to look inwards [horror], towards our teams [awful], not outwards towards our users [that's better] ...".

This is all part of putting user needs first, rule #1 in the GDS Design Principles: "Service design starts with identifying user needs. If you don’t know what the user needs are, you won’t build the right thing. Do research, analyse data, talk to users. Don’t make assumptions. Have empathy for users, and [you] should remember that what they ask for isn't always what they need".

This initially clear picture is clouded by the genetically modified Government as a Platform (GaaP) team at GDS, who said in May 2016: "Everyone knows we start with user needs. Except we don't. We start with the needs of our team ... When we don't do this our research isn't useful to our team and they ignore it. There's nothing more pointless than doing research that no one listens to". That's one of their Eight principles for user researchers on Government as a Platform.

Should GDS "look outwards towards [their] users" and start with "identifying user needs"? Or is that "pointless"? Should they rather "start with the needs of [the GDS GaaP] team"?

Confusing, isn't it. Which one is the doctrine? Outwards? Or inwards?

Monday 26 September 2016

RIP IDA – however you cut it, GOV.UK Verify (RIP) is no more. It has ceased to be. It's expired and gone to meet its maker. This is a late identity assurance scheme. It's a stiff. Bereft of life, it rests in peace. If GDS hadn't nailed it to GOV.UK, it would be pushing up the daisies. It's rung down the curtain and joined the choir invisible. This is an ex-identity assurance scheme. RIP.

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
We have seen how Digidentity, one of the Government Digital Service's "identity providers", can unilaterally revoke your on-line GOV.UK Verify (RIP) identity. In GDS's projected digital-by-default "internet era" world, with no on-line identity you won't exist.

We have seen how users of GOV.UK Verify (RIP) who registered with Barclays and the Post Office may find it impossible to access public services.

App info for
Safran Morpho/SecureIdentity
We have seen how Safran Morpho/SecureIdentity make you download an app/virus to your mobile phone if you want to use their GOV.UK Verify (RIP) services. Not a good idea. (Digidentity also now want their parishioners to download an app. Ditto, not a good idea.)

We have seen how GOV.UK Verify (RIP) flouts every one of the identity assurance privacy principles. Again, not a good idea.

Cassidian, Ingeus, Mydex, PayPal and Verizon have all pulled out as "identity providers" to GOV.UK Verify (RIP).

Who does that leave?

It leaves CitizenSafe/GBG/GB Group plc or whatever they're calling themselves these days, Experian and the Royal Mail.

That looks like three "identity providers" but it's really only two. The Royal Mail's name is being used as a lure but GBG are doing most of the identity assurance work: "Under the terms of their agreement, GBG will manage all technology for the service, with Royal Mail handling call centre services where users may need to clarify technical issues over the phone" (please see 11.3.16).

DMossEsq can choose between GBG (who do criminal records checks and who have international expertise in postal addresses, please see Loqate) and Experian (who are a trusted FTSE-100 credit rating agency with decades of experience, some of it unfortunate). That's if he wants to access on-line public services via GOV.UK Verify (RIP).

Alternatively, he can access on-line public services using his Government Gateway accounts.

How to choose between those two? GOV.UK Verify (RIP)? Or the Government Gateway?

At first, the choice seems easy. The Government Gateway is old, it's been starved of funds for years, you have to wait for an activation code to arrive through the post before you can use the service, you need to maintain several sets of user IDs and passwords and it's fashionable to dislike it.

On the other hand, who is it convenient for, to have just one password as advocated by GDS? It's certainly convenient for hackers.

And relying on the post does act as a check of sorts that you are the person you claim to be. GOV.UK Verify (RIP) doesn't perform that check. Is it really possible to establish someone's identity entirely on-line? With how much confidence?

Can GOV.UK Verify (RIP) prove your identity?
  • OIX, the Open Identity Exchange, GDS's business partner, don't think so. They say (p.11) that it's hard for GOV.UK Verify (RIP) to achieve even level of assurance 2 (civil courts), let alone the level of assurance 3 required for criminal courts.
  • And the US National Institute for Standards and Technology are even more scathing. They say that GOV.UK Verify (RIP)'s registration work amounts to no more than self-certification.
  • The NHS isn't impressed ...
  • ... neither is DWP ...
  • ... nor are the Scots.
  • All sorts of demographics are excluded from GOV.UK Verify (RIP), which last seen was allegedly stuck on about 70% potential penetration, miles short of its 90% target. What use is a national identity assurance scheme that excludes 30% of the nation?
  • One of its supporters says that the original plan was for GOV.UK Verify (RIP) "to provide low to medium security ID assurance for citizens, and this hasn’t changed". We should avoid "wildly unrealistic expectations", she says.
It is mystifying how GDS can believe that GOV.UK Verify (RIP) has anything to offer the finance sector, please see The value of digital identity to the financial sector. Of course digital identity is valuable. Not just valuable. Crucial. But the finance sector needs a lot more than the "low to medium security ID assurance" on offer from GOV.UK Verify (RIP).

GOV.UK Verify (RIP) needs the banks. Not the other way around.

The banks do in-person identity-proofing. For know-your-customer and for anti-money laundering. It may not be very good but it's better than relying on entirely on-line proofing. The banks feed the credit rating agencies with (an extraordinarily large amount of) our personal information. GOV.UK Verify (RIP) depends on the banks.

It's circular to pretend that the banks could in turn depend on GOV.UK Verify (RIP).

Similarly there is nothing in GOV.UK Verify (RIP) to attract UK local government. Why should local authorities accept HMRC's rejects and DWP's and the Scots'?

GOV.UK Verify (RIP) requires us all to spray masses of our personal information all over the world. There must be better ways to enjoy the benefits of GDS's "internet era".

We're handing over our personal information. More and more of it. And GDS have their eyes on even more. Bank data, mobile phone data, health data, travel data, education data, social media data, ..., all in the interests of identification and attribute exchange. That's in addition to our passport data and our driving licence data and our credit rating data. And yet GDS still can't do their job and fill up GOV.UK Verify (RIP)'s population registers.

It's a privacy nightmare as noted above, a nightmare that we are to a large extent spared with the Government Gateway. Let's wake up.

The Americans have ditched connect.gov, their equivalent to GOV.UK Verify (RIP). The Australians are tying themselves in knots. And meanwhile here in the UK, for whatever reason, given the choice, millions of people are choosing the Government Gateway over GOV.UK Verify (RIP). So much for four or five years of user experience testing and agile software engineering. GDS have made the prototype of a product that no-one wants.

Without an identity assurance scheme, GDS have a hole at the centre of their digital-by-default strategy. Which means they have no strategy.

We can kiss goodbye to the unrealistic plans for attribute exchange. And to GDS's sinister and religiose plans for single-source-of-truth registers supporting fantasy Government as a Platform. The desperate pretence that GOV.UK Verify (RIP) is viable is understandable. But no excuse. It's still misfeasance.

That hole could be plugged by using an "internet era" system provided by Google, say. God forbid.

Or by using a descendant of the Government Gateway, best developed by the most successful digital transformation team – HMRC, and not DWP, God forbid – leaving GDS to concentrate on running the National Agile Polytechnic, as per their new director general's plan, with a syllabus set principally by HMRC.

(The bank-based Nordic alternative is not available to the UK, where we don't have the strong municipalities needed.)

Companies have identities, too, not just people. And GOV.UK Verify (RIP) doesn't even pretend to be able to prove the identity of a company. HMRC will continue to rely on the Government Gateway to collect tax from companies for the foreseeable future. The Government Gateway supports billions of transactions every year and collects the hundreds of billions of pounds of Exchequer revenue (p.6) needed to fund public services (p.5).

The Government Gateway has a future. GOV.UK Verify (RIP), by contrast, is no use to HMRC or anyone else.

In the course of five posts over the past week we have now looked at 12 "identity providers" – Barclays, Cassidian, CitizenSafe/GBG/GB Group, Digidentity, Experian, Ingeus, Mydex, PayPal, the Post Office, the Royal Mail, Safran Morpho/SecureIdentity and Verizon. Only two or three of them work. Which ones do we like? None of them. We don't like models with "identity providers" in them.

The Government Gateway may be a pretty awful system. GOV.UK Verify (RIP) is worse.

----------

Updated 20.10.16 1

Government Computing:
Government Digital Service (GDS) director general Kevin Cunnington has been laying out some of his thinking on the direction’s organisation at a briefing this morning ...

Cunnington outlined that GOV.UK Verify [RIP] remains a key element of GDS’s ambitions ...


Updated 20.10.16 2

Government Computing:
GDS new director general Kevin Cunnington has been giving further information about how he sees the organisation developing under his leadership. The overall GDS strategy is still being worked on, he said, but is expected to be out by Christmas.

He indicated that he plans to create a profession for digital, data and technology and he is also going to get a grip of the GOV.UK Verify [RIP] identity assurance scheme.

“Two things that the [GDS] Advisory Board asked us to concentrate on are sort out Verify and get it to scale and the other is to tackle the really hard data issues” ...

On the future of Verify, he indicated that GDS was beginning to think bigger about it, asking why it was necessary to limit Verify to simply government services. He suggested that banks and gambling organisations could see the benefit of using it.

The thinking behind this, Cunnington suggested, had made GDS actively look at whether it can change the business model for Verify.

He also insisted that DWP had been a strong supporter of Verify ...

RIP IDA – however you cut it, GOV.UK Verify (RIP) is no more. It has ceased to be. It's expired and gone to meet its maker. This is a late identity assurance scheme. It's a stiff. Bereft of life, it rests in peace. If GDS hadn't nailed it to GOV.UK, it would be pushing up the daisies. It's rung down the curtain and joined the choir invisible. This is an ex-identity assurance scheme. RIP.

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
We have seen how Digidentity, one of the Government Digital Service's "identity providers", can unilaterally revoke your on-line GOV.UK Verify (RIP) identity. In GDS's projected digital-by-default "internet era" world, with no on-line identity you won't exist.

We have seen how users of GOV.UK Verify (RIP) who registered with Barclays and the Post Office may find it impossible to access public services.

App info for
Safran Morpho/SecureIdentity
We have seen how Safran Morpho/SecureIdentity make you download an app/virus to your mobile phone if you want to use their GOV.UK Verify (RIP) services. Not a good idea. (Digidentity also now want their parishioners to download an app. Ditto, not a good idea.)

We have seen how GOV.UK Verify (RIP) flouts every one of the identity assurance privacy principles. Again, not a good idea.

Cassidian, Ingeus, Mydex, PayPal and Verizon have all pulled out as "identity providers" to GOV.UK Verify (RIP).

Who does that leave?

Sunday 25 September 2016

RIP IDA – privacy/identity assurance principles

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
We have seen how Digidentity, one of the Government Digital Service's "identity providers", can unilaterally revoke your on-line GOV.UK Verify (RIP) identity. In GDS's projected digital-by-default internet era world, with no on-line identity you won't exist.

We have seen how users of GOV.UK Verify (RIP) who registered with Barclays and the Post Office may find it impossible to access public services.

Cassidian, Ingeus, Mydex, PayPal and Verizon have all pulled out as "identity providers" to GOV.UK Verify (RIP).

Who does that leave?

Among others, Safran Morpho/SecureIdentity:


As you can see, back in February 2016 DMossEsq managed successfully to register for GOV.UK Verify (RIP) with Safran Morpho/SecureIdentity.

GDS's registration dialogue has been updated since then. They try to point new applicants at the "identity providers" most likely to be able to register them. That means pointing them away from the "identity providers" least likely to be able to register them.

Day in, day out, for months now, since at least 12 April 2016, Safran Morpho/SecureIdentity have suffered the humiliating indignity of being fingered by GDS as useless:


Quite why Safran Morpho/SecureIdentity put up with this astonishing behaviour is unclear.

Whatever the answer, DMossEsq was registered with Safran Morpho/SecureIdentity but when he tried to log on to HMRC's on-line self-assessment service the other day through Safran Morpho/SecureIdentity, he failed. Just as he had already failed with the Post Office. And Barclays. And Digidentity.

Like the Post Office, Safran Morpho/SecureIdentity is not properly a certified company. They were supposed to be certified by tScheme by May 2016, but it's never happened. When GDS tell you that all their "identity providers" are certified companies, they're wrong:


But that isn't the problem in this case. DMossEsq closed his account with Safran Morpho/SecureIdentity almost as soon as he opened it. That's why he can't log on to HMRC via Safran Morpho/SecureIdentity.

Why did he close the account? Because DMossEsq doesn't approve of downloading apps onto his mobile phone and Safran Morpho/SecureIdentity insist that you do.

You might as well deliberately install a virus – look at the functions Safran Morpho/SecureIdentity's app can perform on the mobile phone screen snapshot alongside.

Do you want Safran Morpho/SecureIdentity modifying your system settings? Or finding and using your other accounts?

No. This is utterly intrusive. And quite unnecessary for the job in hand – in this case, to look at HMRC's on-line self-assessment service.

Which brings us to the nine identity assurance principles promulgated by PCAG, the Privacy and Consumer Advisory Group. GDS repeatedly claim that they abide by these principles which are designed to guard our privacy. But they don't.

The PCAG identity assurance principles for GOV.UK Verify (RIP) are shown below in black with comments in red:

Identity Assurance Principle
Summary of the control afforded to an individual
1. User Control
I can exercise control over identity assurance activities affecting me and these can only take place if I consent or approve them
Not true.
• How would you know if your identity was being checked by someone tomorrow morning at 9 a.m.?
• When did you give your consent for the credit rating agencies to share your personal information with GDS's "identity providers"? Or the banks or the mobile phone companies ditto? What about your health records? And your travel records? And your education records? And your social media accounts?
• Is your consent informed? Is your consent given freely or do you rather feel that you have no alternative?
2. Transparency
Identity assurance can only take place in ways I understand and when I am fully informed
Not true. Do you understand how GDS's identity hub works? Are you fully informed on the matter of security?
3. Multiplicity
I can use and choose as many different identifiers or identity providers as I want to
Not true.
• DMossEsq has found himself subsequently unable to use Digidentity, Barclays and the Post Office despite having previously registered with them.
• And GDS warn that Safran Morpho/SecureIdentity are unlikely to be able to prove the identity of new applicants.
• Who can make these choices? GDS decided back in April 2016 that, with some exceptions, applicants for a GOV.UK Verify (RIP) account have to be at least 20 years old. What are 19 year-old voters supposed to do? They're excluded. Ditto 19 year-old taxpayers and benefits claimants. Ditto 20 year-olds with little credit history. GOV.UK Verify (RIP) is not for everyone. Some people can't choose any identifiers at all, nor any "identity providers".
4. Data Minimisation
My interactions only use the minimum data necessary to meet my needs
Not true.
• Registration, which is an "interaction", requires more and more personal information, far more than is required for the Government Gateway and therefore far more than the minimum.
• When it comes to verification, another sort of "interaction", who knows how much personal information is exchanged?
• The quantity of personal information seems to be determined by the needs of GDS and the "identity providers" and the relying parties like HMRC. Not the needs of the mere users.
5. Data Quality
I choose when to update my records
Not true. Digidentity decided that DMossEsq had to upload an image of his passport. Without that, they decided, he can't use his Digidentity account.
6. Service User Access and Portability
I have to be provided with copies of all of my data on request; I can move / remove my data whenever I want
Not true.
• You can't remove your personal information whenever you want. All "identity providers" keep it for at least seven years.

• Digidentity, like other "identity providers", share your personal information with unnamed suppliers. You don't know who they are. You don't know what personal information of yours they have. How can you remove it?
• There has been talk for a long time of "signal sharing" to detect and prevent fraud. Who would perform this function? Could you remove your personal information from them?
7. Certification
I can have confidence in the Identity Assurance Service because all the participants have to be certified against common governance requirements
Not true.
• Some "identity providers" are certified by tScheme. Others aren't. The governance requirements aren't common.
• Nor are they obviously effective – Verizon are certified by tScheme but their services have nevertheless been withdrawn: "Recent changes to Verizon’s contracting structure mean that the service in its current form has not yet fully completed the external certification process. Verizon is working with Cabinet Office and independent auditors to make sure their service meets the contractual requirements, is fully accredited, and gives the best results possible for users".
• What about Zendesk? That's a company GDS have got participating in GOV.UK Verify (RIP). Are Zendesk certified? No. Ditto StatusPage.io – can you be confident about the uncertified StatusPage.io who participate by logging all activity in GOV.UK Verify (RIP)?
8. Dispute Resolution
If I have a dispute, I can go to an independent Third Party for a resolution
Not true. Can you name this independent third party? There was supposed to be a GOV.UK Verify (RIP) ombudsman. None has been appointed.
9. Exceptional Circumstances
I know that any exception has to be approved by Parliament and is subject to independent scrutiny
Not true. Do you know that parliament approves all exceptions? How do you know? What independent scrutiny? There is none.

Principle #6 promises that "I can move / remove my data whenever I want". This is false. When DMossEsq closed his Safran Morpho/SecureIdentity account his data wasn't removed. It will be kept by Safran Morpho/SecureIdentity for seven years.

DMossEsq can't remove his data whenever he wants. Principle #6 is being flouted, please see Safran Morpho/SecureIdentity's privacy policy:
1.4 How long does Morpho keep your personal data

Morpho will keep your data for as long as necessary in order to provide you with the services available on our website and applications.

Morpho may also keep your contact details to send you service-related information. Morpho might use your contact details for direct marketing in connection with the service provided.

Morpho may keep records of your activities for seven (7) years after the date on which your identity account is closed, to handle complaints or disputes that may arise.

Morpho will keep your personal data to the extent necessary to comply with all applicable laws, regulations and code of practices.
It's not just Safran Morpho/SecureIdentity. All the "identity providers" keep your data whether you want them to or not. The "control afforded to an individual" is nil.

And it's not just Principle #6. GOV.UK Verify (RIP) flouts all nine privacy principles. It doesn't abide by a single one (6 May 2016 1). How GDS can claim that they do abide by these principles is a mystery.

That is what they say: "GOV.UK Verify [RIP] protects users' privacy. It has been designed to meet the principles developed by our privacy and consumer advisory group". But it's not true, is it.

----------

Updated 11.11.16

Check the GOV.UK performance platform and you'll find that nine government services can be accessed using GOV.UK Verify (RIP). That's what GDS say. There are many qualifications that should be added to that claim of theirs.

Let's let that drop for the moment and instead note here that two more services are to be added to that modest list, please see GOV.UK Verify [RIP] welcomes 2 more DVLA services:
You can now use GOV.UK Verify [RIP] to access the DVLA’s Driving with a medical condition service and Renew your medical driving licence service.
That looks like one service, not two, but don't let's cavil. Note rather this claim:
GOV.UK Verify [RIP] has been designed to minimise storage of personal data, so drivers can be assured that their personal information remains safe and private.
It does not follow from personal information storage being kept to a minimum that your personal information is safe and private.

And the design of GOV.UK Verify (RIP) requires your personal information – in this case including medical information – to be sprayed all over the world. Nothing could make it less likely that your personal information is "safe and private".

Then there's this claim:
With GOV.UK Verify [RIP] connected to Driving with a medical condition, the DVLA can be sure be sure [doubly sure?] applicants are who they say there [they?] are ...
The US National Institute for Standards and Technology disagree. They say that GOV.UK Verify (RIP) offers relying parties like DVLA nothing more than self-certification. Spraying your data all over the world is all downside.

DVLA is the Driver and Vehicle Licensing Agency. GDS have driven a coach and horses through their identity assurance principles, please see main post above. The National Health Service don't think that GOV.UK Verify (RIP) meets the standards required for medical records. You might be well advised to listen to them.


Updated 4.1.17 1

Late last year the Government Digital Service (GDS) published three articles about the GOV.UK Verify (RIP) privacy assurance principles:

Applying Failing to apply
the identity assurance principles

to GOV.UK Verify (RIP):
30 November 2016 Part 1
9 December 2016 Part 2
20 Decmber 2016 Part 3
"We’ve blogged a lot about how user security and privacy is [are] at the heart of GOV.UK Verify [RIP]", GDS say in Part 1. True enough but blogging about them doesn't demonstrate that GOV.UK Verify (RIP) really does provide security and privacy.

"We’ve also talked about the Privacy and Consumer Advisory Group (PCAG)", GDS go on, "and one of their key outputs: the Identity Assurance Principles. These exist to inform and guide the privacy-related aspects of identity assurance, especially in GOV.UK Verify [RIP]". Agreed. That's the idea ...

... but of course it's our contention above that GOV.UK Verify (RIP) doesn't abide by the identity assurance principles. And that's precisely what GDS themselves demonstrate, at length, over the course of these three articles.

Take principle #8, for example, treated in Part 3: "If I have a dispute, I can go to an independent third party for a resolution".

What do GDS say?

"If a user wants to raise a complaint, then they can do so through the certified company’s user support". That's not an independent third party.

Also, "if the user is not satisfied with the result, then they can get in touch with the GOV.UK Verify [RIP] user support team. They can look into the user’s problem to help offer a solution, and they can also raise the complaint with Verify’s Privacy Officer". Neither the user support team nor the Privacy Officer is an independent third party.

Also, "user support has the ability to share anonymised and statistical outcomes with the independent PCAG for further investigation, if required". But principle #8 says that you can go to an independent third party. That's not the same as GOV.UK Verify (RIP)'s user support team going to PCAG.

Does GOV.UK Verify (RIP) abide by principle #8? Manifestly, no.

Principle #9 is: "Any exception has to be approved by Parliament and is subject to independent scrutiny".

What does that mean?

GDS say: "An exceptional circumstance within the privacy principles is defined as a situation where it’s agreed that the privacy principles we’ve just covered are not followed".

We've just seen that principle #8 isn't followed. So that's an exception. Has it been approved by Parliament? No. So principle #9 isn't followed either.

Neither are principle ##1-7.

GDS may have succeeded in convincing themselves that GOV.UK Verify (RIP) complies with PCAG's identity assurance principles. But no-one else.


Updated 4.1.17 2

The following comment has been submitted on GDS's blog post Applying the identity assurance principles to GOV.UK Verify: Part 3:
David Moss
Your comment is awaiting moderation.
"It’s worth noting that all of our certified companies are certified by tScheme ..."
Morpho, the Post Office and the Royal Mail are not certified by tScheme [*].
"... but not necessarily separately. This is because when a certified company uses the same system as another company that is already tScheme certified, then there is no need for a second certification of the same system".
Does that mean that Morpho, the Post Office and the Royal Mail are not doing any real identity assurance work? The work is really being done behind the scenes by someone else?
Who is doing Morpho's work for them?
Who is doing the Post Office's work for them?
Who is doing the Royal Mail's work for them?
----------
Link to this comment

Update 5.1.17 1

The DMossEsq comment above on the GOV.UK Verify (RIP) blog has been deleted and the following email response has been received:
From: Emily Ch'ng
Sent: 04 January 2017 14:49
To: DMossEsq
Subject: Your comment on the GOV.UK Verify blog

Dear David,

Thank you for your comment on the GOV.UK Verify blog. I am the blog's moderator.

I would like to let you know that I am unable to approve your comment as we do not discuss the subcontracting details of GOV.UK Verify's certified companies in the public domain as this is commercially sensitive and thus confidential information.

If you would like to find out further details about certified companies and tScheme, you are free to contact the certified companies themselves.

Many thanks for your interest in GOV.UK Verify.

Kind regards,
--

Emily
Digital Engagement Manager

Government Digital Service

Update 5.1.17 2

The following response to GDS has been sent:
From: David Moss
Sent: 05 January 2017 11:40
To: 'Emily Ch'ng'
Subject: RE: Your comment on the GOV.UK Verify blog, http://www.dmossesq.com/2016/09/rip-ida-privacyidentity-assurance.html#update3

Dear Emily

Thank you for your email.

In her blog post Applying the identity assurance principles to GOV.UK Verify [RIP]: Part 3
Orvokki Lohikoski, the GOV.UK Verify (RIP) privacy officer, writes:
"It’s worth noting that all of our certified companies are certified by tScheme, but not necessarily separately".
In other words, all of our certified companies are certified by tScheme except that they're not ...

... a museum quality example of self-contradiction that she attempts to resolve by saying:
"when a certified company uses the same system as another company that is already tScheme certified,
then there is no need for a second certification of the same system".

That inevitably raises the question in the mind of the public
which uncertified certified companies
rely on which certified certified companies,
a question which the Government Digital Service raise
but which you then say in your email that they will not discuss.
So why raise it?
It looks as though GDS are teasing the public.

Given that the service operated by Morpho – one of the certified companies – is not approved by tScheme,
which tScheme-approved company is really doing the work?
The same question needs to be raised in the cases of the Post Office and the Royal Mail.
Their services also are not approved by tScheme.
People think they are dealing with the Post Office, say, but in reality they're not.
People are being deceived by GDS's GOV.UK Verify (RIP).

Not only will you not answer the question on the GOV.UK Verify (RIP) blog which you moderate,
you won't even publish it – my comment on Ms Lohikoski's blog post has been deleted.

"Make things open: it makes things better", it says in the GDS Design Principles.
It would make things better in this case but,
for reasons of commercial sensitivity and confidentiality,
GDS are not being open.
The public are being lured into handing over sensitive personal information
in the hope that it will be treated confidentially
by certified companies that may not be certified.
But despite having to pay for the privilege, we are not allowed to know how the system works.

You recommend that I should raise the question
which non-tScheme-approved companies rely on which tScheme-approved companies
with the "identity providers" themselves.
Thank you for that recommendation, I shall do so.

That leaves the public and the certified companies to sort out their relationship with no assistance from GDS.
It cuts GDS out of the loop
in the identity assurance ecosystem/market
that GDS say they are trying to promote and regulate.
A market which relies on self-contradiction.
A market which moderates/suppresses public discussion of its workings
on the very forum which invites comments.
A market predicated on an openness which is not available precisely when it is needed.
A market which everyone acknowledges depends on trust.
What are the public to make of that?

Ms Lohikoski has the impssible task of convincing the public
that GOV.UK Verify (RIP) abides by the identity assurance principles
laid down by the Privacy and Consumer Advisory Group.
It manifestly doesn't.
And PCAG have undermined their own credibility by pretending that it does,
last March and in Ms Lohikoski's December blog post.

GDS have no experience of creating and operating a market and it shows.
GOV.UK Verify (RIP) is a mess.
By comparison, the stock market is a model of openness.

Yours sincerely
David Moss


RIP IDA – privacy/identity assurance principles

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
We have seen how Digidentity, one of the Government Digital Service's "identity providers", can unilaterally revoke your on-line GOV.UK Verify (RIP) identity. In GDS's projected digital-by-default internet era world, with no on-line identity you won't exist.

We have seen how users of GOV.UK Verify (RIP) who registered with Barclays and the Post Office may find it impossible to access public services.

Cassidian, Ingeus, Mydex, PayPal and Verizon have all pulled out as "identity providers" to GOV.UK Verify (RIP).

Who does that leave?