Since I joined GDS to lead on digital identity, we have been very busy. One of the things I continue to stand for is communicating in a more open way and better telling the story of what we are doing around digital identity, and why it matters to the future UK economy. I have given keynotes at the OIX/Tech UK and Think Digital events on this subject, and continue to engage widely with stakeholders across government and industry.
In my previous post I said we have 3 main priorities for identity assurance:
- rapid alignment around a future plan
- engaging with the identity assurance market
- delivering an excellent service
I can now report that we’ve made great progress in all of these areas, albeit with plenty of work still to do, and that we can now provide further details. This message is a follow up to the announcement made by the Minister for Implementation, Oliver Dowden, at Identity Week in June.
Why this matters, and the role of government
If you’ve heard me speak recently, you’ll have heard some key reasons that come up over and over again as to why it is critical that we get digital ID right, namely:
- access to services: digital services demand a secure way to gain access digitally
- fraud prevention: digital ID not only stops fraudsters at the point of entry but allows live monitoring of activity to pick up on fraudulent patterns that may arise
- financial inclusion: ensuring that systemic inequality is not replicated
- being able to ‘trade’ on trust: implementing a set of interoperable standards, such that how an ID is verified can be easily understood and therefore interpreted and used correctly
- unlocking value to the UK economy: estimated at significant value by numerous sources (3% of GDP or $97bn (£77bn) by 2030 according to McKinsey); our work here includes allowing identities between the UK and other countries to interoperate
I’ve also articulated our role as government, which includes ensuring that the assets that GDS has created to date (interoperable digital identity standards, operational guidance, technical specifications and a governance model for policy, compliance, audit and liability) are properly transitioned to a model that works across both public and private sectors.
To put it plainly, while our role has included technical implementation (GOV.UK Verify), our larger role and goal is to create an environment that allows multiple private sector actors to be able to innovate and play a number of roles in the digital identity ecosystem going forward. (Keep reading for more thoughts!)
Our role as government is also to ensure that identity solutions are privacy-centric, in line with UK privacy regulations and values, and do not create the equivalent of an ID card system or central citizen register.
Market organisation, call for evidence, ongoing engagement
You’ll have seen that, during Identity Week, the Minister reiterated government’s commitment to the creation of a ubiquitous digital identity market and laid out the first set of activities to do this.
These are:
- a new Digital Identity Unit, which is a collaboration between DCMS and Cabinet Office and which will help bring the public and private sector together to ensure the adoption of interoperable standards, specifications and schemes
- a call for evidence on how to organise the digital identity market and ensure interoperable ‘rules of the road’ for identity (launched on Friday, 19 July 2019).
- engagement on the commercial framework for government to buy identity verification services from the private sector, to ensure the continued delivery of public services
Private sector implementation
Government initially launched digital identity to enable digital access to public sector services. The number of people using GOV.UK Verify to access services has increased sharply – with 1.2 million users added in the last 6 months – but total numbers – approaching 5 million identities created – are only a small proportion of what’s possible . Looking at ways to scale, we have found that the vast majority of use cases for digital ID exist in the private sector.
This week the Minister for Implementation announced an important step that will start to open up this potential and help us deliver the next stage of GOV.UK Verify’s development, in which the private sector takes on responsibility for broadening the usage and application of digital identity in the UK.
The pilot we have launched makes two things possible: firstly, it will allow individuals that used their passport to create an existing GOV.UK Verify account to re-use that account to access private sector services; and secondly, it will allow individuals with a valid passport to create a new digital ID in order to access private sector services. Crucially, at all stages, individuals will remain in control of whether they choose to create and use digital ID or not, and all transactions will pass through privacy-centric technology which enables a 'yes' or 'no' signal to validate their asserted data, so that there is no sharing or storing that data in a new database.
What does this mean? This means that non-governmental organisations will be able to pilot implementation of the digital identity standards (previously only used in public sector) for private-sector use cases. If successful, it could mean significant time savings for individuals who previously went through cumbersome in-person processes to verify their identities and financial savings for organisations who can move their identity proofing processes online. It could also mean the reduction of fraud due to standardised ID proofing.
Interoperability across public and private sectors is a key component of delivering on our future vision, providing stronger incentives for organisations to grow the number of people with digital identity. We expect this pilot to provide further momentum for the future roles of private sector actors in this ecosystem.
At the same time, we continue to listen to and work closely with our services, numerous sectors, our users and the international market and believe we are on the right path. There is still a significant amount of work to do – but this is great progress.
Engage with us
We already have significant engagement with government services (particularly our connected services), the private sector (across all sectors and through key organisations and trade bodies) and privacy experts, including the Privacy and Consumer Advisory Group, who ensure our work meets a high threshold of personal privacy.
We invite anyone interested to contribute to the Call for Evidence, which is open for 8 weeks until Sunday, 15 September.
Continuing to deliver a great service
While recent events represent a major step forward, focus on the future state is just a part of what the GOV.UK Verify team have been doing.
First and foremost, we continue to work closely with our services to ensure they are getting what they need. We are taking steps to improve the user journey and we’ve updated and improved government’s identity standards, to make it easier for organisations to reuse identities that have already been checked. We also do significant work on fraud prevention, social inclusion, international standards alignment and privacy.
GOV.UK Verify continues to increase its users: more than 4.6 million people are now signed up. The number of people using GOV.UK Verify to access services increased by 1.2 million in the last 6 months.
We continue to add services: NHS Business Services Authority connected a new service in May, which allows NHS employees to claim their pension.
Continuing to work with you
We know that government needs to continue to provide clarity on direction and strategy for how digital identity can be used across sectors and how the UK digital identity market will develop. We hope these new steps will be helpful.
2 comments
Comment by Jane Fallon posted on
What is the current advice for any central or local govt digital services being built right now - in terms of options for checking identity? What should teams be considering building into their services?
Comment by Matthew Harris posted on
Given the ongoing investment in NHS Login, why don't you sign them up as an identity provider?