Building government services that are inclusive is a crucial part of our work. After all, not everyone can easily prove their identity and therefore not everyone can easily access the government services they are entitled to online.
This blog post talks about why this matters, to us and our users, what we are doing to address it as part of the One Login for Government programme and how it impacts not only what we build but also how we are developing our new identity platform.
Why this is important
The very biggest government services have to cater for everyone in society and therefore can’t adopt an identity solution that isn’t inclusive. A digital identity solution that locks people out has huge implications for service teams. This is because exclusion disproportionately impacts vulnerable users.
What’s more, these government services operate at scale, where small percentages amount to very large numbers. For example, if we build something that can be used by 99% of the UK it would still exclude about 700,000 people. By way of context, that’s roughly the population of Sheffield.
Added to that, alternative routes, like using call centres or face-to-face contact with agents, are far more expensive than digital services to run.
What we are doing
As part of this work, we’ve spoken to people who have been prevented from accessing a critical government service because they can't prove who they are. They include survivors of domestic violence who fled their home so no longer had physical access to any identity documents. There have been many more who simply can’t justify the cost of a passport only to use it as a form of ID. And then there are homeless or transient members of our society who aren’t registered at a fixed address.
We have been looking at the inclusion barriers and working with groups of excluded users.
We completed a discovery, pulling together existing knowledge about the problem of identity inclusion barriers, with folks in service teams from across government sharing hard-earned lessons and suggestions for approaches to explore.
Our initial focus was on understanding the needs and experience of users that were of low digital literacy, low income and with people that did not own a passport or driving licence.
We researched alternative ID sources to a passport or driving licence, such as a birth certificate, and used service prototypes to test whether people have access to these documents, if they would be comfortable using these documents to prove their identity, and whether this would be easy or hard to do.
The primary aim of the research was to understand attitudes to using information relating to alternative ID sources to prove identity, whether people can access the information required from these alternative ID sources, and to understand users’ mental models of identity verification in the context of accessing government services.
We thought about ID documents that people do have, and made some high-level estimates about how many people have access to them. There are a great many sources to choose from so we scoped this to a prioritised top 5: banking data, vouching, GRO (General Registry Office) data, patient records data, and pension and benefits data.
From this work we created a list of high potential opportunities that might improve inclusivity and ran short time-boxed experiments looking at each one, learning as much as we could before moving to the next.
In concluding that discovery work, we made 3 service and feature recommendations and are now pursuing all of them.
1. Digital vouching
For users who cannot prove they are the person they claim to be, we are investigating whether a digital vouching process would help. This involves a person asking someone else to confirm their claimed identity and is similar to a referee signing the back of a passport photo to verify the true likeness of someone. Early research suggests that most users should be able to use this new approach.
2. Security questions
Secondly, we will be supporting the use of security questions, also known as ‘knowledge-based verification’, which enables users who might not have identity documents to prove who they are. We will do this by asking questions, based on their records, that only they should know the answer to, and to provide the challenge at different levels of confidence depending on the service they wish to access.
This will allow us to serve up knowledge-based verification questions that will verify people to the level of assurance needed for them to access the service they need at that time. For example, checking non-sensitive information about yourself might require a low-confidence identity check because there is a low risk of fraud, but receiving a financial benefit may require extra steps.
This approach means that a person’s level of assurance can grow over time and they’ll be taken through top-up steps to increase their assurance level only when it’s needed for the service they’re trying to access. It will also increase the likelihood of users with little or no records associated with them on government or credit rating agency databases being able to complete a digital ID verification.
3. Joining up government data
Finally, we’re exploring how to widen the number and type of high-quality security questions generated to support different types of users. We are also investigating how we can use wider government data sources to create new questions so that people can successfully prove their identity online and access services. We're proposing new secondary legislation that will support making this data-sharing possible.
It will do this by opening up a range of government-held data sources and permitting the reuse of previously-verified identities across different government services that require similar levels of assurance, with user consent.
Collectively these initiatives will support the accessibility and inclusivity of the service, and will provide a way for users to interact seamlessly with services.
But we know an online solution will not be suitable for everyone so we’re looking at offline routes and working on effective user support channels as well. We will continue to share our learnings.
- recent migrants to the UK, asylum seekers and EEA nationals with right to remain
- members of the Gypsy, Roma and Traveller communities
- those who have left prison in the last 1-2 years
- those with a history of being in social care
- people who are homeless, in refuge, or in temporary accommodation
- members of the transgender community
- those who don't, or struggle, to speak and read English
Comment by RBridge posted on
Last time I checked your requirements for the HMRC online portal were very restricted and off little practical inclusive purpose.
Some of us adhere to the following scenarios:
1) Long time address residents/owners who don't have mobile phone contracts but do have landlines/PAYG mobiles.
2) Do have driving licenses but not valid passports.
3) Can produce payment bills for utilities (water, council etc) tied to one's residence.
Why a bit of common sense can't prevail is baffling.
In the meantime I will soldier on using printers and snail mail in the 21st century.
Comment by C S Levey posted on
Having to put in a mobile phone number excludes people like me who has no mobile phone. I can’t afford one. It is something I wouldn’t use, I have a perfectly good land line
Comment by The GDS Team posted on
We are developing alternative routes to allow people to authenticate their account. This includes the use of authentication apps, which can be used on a desktop or laptop computer as well as a mobile. We will also be looking at options like voice authentication.
The GDS Team
Comment by Alex Shiell posted on
Have you considered what role Local Government might be able to play in Digital vouching? The people who may need to use this route may already be known to us. We also have the local presence that would make this more accessible to people.
Comment by The GDS Team posted on
This isn't something we are looking at in detail right now but we agree that involvement of local government could be helpful to digital vouching.
The GDS Team
Comment by Martin Glancy posted on
Will there be limits in the secondary legislation to allow limited data sharing for ID whilst stopping bulk export of more data? In fact, do you need to share data, or can you just compare a hash of the data?