Francis Maude spoke on the economics of identity and the role of GOV.UK Verify at the EntrepreneurCountry Global Forum.
It’s a pleasure to be here in the wonderfully named EntrepreneurCountry to talk about GOV.UK Verify, a government service at the frontier of digital innovation.
The spirit of entrepreneurship and innovation is at the heart of this government’s long term economic plan.
Many of the world’s biggest and most transformative companies started with little more than a few bright individuals who had the vision and determination to take a brilliant idea from the drawing board to the market; coupled with the resilience and ambition to overcome setbacks and see it through to success.
Start-ups grow to become small businesses, which in turn can become big ones, creating jobs, investment and wealth and helping our country prosper, so ultimately we all benefit from entrepreneurial success.
Digital by default
Few areas have been more fertile for entrepreneurs than the internet. The fact that the web is open and free, and grew organically from the bottom up, has made it possible for anyone to take this invention and use it to create new technologies, solutions and opportunities.
Within government, using digital technology more effectively will help us meet rising public expectations against a backdrop of continued public spending restraint. In short, it’s a way to do more for less.
Digital services are 20 times cheaper than over the phone, 30 times cheaper than by post and 50 times cheaper than face-to-face. But it’s also an opportunity to create better services: more responsive to people’s needs and more convenient to use. If you can shop online at midnight and bank from your smart phone, then you should be able to renew your passport or view your driving record just as easily.
So we want government to be digital by default. Our aim is to design services which are so straightforward that all those who can use them will chose to do so, and those who can’t are given the support they need.
We started by replacing over 300 inconsistent and expensive websites with just one, GOV.UK, making it easier for people to find what they’re looking for. Last year we celebrated 1 billion visits and it’s already saving taxpayers £60 million a year.
Now we’ve turned our attention to digitising high-volume public services, so whether you want to renew your car tax or apply for an apprenticeship it’s quick and hassle free.
One by one these services are becoming faster, clearer and more convenient to use, and the number of people using them continues to grow – for instance, 1 million people used the new Individual Electoral Registration service in the 2 months after it went live and to date almost 3 million have registered to vote using the service.
Balancing security and convenience
But the more we spend our lives online, the more the issue of identity assurance becomes crucial.
Until now, we’ve had to rely on offline methods, or on digital systems that don’t give a high enough level of confidence for modern, sophisticated digital services.
As we go digital-by-default, we need to be confident that people are who they say they are. And the public need to know their information is safe. It’s about trust – this is the crucial factor which underpins the success of digital transactions
From the outset we’ve been clear about 3 things.
Firstly, privacy and control over identity and personal data is essential. We’re not going down the route of a single government database. Identity is a very important source of power; our view is that power should rest with the citizen, not the state.
Secondly, we’re not looking for a single solution for identity assurance. Technology moves too quickly for that.
And thirdly, we also need to keep services easy to use.
There’s nothing more frustrating than having to remember too many passwords. Last year’s Heartbleed security bug highlighted just how vulnerable they can be. Indeed, the most popular passwords in the world include ‘password’, ‘qwerty’ and ‘letmein’ which tells you all you need to know about how effective they are.
So we need a better solution.
The best digital services put the needs and requirements of the people that use them first. It shouldn’t be any different for identity assurance. The internet is a fundamental part of everyday life, so internet security needs to be easy and convenient, helping us to go about our lives online safely, but without getting in the way.
It’s about finding the right balance between usability and security. If we can find a happy medium, then we can strengthen trust, without diluting the qualities of speed, convenience and choice that make digital services so appealing in the first place.
The good news is this isn’t a question for the public sector alone. Plenty of other organisations, high street banks for instance, wrestle with these same issues.
So our approach has been to encourage the private sector to take a lead role in producing identity solutions for public services, leaving the government to focus on setting standards and encouraging the development of a market for identity services.
It allows people to prove their identity in an entirely digital way by offering people a choice of providers.
When you need to prove who you are, you can choose who you’d like to verify you, from a list of certified companies.
We currently have contracts with 5 certified companies. Experian and Digidentity are already on board; the remaining 3 (Mydex, The Post Office and Verizon) will join in due course.
Each provider will adopt different methods and approaches to providing the same level of confidence.
The company performs checks before verifying your identity to GOV.UK. You’ll also be asked to enter a code that you can receive on your mobile phone, by email, or through a call to your landline.
Verifying your identity for the first time usually takes 10 minutes and once it’s done, it’s quick and easy to use the same company every time you need to access a government service online. In a few moments we’re going to run a demo, so you’ll see how simple it is.
The crucial thing about this system is people remain in control of their own data. They choose which provider they use. The system doesn’t store data and the provider doesn’t know which service the person is trying to use. The company you choose can’t use or share your data without your permission. The user has total control.
This work is still at a relatively early stage – it went into public beta testing toward the end of last year – but people can already use Verify to access 6 services: from completing your HM Revenue & Customs tax self-assessment to applying for a farming subsidy.
More than 10,000 people have used it already and as more people and services start using Verify over the course of the year, we’ll be able to learn from their feedback to refine the service.
And because the standards which identity providers are required to meet are open, the private sector will be able to incorporate new security and counter-fraud technologies as they become available in the future.
Creating a market
But this is more than just a standalone service. By aggregating demand from across the public sector, we’re creating a new market for identity assurance services.
Government is the first customer for this federated model of certified identity assurance providers – but there is potential demand way beyond the public sector.
Customer registration processes in banking, insurance, transport and retail can all be improved – and fraud reduced – through a trustworthy and convenient digital identity assurance infrastructure.
That’s why the Cabinet Office joined the Open Identity Exchange OIX, so we can work with like-minded organisations to explore this potential.
Through OIX, we’ve been funding a number of small scale ‘discovery’ projects to explore potential answers to the question of how to create convenient, secure and privacy-enhancing digital transactions.
But the government isn’t imposing solutions from the top-down. We’re working alongside partners to understand the problem and find answers that work.
As an example, we’ve also been working with the South Yorkshire Credit Union to see how digital identity can help people who are financially excluded.
Often people who are very well known from face-to-face transactions have difficulty creating a digital identity. They rely on paper evidence instead, but this has a much lower level of trust.
But opening a basic bank account with only paper evidence can be difficult, given how highly regulated this sector is. A digital identity that meets government agreed standards could therefore address regulatory obligations for identity verification.
Another OIX project we’re involved with is working with Warwickshire Country Council and other partners to look at ways of improving the application process for a disabled parking Blue Badge.
At the moment, applying for a blue badge involves gathering together reams of different paper statements to prove eligibility. But for people in receipt of disability benefits, a digital verification process would reduce this to a simple ‘yes/no’ answer from the Department of Work and Pensions which could then be sent to the relevant local authority. And our exploratory work has shown it’s possible to reduce the process from 10 weeks to 10 minutes!
This transaction shows how digital identity can reduce the need for large amounts of personal information to be shared and stored by organisations. Instead information provided is quickly checked with the original data source. A local authority needs to receive a simple ‘Yes’ response from DWP. It does not need to keep photocopies of the paper evidence detailing the person’s disability.
If we could check identity and eligibility and make decisions in real-time we could revolutionise the delivery of public services.
We want to encourage organisations from all sectors to work together to develop the supply chain of services that make it easy for users to assert a trustworthy digital identity.
Any private organisation is welcome to propose an identity project to OIX. The process is fully transparent and the conclusions are published for others to see.
Rules and standards
The rules around digital trust are as important as the technology. You can’t look at one without considering the other.
The Cabinet Office has been working with interested parties, including members of the privacy lobby, to consider how digital trust services should operate and how the market should deliver them.
But we must also consider the issues through practical activity. Through OIX we will work with public and private sector partners to build open standards based solutions and the framework of rules through which they can be used.
We will be reporting on the progress of some of these projects at the OIX meeting, which is taking place here at the Royal Institute concurrently to this conference.
So, in conclusion, digital identity is fundamental to the issue of trust that underpins the success of the whole digital revolution.
GOV.UK Verify is an exciting contribution to this work. A completely new concept; with the potential to be used for all sectors and the first of its kind anywhere in the world.
From Australia to Mexico, Canada to New Zealand, governments around the world are exploring the challenges and opportunities of digital identity – and we can be proud that Britain is at the forefront of both thought and action.
This presents a massive opportunity to unlock a wealth of ideas and solutions. But doing so requires support and investment from the private sector. So please continue working with us.
If we’re successful, then we can help make the UK one of the safest places in the world to do business online – and ensure people have confidence in the security of new technologies so they can continue to benefit from the many ways in which the digital revolution is transforming our lives.