By Rob Laurence, Director, Innovate Identity
Think of digital identities as a national asset
Not in the physical sense like roads, railways, schools and hospitals, but in the non-physical world – like education and health.
Assets that bring value to everyone, both directly and indirectly.
A well-educated population to be equipped for society.
A healthy population to be able to lead a fulfilling life.
And a digital identity to be trusted and protected as we engage with this new, exciting digital world.
Now that GOV.UK Verify is live, it’s time to ponder what could be
Digital identities have the potential to unlock huge savings in how services are delivered to us – but only if they are treated as a national asset and part of the national digital infrastructure, not if we have a diverse range of schemes of different shapes and sizes. It would be chaos – just like building a rail network with different gauges or driving on the left in some cities and the right in others! You wouldn’t do it!
The Internet has created a challenge – how do we know who you are? Remember Peter’s Steiner’s wonderful caption – On the Internet nobody knows you’re a dog!
We can’t hide from this challenge.
We can’t ignore it.
We have cobbled together solutions to address it – but they are not elegant or universally usable – as our identities are in the physical world.
We also need to have protection in place from people who wish to cause us or organisations harm, so personal privacy and safety is paramount for us, security for an organisation
In five years more than half the adult population will have a digital identity. Why?
To access more and more central government, local government and health services. Accessing our personal tax account, maybe eVoting, will drive take-up. Digital identities will become the de facto way to access these services; confirming who we are, and keeping our personal details safe from hackers and those who would seek to harm us.
Quicker, more efficiently and less costly.
As this portfolio of digital services grows, so will the desire to tackle more complex and costlier services.
Services that require information to be accessed in other locations – banks, energy suppliers, airlines.
Digital identities can underpin all this, enabling customer-centric services to be designed with real time data sharing between the parties. The OIX projects looking at the Blue Badge service and Pension Dashboard demonstrate this. Take a process like underwriting. Real time sharing of bank account information, with the customer’s approval, could turn a process that might take days into minutes.
Digital identities have the potential to enable real-time services that cut out swathes of back office processes.
All this will only happen, though, if there is TRUST.
TRUST by the banks
TRUST by the government departments
TRUST by the health service
TRUST by the citizen
In creating a national asset, we must actually create a national asset that is TRUSTED by everyone.
So how can we do this?
There is much market research around that looks at who we trust – and conversely who we don’t.
There is a pecking order of trust – I’ll leave you to form your own opinion – solicitors, banks, estate agents, double glazing sales, energy sales, Google, government.
Time and again, customer insight research carried out in the UK around the use of digital identities shows a high level of trust in government.
So, if we accept trust is essential and citizens trust government, it would seem reasonable to suggest that government should take the lead in helping the nation realise the value of this asset.
So, what comes with this asset?
PCAG Identity Assurance Principles – formulated by academics, lawyers and the detractors of the ID Card
Good Practice Guides and Operating Standards
Certification standards and processes
Thousands of hours of user research and insight
Digital services standards
A privacy-by-design technical architecture
Compatibility with eIDAS
A live national federated identity service – GOV.UK Verify.
These are all part of the national asset, for they are a realisation of everything that has gone into the creation of these digital identities.
Is it remotely conceivable that another industry would want to replicate this investment?
Tens of thousands of hours have been invested in the government-driven digital identity scheme. From the early days in 2012 with the consumer-led development of the principles for identity assurance leading to guidance and standards for the development of an identity assurance service. From exploratory developments embracing open standards and protocols of an identity assurance hub to a fully-functional service with 8 contracted identity providers and 15 government departments.
From a vision to develop digital services around the citizens and not around organisations; to thousands of hours of user research into the delivery of services so simple to use that users prefer to use them.
But this isn’t an investment by government alone. It’s been a collaboration with the private sector; technology businesses working side-by-side with government to create a world-first national federated digital identity scheme. Collaboration made possible through an independent, cross-sector membership organisation (OIX) committed to growing the volume of transactions online, safely and securely.
So what could be the outcome of this investment?
For consumers, a simple and convenient way for us to access services that we understand and trust.
we don’t have to look after user names and passwords for all the services we access
our digital identities could be used to claim a tax refund, pay income tax, look at our medical records, open a bank account, book a flight or apply for a ticket at Glastonbury
we can trust every organisation we share our identities with to keep them safe
For organisations, a simple and convenient way to identify our customers to enable us to provide better services more cost effectively.
We don’t have to manage user names and passwords
We know who are customers are and can trust them
If our customers allow, we can share their information with other parties to deliver services quickly and efficiently by fulfilling services in real time and removing back-office processes
We can develop common European and global services and treat customers in the same way, no matter where they are
We, and our customers, are more secure and less exposed to risks of having our data stolen and misused
But the visions and outcomes can only become reality if the government and the private sector work together to make it happen
Right now, other sectors are considering digital identity schemes and federation of identity. Online gambling and financial services to name but two.
Is it in these sectors’ interests to develop their own schemes? For surely they would have to follow the same development roadmap as the government.
Is it in the national interest for a myriad of schemes to emerge? Think of the poor consumer? Remember, we all have to drive on the same side of the road!
So how can this asset be developed for the greater good?
Let’s look at two examples to help give this direction.
Superfast Broadband. The government recognises that improved connectivity is revolutionizing our quality of life, from how we work and how we learn, to how we spend our leisure time, how we do our weekly shop, and how we engage with public services.
Broadband Delivery UK (BDUK) is part of the Department for Media, Culture and Sport. It is supporting investment to ensure the benefits of improved connectivity are available to the nation as a whole – no matter where we live.
A government strategy but not delivered by government – it doesn’t lay cable, it requires the cooperation and collaboration of the telecoms and mobile providers. As part of this strategy, government is working alongside local authorities and the private sector to stimulate projects resulting in the delivery of superfast Broadband to all communities.
Payments Industry. Payments UK is the payments industry’s representative body: providing an authoritative voice in the UK, Europe and globally, and working with stakeholders to share payments knowledge and expertise.
It is a centre for excellence: supporting the UK payments industry to provide world-class payments, building on the experience, thought-leadership and project delivery expertise behind award-winning initiatives such as Paym, the Current Account Switch Service and Faster Payments.
It aims to deliver collaborative change and innovation: working on behalf of its members to benefit customers and UK plc, ensuring their needs are understood and met, both now and in the future.
In the first example, government recognises the importance of the latest superfast Broadband technology to the nation and the economy. It has set out a vision and strategy and is working with industry to deliver it.
In the second example, we have a mature industry where members are represented by an industry association. Government will work with this association, through consultation and collaboration, to
promote technological advances but also protect consumers – remember the consultation to end cheques!
Digital identities are still in the infancy stage of their evolution. Roll-out and take-up come next – which would tend to suggest the first example may be more of an appropriate model to follow.
A way forward?
The government, in collaboration with the private sector, has created something that potentially has enormous benefit to us, as citizens and consumers, and to organisations as service providers. Should government now take a lead to realise this asset’s potential value? This is an asset that is neither sufficiently understood or developed to be managed by an industry association. It needs to be nurtured and knowledge needs to be shared. At this early stage, should government provide direction, stimulus and know-how?
So, my thoughts:
1. Government should recognise that digital identities are a national asset. Perhaps it already does.
2. Government should publish a paper (through OIX, perhaps) that sets out the benefits to consumers, organisations and government and the rationale for regarding this as a national asset.
3. Government should set out a structure for, and invite organisations to form an independent UK Digital Identity Strategy Team (UKDIST). UKDIST’s role is to establish a strategy for digital identities in the UK and cover guiding principles, and provide recommendations on the rules of the road and how the rules should be governed going forward (see below).
4. OIX would provide an ideal collaborative membership environment to host UKDIST.
The government paper would provide guidance on the purpose and objectives of the rules of the road; their primary purpose being to establish trust in and across digital identity schemes in the UK, extendable under eIDAS in future. Some examples of guiding principles:
1. There should be no limit to the number of digital identity schemes.
2. Digital identity schemes should meet a minimum standard and be certified.
3. Digital identity schemes should seamlessly inter-operate in the UK; this means a digital identity issued by one scheme would be trusted and accepted by another (this particularly applies when data is being shared between organisations) or being reused in another sector.
4. Digital identity schemes should be administered by digital identity scheme trust rules (akin to payment schemes). Trust could have two meanings – establishing trust between the parties to the scheme and Trust as in the administrative body.