Oliver Dowden has stirred up a fresh round of speculation over GOV.UK Verify with his statement to Parliament on the new commercial arrangements for the programme.
The move to make five of the private sector identity providers responsible for broadening the usage of the identity assurance platform was conveyed by the Cabinet Office minister as an indication of its maturity, but there are plenty who will see it as banging a nail in the coffin before it is quite dead.
In fact it confirms a transition that was flagged up back in May by Nic Harrison, then director of service design and assurance, digital identity in the Government Digital Service, who said GDS was in conversations about taking a less active role and Verify evolving into a federated system.
It is understood that the identity providers, who have new 18-month contracts with the service, will have more freedom in approaching the market, especially among commercial organisations wanting to make use of digital identities.
In short, Verify is being thrown into the commercial world with its original role – to provide online assurance for government services – becoming just part of a much wider picture.
The Government is not ready to write it off, but the programme has not fulfilled the ambition expressed when work began in 2011. The Cabinet Office was aiming to make it a ubiquitous mechanism at least for central government services, but so far it has been used for just 18. It also has just short of 3 million sign-ups against the target of 25 million that was part of last year’s Transformation Strategy.
Meanwhile, the questions of management responsibility and governance seem to be up in the air, with the Cabinet Office still in the frame but a possibility that Verify could soon come under the wing of the Department of Digital, Culture, Media and Sport, which has taken control of most of the Government’s data policy. And how these, or some other party, will work with the identity providers remains to be seen.
This all leads to the question of what are its odds of success in a broader market for digital identities? Its slow progress in central government suggests there are still shortcomings to address.
Firstly, the sign-up process has to become more reliable. There have been plenty of complaints about failures to complete the process, and as of today the official dashboard says the verification success rate is just 47%.
The changes are probably going to throw more emphasis on the identity providers sorting this out, but it is not going to build a momentum unless it becomes the norm for potential users to complete the process first time.
Secondly, it needs an assessment of whether the attributes the identity providers hold on individuals will meet the needs of different services; and whether those services operate in a way that makes them relevant.
Harrison acknowledged “sound operational reasons” why central government wasn’t making wide use of Verify, suggesting its design involved assumptions about what would work for Whitehall that proved incorrect. It is going to be equally difficult to get things right for big commercial operations, and there has to be a good understanding of their operational demands to make the platform work for them.
Both of these issues could possibly be addressed in the identity providers developing their own hubs rather than relying on the central hub – a move that was floated by Harrison.
Thirdly, there has to be a sustained effort to let people know about Verify. There has never been a big public information campaign, and the majority of people will have no idea what it is or what is meant to do for them. The momentum is never going to develop when it prompts nothing more than a blank look from most of the public.
Contrary to what some detractors would say, Verify isn’t dead; but it doesn’t look very healthy in its current state and has 18 months to show that it’s worth keeping alive.
Image from GOV.UK, Open Government Licence v3.0