The Department for Digital, Culture, Media and Sport (DCMS) has published a draft set of rules on the future use of digital identities.
It has opened up the UK digital identities and trust framework – set up as an alpha prototype for testing in public and private services – for consultation until 11 March, saying it is aimed at making it easier for people to verify their identities using technology.
The move has been accompanied by the Government Digital Service (GDS) publishing a collection of policy papers on using attributes within the trust framework.
The steps come as the government is winding down its support for the GOV.UK Verify identity assurance mechanism for public services, take-up of which has been generally disappointing despite the surge in sign-ups connected with the increased demand for universal credit support caused by the pandemic lockdown.
In the foreword to the framework, Digital Infrastructure Minister Matt Warman says DCMS is not aiming to produce any solutions but that the framework provides rules on which others can do so.
It sets out principles, policies, procedures and standards for the use of digital identities and the sharing of information to check people’s identities or personal details – a key element of which is that users should be in control of how much information they manage and share.
Data demands
In its announcement it highlighted features including having a data management policy that explains how data is created, obtained, disclosed, protected and deleted.
Other significant elements are to follow industry standards and best practice for information security and encryption; to tell the user if any changes such as an update to their address have been made to their digital identity; and where appropriate to have a detailed account recovery process and notify users if an organisation suspects someone has fraudulently accessed their account or used their identity.
There is also guidance on choosing secure authenticators for a service, and an indication that digital identities can take different forms. Examples include a software element on a mobile device and the ability to obtain authentication through an online service.
DCMs added that organisations will be required to publish an annual report on any demographics excluded from the service, a move aimed at making firms away of any inclusivity problems.
The framework also points to the use of ‘vouching’ where trusted people such as doctors or teachers can confirm a person’s identity in an initial authentication rather than relying on documents such as passports and driving licences.
Online trust
Warman said: “Establishing trust online is absolutely essential if we are to unleash the future potential of our digital economy.
“Today we are publishing draft rules of the road to guide organisations using new digital identity technology and we want industry, civil society groups and the public to make their voices heard.
“Our aim is to help people confidently verify themselves while safeguarding their privacy so we can build back better and fairer from the pandemic.”
The GDS policy papers are directed at organisations interested in becoming attribute providers within the digital identity process. They describe attributes as pieces of information that describe something about a person or organisation to help prove that they are who they say they are, or that they are eligible or entitled to do something.
There are three papers, focused on understanding attributes, creating and sharing them, and how to score them.
Clarity and certainty
Cabinet Office Minister Julia Lopez commented: “Creating a common trust framework will give greater clarity and certainty to organisations who want to work in this field about what is expected of them. More importantly, however, it will help to deepen users’ trust and confidence in digital identities and the standards we expect in the safeguarding of their personal data and privacy.”
In his report to the draft framework, Warman said DCMS intends to use the feedback from the consultation to publish a second iteration, with details of a certification process, “in short order”.
Image from iStock, Maxim Tkachenko
