Image source: Mark Say
Leading officials of the Government Digital Service outline the state of play and ambitions for the digital identity service
It must be a sign of confidence that Government Digital Service (GDS) has begun to talk more openly about the GOV.UK One Login programme.
After more than two years in which limited detail has come into the public realm, the organisation has made an announcement and staged a briefing for journalists to share its ideas on how the service could develop beyond the initial plans.
GDS chief executive Tom Read and director for digital identity Natalie Jones take an upbeat view of the developments, the former describing it as a step change in reducing the friction that a lot of people encounter when interacting with government.
One Login is being developed as a single, reusable form of identity verification for central government services. Its core system is up and running, making it possible to prove an identity through its web channel or the app, using passports or driving licences as evidence on both, biometric resident permits on the app and knowledge based verification on the web.
The app has been developed to match a photo of a passport with a selfie pic of the user.
There has been early progress with eight government services beginning to use it so far, the first having been for basic checks in the Disclosure and Barring Service, the most recent on the Home Office’s Modern Slavery Statement’s Registry.
The numbers on individuals’ use are 819,000 accounts created, 1.51 million identities issued (with the disparity attributed to HM Revenue and Customs’ use of the app for its Government Gateway in parallel with One Login), and 2.15 million app downloads.
GDS is also claiming high performance, with 81% of users starting via the app successfully proving their identity, up to 83% who complete the process ending up with a proven identity, and the average time being under 10 minutes. In addition, the system had a 100% uptime during May.
Jones emphasises benefits in improving the user experience, reducing costs for government, providing a tool to reduce identity fraud, and making verification more inclusive for users.
“We are really focused on making this as inclusive as possible for people,” she says. “It’s about broadening out access for digital services, and bringing people who currently use very time consuming channels, like telephone and face-to-face, into a digital channel so they can get the support they need from government more quickly and simply.”
She also says that privacy and the security of data have been key factors in the design.
“We have all the principles of data minimisation. We’re not holding a great big database of citizens, and users give us just enough information to prove their identities.
“It’s held in a really secure way and it’s highly segmented, there’s no big honey pot to break into to get hold of all the data. It’s held for only for the period we need it for, and there’s a bare minimum of data items taken onto the servers to match them to their tax records. It’s no more than about 10 or 12 data items on people.”
There are plans for the next 12 months that include onboarding more services – with Companies House, the Department for Environment, Food and Rural Affairs, the Department for Work and Pensions and for the veterans’ identity card – and developments such as a face-to-face route for identity checking and the opening of a call centre during the autumn to support users.
Major steps are scheduled for spring of new year as HM Revenue and Customs (HMRC) begins to redirect new users to One Login rather than the Government Gateway, followed soon after by the beginning of a migration of existing accounts from the latter.
Looking beyond this, Jones says the “vast bulk” of government services should be onboard by the end of March 2025, and qualifies it with a number of 100.
Improvement on Verify
This would be a big improvement on the performance of GOV.UK Verify, the predecessor digital identity service that was launched in 2016 but never really took off and was closed earlier this year. Jones says that a different approach has been taken to encourage take-up of One Login.
“The team has spent a lot of time working across government to make sure One Login works for services, and we’ve done it in a partnership way that’s slightly different to the way it was done for Verify. We have top down cover from all the perm secs and ministers for major departments, and a ministerial oversight group that meets every six months to reaffirm commitments.
“We have a roadmap that includes onboarding for all major departments and universal support. Some of that is to do with the different way of working, for example with HMRC, building out by showing we can do it, fixing a real problem for them quickly, and showing the benefits. All the services that have onboarded are talking about the benefits so we can use them to advocate for us across government.”
It leaves a question about the other element of take-up – whether many of the public will be aware of the service.
“We’re working on our strategic comms plan,” she says. “Some of this will be at the point where we ask someone to do something. General public comms around government doing a whizzy thing with tech might not work that much, but we are working through how to get across core messages around this thing you can use across services.”
Beyond take-up, GDS is looking at a range of possibilities for further developments. One is to incorporate other types of documents, such as birth certificates, as proof of identity – which relies on the gradual digitisation of records by the General Registry Office.
There is also an intent to build sets of questions from Department for Work and Pensions and HMRC data for knowledge based verification; and to look at open banking, with its capacity to show transaction histories for an individual, as a way of proving identity.
All of this will be aligned with the Good Practice Guide (GPG) 45 framework for identify proofing and verification of an individual, which has been put together with a number of government bodies and aligns with international standards and regulations including ISO/IEC 21195.
Another priority is to use One Login in reducing fraud against government, using an identity within a mechanism that, if a fraud against one department is detected, will securely alert others.
Longer term there are ideas about using it for more personalisation of people’s routes through online services. Read outlines the possibility:
“At the moment you go to GOV.UK, read the content and try to find the government service you’re looking for. In the future we want to look at how we can start to personalise some of that user journey.
“We don’t know what that’s going to look like yet, but think if we can start using some of that we can make the user experience even simpler. I think this is a direction of travel, and what we’ve seen in more advanced nations across the world; but we have to balance that with data privacy concerns.”
There are also inevitable questions about going into other areas of the public sector. Jones says that for the current Spending Review period the effort is being focused on central government, but there have been conversations with the NHS, and engagement with local government.
One of the issues in the latter sector is that local authorities use a wide range of systems from a large number of suppliers, which would stiffen the challenge of bringing them all onboard. But Jones suggests that this could be a target for the long term as One Login would be truly ubiquitous when it is widely used to interact with local authorities.
GDS is also sufficiently confident to place a figure on the expected savings for government from the service of around £700 million over the next five years. Jones says this will come from a number of sources, including many fewer people using call centres and face-to-face routes, reduced duplication of parallel track IT in other government bodies, reductions in transaction costs by requiring just one verification, and the expectations of reducing fraud.
The ultimate test for One Login will probably be in an area in which Verify failed – ensuring it becomes widely used by the public. Jones avoids setting a target, but suggests that if the organisations take it up the public will follow.
“There’s no explicit target for the number of users, but my expectation is that by the time we get to 100 services the vast bulk of people interacting with government will have an account that will be the easiest and fastest way to get you where you need to go.”