IT industry association techUK has urged the Government to urgently publish plans for the future development of the GOV.UK Verify service and to establish a policy for digital identity ecosystem.
It has made the recommendations in its new Digital Identity White Paper, which calls for an interoperable framework of digital IDs across the public and private sectors.
The paper expresses the familiar criticism that Verify – which went live in 2016 as a means of providing online identity assurance for government services – has not yet been widely used despite the heavy costs of setting up and running the service.
It welcomes the policy, announced last October, to increase the involvement of the private sector bodies that handle the initial authentication, but points out that little detail was provided on how this should work. This has left question marks over how things will progress over the remaining 15 months of the relevant contracts.
Need for standards
As a response, techUK says there is a need for workable strategy through which the Verify scheme can evolve into a standards based ecosystem. One of its recommendations is that the Government should release plans now for the future development of Verify, towards the creation of standards that could be used by all players.
It also calls on the Government to support this by opening up more data from sources such as the Driver and Vehicle Licensing Agency and HM Passport Office, and to encourage the wider use of digital identity verification for purposes such as proving the right to live and work in the UK and proof of age.
The latter may require the development of a robust accreditation process – possibly by the National Cyber Security Centre – which should build on work by the British Board of Film Censorship to help technology providers meet the requirements of the Digital Economy Act.
On a broader front, it says there is a need for a digital identity ecosystem beyond Verify, which requires a strategy with input from public bodies and the private sector. This would have to take into account: interoperable standards; the ability to check any identity; trust of the verifiers of identity; an audit trail of who did what and when; and digital identities that are easy to set up and use.
If this is executed well, it can protect citizens, reduce fraud and support economic growth in the UK, the report says.
Other recommendations include:
enabling examination, membership and utilities bodes to issue attributes digitally to enable ‘thin file’ customers – those with little paper evidence of their identity – to build a track record of their activities to prove who they are;
recognising approved digital age and identify verification methods on an equal footing with paper based and face-to-face verification;
setting up a new lawful basis for processing biometric data for identity verification and authentication;
nominating a competent independent authority for digital identity.
techUK chief executive officer Julian David (pictured) said: “At techUK, we see instances where companies which want to bring world class solutions to UK users often struggle to get support, either due to a reluctance to innovate or lack of a joined up approach from key public sector bodies.
“Whether it is asking for new mobile identity solutions for retailers to be approved by law, or for easier access to key sources of public sector data to help combat fraud, too often tech companies encounter difficulties which delay or obstruct innovation.
“It is particularly frustrating for us as a UK industry body to hear that British companies do not experience these problems in other countries. We have shown it is possible to empower regulators to embrace innovation to make the UK a world centre for innovation in fintech – we need to do the same now for digital identity.”
Image from techUK