It was one of the least remarked upon items in the Conservative election manifesto, hidden away on page 81. Yet it’s a pledge that aims to change the way we all interact with government online—and potentially with banks, internet firms and even online shops, too.
“We shall roll out Verify so that people can identify themselves on all government online services by 2020,” said the manifesto.
But what is Verify, why is it so critical, and—more importantly—will it work?
In February, Cabinet Office minister Ben Gummer committed to this 2020 target of 25 million citizens using Verify—or Gov.uk Verify, to give its full name—to prove their digital identity. Gummer championed the scheme and wrote it into the manifesto. He didn’t survive the election, losing his Ipswich seat, but so far it looks like Verify will—despite a growing backlash from critics and years of missed deadlines.
Internet companies and governments have wrestled with the issue of our digital identity for as long as there’s been a worldwide web. In 1993, one famous New Yorker cartoon joked, “On the internet, nobody knows you’re a dog.”
While few of us are quite that deceptive, the question of who we are online—and whether we are who we say we are—remains thorny. Consider how many digital identities you use: one to login to email, another for streaming music, a different one for online banking, yet more for shopping, gambling, or public services such as tax self-assessment. It’s a mess.
There is an obvious imperative for the government to tidy up. If you’re the government, you want citizens to deal with you online—according to official figures from 2012, the average cost of a digital transaction is almost 20 times lower than the cost of a telephone transaction, about 30 times lower than post and 50 times lower than face-to-face.
What’s more, the government wants to engage with the younger, digitally-savvy generation using tools they are familiar with. Gummer even claimed that making government digital would “restore faith in democracy.”
Yet originally, Verify was created out of political necessity. In 2010, the new coalition government carried out its promise to scrap Labour’s hated ID card scheme and, in a 2011 PR stunt, then Home Office minister Damian Green fed hard disk drives containing the national identity database into a giant shredding machine. (As Cabinet Office minister, Green is now in charge of Verify.)
David Cameron and George Osborne’s plan to become the most digital government in the world meant they needed a way for citizens to securely prove their identity online—but without a politically unacceptable central database.
And so, Verify was born. The concept involves creating a “market” for online identity. We, as users, go to one of a selection of government-approved but independent identity providers—which currently include Barclays, Royal Mail, Experian and the Post Office. Using data gathered about us from passports, driving licences, credit databases and other sources, these firms establish a proven digital identity to a standard acceptable in court. No face-to-face interaction is, theoretically, required.
When we subsequently log into a government service, the ID provider sends an electronic message to say: yes, this person is who they say they are. The government never sees what data was used to assure our identity and citizens choose which ID provider they trust.
Sounds easy? Not so much. A National Audit Office (NAO) report in March found performance problems, poor adoption by Whitehall departments, and years of missed targets.
“The September 2015 business case predicted 4.4 million users by the end of March 2017. This was reduced to 1.8 million in the October 2016 business case. As of February 2017, Verify had 1.1 million user accounts,” said the NAO. “It is not clear… whether continuing with Verify will achieve projected benefits.”
In fact, some digital chiefs in other Whitehall departments privately describe Verify as “a disaster.”
Only 14 online government services currently offer Verify. Of those, just three rely solely on Verify to log in. Fewer than half of all attempts to create a Verify account are successful. And when citizens do manage to create an account, only 38% of attempts to use a service via an established Verify account are completed. If a tech supplier tried to sell a product on that basis, you’d laugh at them.
Thanks to self-assessment, HM Revenue & Customs has the largest base of online users: 7.4 million. HMRC does not want to use Verify. Earlier this year, however, it was instruction to do so—after all, without those 7.4 million people, the business case for Verify collapses.
Universal Credit, once it’s fully rolled out, will use Verify, but there are problems with assuring the identity of people with little or no digital footprint—those without a passport, credit cards, a mortgage and so on—many of which are also more likely to be benefits claimants.
The government’s answer is to open up Verify to the private sector. It wants the scheme to become the “gold standard” for online identity in the UK. If you have an ID approved for claiming benefit or paying tax, why not use it for online shopping too?
Trials are underway for a private-sector Verify, but it’s a chicken-and-egg challenge: companies won’t adopt Verify without existing customers; customers won’t use Verify unless their favourite websites ask them to.
It took 10 years for contactless cards to become mainstream for the same reason. But contactless cards weren’t funded by taxpayers. Critics say the government shouldn’t be spending money on establishing a private sector digital identity scheme. Supporters say: well, who else will?
Meanwhile, the spectre of identity cards has raised its head again, with proposals for EU citizens to require biometric ID documents after Brexit. As some Verify critics noted wryly, wouldn’t it be great if there was a proven digital identity they could use instead?
However, critics and supporters alike agree on the need for some form of generally accepted online identity scheme if the UK is to fully exploit the opportunities of the digital economy.
A common failing of government IT projects is the tendency to carry on regardless in the face of problems, with those in charge having expended too much political capital to turn back. The government is right to say that Verify—or at least, what it aims to achieve—is critically important. But all the evidence suggests that a pause and a review are needed.
Many Tory manifesto promises failed to survive the election. Digital identity is one that’s worth taking the time to get right.
