Crazy – millions of citizens offered two competing government identity systems

 

From HMRC’s website on Gov.UK … Which should you choose to confirm your identity?
HMRC and other government departments are offering millions of citizens the choice of two “competing” identity systems – the Cabinet Office’s GOV.UK Verify, or HMRC’s Government Gateway.
There’s no guidance offered on which to choose; and no explanation for the absence of joined-up thinking.

By Tony Collins

When Whitehall departments do their own thing, the public rarely notices the duplicated time, effort and cost, at least when it comes to IT.  Now the “silo” approach has spilled out into the public arena.

The Government Digital Service – part of the Cabinet Office – developed GOV.UK Verify to enable people to confirm their identify when they want to use government services online.

At the same time, HMRC continued to work on a separate identity system: Government Gateway.

The cost of the two developments isn’t known.

HMRC prefers its own development work on Government Gateway because it enables companies as well as individuals to identify themselves. Verify is designed for individual use.

But instead of adapting one or the other to serve individuals and companies, or using Government Gateway for companies only, central departments are offering both  – with no guidance on which system citizens should choose; and there’s no explanation for the absence of a joined-up approach to IT.

The BBC’s technology correspondent Rory Cellan-Jones says of the two separate identity systems that GDS and HMRC are engaged in a “bitter turf war”.

Comment

Today I went online to renew a driving licence and was shepherded by DVLA to use the Government Gateway identity system. A few weeks ago I had already successfully registered with GOV.UK Verify.

Government Gateway didn’t work properly, for me at least, although I had all the correct documents.

When I registered to use a different government service a few weeks I had no choice but to use GOV.UK Verify to confirm my identity. Verify was thorough, seamless and worked perfectly. Impressive. It left the impression of a system that had been well thought out, with the citizen in mind.

Putting aside the fact that Government Gateway did not work for me, it seemed dated, much less thorough than Verify, and left an impression of transience – that it was a temporary “make-do” system. For instance, the help screens were not tailored to the particular question being asked. Not impressive.

For me. GOV.UK Verify is the identity system of choice. It could surely be adapted to confirm the identities of companies – unless HMRC would rather continue to do its own thing.

It’s ludicrous that central government is spending billions of IT annually without a joined-up approach. Ministers keep promising it. Officials at conferences keep promising it. Whitehall press releases promise it.

A few weeks ago departments were offering only Government Gateway or GOV.UK Verify. Now many of them are offering both.

That’s progress?

Disturbing

A wider point of Whitehall’s dual IT approach to identity verification is that it’s the tip of the iceberg (apologies for the cliché but it’s apt).

With their ICT budgets, collectively, of billions of pounds a year, central departments are, in the main, doing their own thing.

A politician with the clout of Francis Maude may be needed to bang the heads of permanent secretaries together. But even if Maude’s replacement Ben Gummer had that clout – and he doesn’t – permanent secretaries and departmental boards would complain that the Cabinet Office was interfering.

Complaints along these lines would be made, perhaps, in off-the-record briefings to friendly journalists and to the National Audit Office in departmental responses to NAO surveys of senior officials, with the result that the Cabinet Office would end up backing away from trying to enforce a joined up IT approach.

That a genuine joined-up approach to government IT has been talked about for decades and hasn’t happened is largely because, outside of determining of the size of budgets, it is the permanent secretaries and their senior officials who hold power in Whitehall,  not transient politicians.

And bureaucracies always want to keep their departmental empires as intact as possible.

The current two top Whitehall officials, Cabinet Secretary Sir Jeremy Heywood and John Manzoni, chief executive of the civil service, are consensus-seeking people, not at all confrontational. Probably their lack of a controversial edge is one of the main reasons they were chosen for their jobs.

All of which means there’s no chance of permanent secretary heads being banged together in an effort to cut costs and help bring about joined up government IT .

In 2012, Francis Maude, then Cabinet Office minister,  said, in a speech to the FT Innovate Conference,

“In the last decade our IT costs have gone up – while our services remained patchy. According to some estimates, we spend more on IT per capita than any other government.”

Is government ICT spending much less today? Perhaps HMRC’s Government Gateway officials would let us know.

**

Some Twitter comments





Advertisements

12 responses to “Crazy – millions of citizens offered two competing government identity systems

  1. Matthew Harris

    This whole distinction between verifying a person and a business seems strange. HMRC need to authenticate that a person is who they say they are and then determine if they are authorised to perform actions on behalf of another person (if acting as an agent) or business (if as an officer of a company or agent).

    Surely the authentication and authorisation are separate concerns?

    Like

    • A good point. Thank you for making it. As Government Gateway seems to be able to handle authentication and authorisation, I am not sure why HMRC does not mandate this system for companies and agents (not individuals).
      One problem for citizens is that they’re faced with a choice of two systems without any guidance on which they should choose and the differences between them.
      The reason we’ve two separate systems, it seems to me, is that the Cabinet Office and HMRC have little influence over each other and both have ended up doing their own thing. Not exactly joined-up government.

      Liked by 1 person

      • “As Government Gateway seems to be able to handle authentication and authorisation, I am not sure why HMRC does not mandate this system for companies and agents (not individuals).”

        HMRC do mandate it for companies and agents.

        ———-

        “One problem for citizens is that they’re faced with a choice of two systems without any guidance on which they should choose and the differences between them.”

        That is a problem you are well-placed to solve.

        ———-

        “The reason we’ve two separate systems, it seems to me, is that the Cabinet Office and HMRC have little influence over each other and both have ended up doing their own thing. Not exactly joined-up government.”

        Cabinet Office caused the Gateway to be developed. It was launched in January 2001 [1] and it’s still doing its job 16 years later. For reasons that were never explained, Mike Bracken, sometime executive director of the Government Digital Service, decided within a few weeks of joining Cabinet Office in 2011 to replace the Gateway [2]. He’s gone, the Gateway’s still there and GOV.UK Verify (RIP) isn’t [3].

        ———-

        1. http://www.dematerialisedid.com/evidence/gateway_faqs_v2.doc (1.8MB download, please see para.1.1.1)

        2. https://gds.blog.gov.uk/2011/11/04/establishing-trust/ (please see both blog post and comments below it)

        3. https://twitter.com/alan_mather/status/831874559108317188

        Like

      • Thank you for the correction.

        Like

  2. May I bring to your attention a spreadsheet [1] of some of the attributes of GOV.UK Verify (RIP).

    Seven “identity providers” left, five have pulled out. Why?

    All “identity providers” are said by GDS to be certified but three of them aren’t [2]. They are a front for other organisations doing the work in the background.

    Users are promised control over their personal information. It is impossible to deliver on that promise [3].

    A lot of personal information is collected and it is stored all over the world with a large number of organisations. That doesn’t happen with the Government Gateway.

    —–

    1. http://www.dematerialisedid.com/GOV.UK%20Verify%20(RIP)%20v5.html
    2. http://www.dmossesq.com/2017/01/rip-ida-oix-to-rescue.html#note5
    3. http://www.dmossesq.com/2016/09/rip-ida-privacyidentity-assurance.html#pcag

    Liked by 1 person

    • A good point and I am grateful for the links. When I used Verify, I opted for Experian to help verify my identity, in part because it knows a great deal about us anyway. I doubt that I provided any information it didn’t already know. I would be less enthusiastic about involving, say, the Post Office, or some of the other third parties you mention in your useful posts. Tony Collins

      Like

  3. Thank you, Tony.
    It seems that ‘rivalry’ or ‘divide and rule’ is encouraged within all of our institutions. That is indicative of the motivations of those at the top who benefit from such cultures.
    I would also add that, giving the public a ‘choice’ in the circumstances you describe i.e. the public are not given the reasons or data underpinning the choice, is not a freedom but a transfer of responsibility – from those who are paid to take responsibility, to the victims who merely pay for it.
    As usual, thanks.

    Like

  4. Allan Watton

    Fab article. Well done Tony. If you are OK with this, we’ll do an opinion piece on this for our blog next week and reference your article?

    I hope all else is well. Best regards. Allan

    Like

  5. Should everyone be advised to register their ID in all available systems?
    Just in case someone else steals your ID.
    If someone else did, what are the prospects of ever getting it back?

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s