Online identity: is it time for a government rethink?

Online identity: is it time for a government rethink?
The Information Daily, by Neil Fisher

Whilst UK citizens appear positive about the prospects of digital public services, very few trust the private companies the government will enlist to roll out the scheme.

Last week the Government Digital Service (GDS) made two announcements about Identity Assurance, revealing that Her Majesty’s Revenue and Customs (HMRC) is going to be the first department to use the identity platform. This marks a change from previous confirmation that Universal Credit would be the first, and was announced alongside updated privacy principles in a bid to highlight how privacy is at the heart of the services provided in the scheme.

In recent months, the UK government has talked on a number of occasions about the upcoming Online Identity Scheme, positioning it as an opportunity for UK citizens to access services and payments online. The programme will involve eight named private sector organisations holding a digital “passport” for enrolled UK citizens, which will enable that person to access online services, such as tax enquiries. The question is, with security concerns around data breaches and ID theft continuing to feature highly in the news, is the planned rollout of the scheme supported by the citizens who will be using it?

Our annual Unisys Security Index revealed that 91% of UK residents surveyed support the government’s plans for the scheme. However, only a very worryingly low number would put their trust in private companies (9%) to manage their identity credentials – exactly the type of organisation the government has entrusted with the Online Identity Scheme.

In addition, only 15% of respondents said they would trust credit card companies to manage a digital identity scheme, whilst an abysmal 4% of the respondents stated their trust in social media providers. However, the overwhelming majority of UK citizens (61%) confirmed they would trust the government to look after their digital identity data.

It is clear that consumer opinions counter the government plans for the scheme, yet it is not altogether surprising when you consider a UK citizen’s point of view: “I pay the government to identify and verify me when I am born (birth certificate), when I marry (marriage certificate), when I die (death certificate) and when I travel (passport and driving license). Why should I then have to pay an outside private organisation to verify who I am when I transact with the government online, when I’ve already paid them? Let the government – possibly the Passport Service (which is also the National Records Office) –  be my identity provider of choice.”

The findings suggest that the government should look more closely at the Identity Assurance model and take note of consumer preferences for a government-owned identity provider. This is timely since the commercial model for Identity Provision by the private sector is, to say the least, not particularly clear. The ongoing changes to the scheme, including the recent announcement that Universal Credit will no longer be the first application of the project, plus the results from the Unisys Security Index survey, provide a moment to review the identity management strategy.