The last few months have seen a massive surge in the use of the identity verification service run by Gov.uk.
For those lucky enough not to have to use this system in order to use key Government services you have to set up an identity verification account.
Over the last few months usage of the system has soared mostly driven by claims for Universal Credit and redundancy payments during the Covid crisis. There were plans to use the Government verification service for booking Covid tests, however the NHS withdrew from the scheme due to concerns about security. At it’s peak it was dealing with 10,000 identification checks a day.
The identity verification system is run by a series of private sector companies, to whom you have to give your personal data. Over the years Verizon, Experian, Digidentity, The Post Office, Royal Mail, Mydex CIC, Barclays, GB Group, Morpho and SecureIdentity have all held contracts. Over the years some providers like Verizon were dropped from the programe, while others have ended their involvement. At the moment I understand that the only companies left involved are Experian and SecureIdentity.
The Government has been using private sector identity verification companies like Experian for a very long time. Back in the days of the last Labour Government I ran one of the largest Experian contracts in the UK on behalf of the Child Support Agency. We triangulated data from the CSA’s own records, with Experian and HMRC to locate people who weren’t keen on making their maintenance payments.
As the Government rolled out more on line services it became more reliant on ID verification services from the private sector. The use of private sector ID companies had obvious issues of privacy and data use, and as a consequence the then Labour Government decided to bring the whole system in house. In 2006 the Identity Cards Act was passed which created the National Identity Register, the Government’s in house ID verification system, along with the National ID card.
The then Conservative Opposition attacked the proposals as part of David Cameron’s attempt to re-brand himself as a “liberal conservative”.
When the coalition Government came in they repealed the Act and destroyed the database, with the support of Labour MPs like Jeremy Corbyn.
This of course didn’t stop the Governments need for an identify verification system, it just reversed the process of bringing the work in house. The effect of the 2010 vote was simply to outsource the function back to the private sector. Straight after the 2010 vote I was re-letting contracts to Experian.
The Cabinet Office took over responsibility for co-ordinating this function, and the current, privatised, system started formal development in 2011.
It was due to go live in 2012, but problems with the system meant that it didn’t actually go live until 2016. Even now if fails to validate more than half of the individuals who use it.
In 2018 the The Infrastructure and Projects Authority recommended that the project should be scrapped, and the £130m spent so far should be written off. Like lots of bad ideas it staggered on.
This years Cabinet Office annual report identified serious risks with the operation of the programme, and indicated that further commercial support was required.
It’s a massive mess, all of which goes back to a politically opportunistic decision in 2010. We had a national database that had all of these functions, but we deleted it ten years ago, due to crap politics.
Despite this Dominic Cummings is now briefing friendly journalists that he is planning to resurrect the ID verification system abandoned by the Tories in 2010. A wasted decade.
I have no doubt however that this work will be kept in the private sector despite the overwhelming technical and ethical reasons why this is something that the state should never be outsourcing.
Something about the combination of Dominic Cummings and private data worries me.
An awful lot.