Private sector frustrated with UK government’s digital ID coordination efforts

The confusion around the UK government’s efforts to sunset its Gov.uk Verify digital identity system are analyzed in a Computer Weekly blog, along with the uncertain future digital ID for public services in the nation.

Another extension of Verify’s end-of-life is possible, Computer Weekly writes, but several developments suggest the next attempt to formulate a system is already underway.

The draft digital identity trust framework was published by the Department for Digital, Culture, Media and Sport, Cabinet Office Minister Michael Gove instructed all government departments to prepare for a unified identity system, and the Post Office reached an agreement with Yoti to provide biometrics for its app.

The legal liability, commercial and governance aspects of the system are mostly left out of the framework, and some in the digital ID industry are frustrated with the possibility of the framework mandating GPG standards, which the Government Digital Service (GDS) is said to prefer, but are incompatible with the AML processes that underpin many private-sector digital identity services.

In that context, Gove’s announcement and its inclusion of identity data sharing seems to preclude the double-blind private sector engagement of Verify, and set up a system in which private and public services would be served by entirely separate digital identity ecosystems.

Australia consults on private sector integration as myGovID hits 2M

Synergy Group, NTT Digital and KPMG are among consultants selected to support Australia’s Digital Transformation Agency (DTA) as it sets up paid participation in its digital identity scheme by outside public and private-sector agencies, Consultancy reports.

The consultants will advise DTA on the development of the system’s payment framework for participation by private enterprises.

The project is slated to take 6 months, at a cost of AU$3.6 (US$ million), of which Synergy takes $2.5. NTT Digital receives $820,000 for its role in the consultation, while KPMG will receive $260,000. Liquid Experience is also participating in the consultation, at a cost of $160,000.

Consultancy reports that a DTA spokesperson told InnovationAus, “The work relates to the development of a charging framework for the federated digital identity system. The charging framework will support the ongoing requirements for the program as it is expanded to additional identity and service providers and ensure it is appropriately funded to deliver a whole-of-economy solution to Australians.”

The Australian Taxation Office’s (ATO’s) myGovID accounts have now been created by 2 million Australians, according to an announcement made by two government ministers and reported by iTWire.

Government Services Minister Stuart Robert and Superannuation, Financial Services and Digital Economy Minister Jane Hume also said the digital ID system can now be used to access more than 75 government services, and 120,000 transactions use myGovID each day for digital identity verification.

Security researchers recently blasted the system as falling short of its own stated security goals.

“The myGovID system is subject to an easily-implemented code proxying attack, which allows a malicious website to proxy a person’s myGovID login and re-use their authentication to log in to the victim’s account on any website of their choice,” wrote Dr. Vanessa Teague and Ben Frengley in a submission to the DTA.

“Although detectable by extremely diligent users, the attack is likely to go unnoticed by most victims.”

The Tax Office was informed of the vulnerability in August, but does not intend to make changes, the researchers say.

The system had reached 1.4 million sign-ups as of July 2020.

The Australia Post also operates an accredited digital identity service.

Article Topics

Australia  |  biometrics  |  digital identity  |  government services  |  identity management  |  identity verification  |  UK