Online identity assurance programme: Scottish Government ‘show & tell’ (28 March 2018) #identityassurance @digitalscots

This post is my digital record of the Scottish Government’s Online Identity Assurance (OLA) ‘show and tell’. The day was very informative, and provided me the opportunity to catch up with friends in civil society circles. I’m especially interested because online identity is a natural precursor to online voting, another problematic area that greatly interests me.

The post starts with a recap of what was said at the event, then notes my input at the event. Next are my reactions to the event itself, followed by my thoughts on the whole OLA programme. In summary, while I think OLA is very worthwhile, and that the Scottish Government is trying to do it the right way, I have a lot of reservations about how useful it will be for those who most need government support.

1       Introduction

Susie Braham of the Scottish Government (SG) introduced the event, which was part of the OLA Programme (Word document) – available via a post on their ‘Digital Scotland’ blog. Feedback from this event will go into the service design final report. The discovery phase ended in March (although I recall Susie saying it ends in April). It will followed by programme board, national stakeholders and expert group meetings, and further phases. Updates will be posted to the Digital Scotland blog.

image of the 'Digital Identity Landscape'

There’s a lot going on!

Susie defined online identity assurance (OLA) as confidence that ‘other people can’t sign into online services as you to see your records or make fraudulent claims as you’. The SG’s digital strategy commits it to work with stakeholders and the public to develop ‘a robust, secure and trustworthy mechanism by which an individual member of the public can demonstrate their identity online’.

Susie’s OLA use-cases included arranging GP appointments, paying for school dinners, applying for benefits, managing student loans and applying for disclosure checks. Such services need ‘safe, secure, accessible and convenient access’ so that ‘people can trust that their personal data is private and used proportionately’. Any system has to fit users’ needs.

Open Government Network Scotland logo

SG’s programme is conducted using Open Government principles. To aid this, discovery is being undertaken by Snook. In addition, ASE and Consult Hyperion are exploring the current technical landscape, in part to ‘understand the challenges of Levels of Assurance required.

2       Discovery process

Valerie Carr of Snook, spoke about the discovery phase. Her presentation is on YouTube. Snook’s method is to map user-journeys, to understand areas for improvement by finding peoples’ needs, motivations, knowledge and experience. So participants were invited to challenge and validate. Valerie emphasised that the event displayed work-in-progress, grounded in user research with these groups:

 photo 1 of 'grounded by user research'  photo 2 of 'grounded by user research'
 photo 3 of 'grounded by user research' photo 4 of 'grounded by user research'

One of the drivers for the current work is that some people hate giving the same information to different agencies. Another is that there are weaknesses with some paper proofs of ID. For example, ‘holding a birth certificate does not prove who you are, it just proves you have access to a public record’.

Snook’s work has shown that there are three life-phases where typically many ID-related events occur:

  • between ages of 15 and 20 (e.g. getting NI number, applying for driving licenses, passports, jobs and higher/further education)
  • in our 20s and 30s (e.g. forming ‘adult’ partnerships – and hence maybe changing names, having [and registering] children, moving house)
  • in our 50s and 60s (e.g. taking responsibility for relatives)

There is an age-independent spectrum of attitudes about personal data, from extreme cautiousness to ‘just make it easy! I don’t want to have to remember loads of passwords!’ There are complexities when moving between government jurisdictions, so some people prefer ‘ID portability’.

Snook had mapped out some user-journeys as a way to investigate use of OLA. Valerie asked us to help by adding our own use-cases, alternative journeys and other experiences. She emphasised that the user-journeys are only examples – we were welcome to write about our own.

3       My input at the event

3.1      Use-cases

Here’s a use-case I submitted – about online ID in relation to bike-theft.

my use case about veloeye to aid recovery of stolen bicycles

3.2      Personal Independence Payments

I had a lot to say about PIP!

The sample user journey I was most drawn to illustrated Snook’s understanding of applications for Personal Independence Payments (PIP). My experience suggests the PIP system functions very poorly, and that many of the issues could be tackled by application of a modicum of thought, compassion and some IT skills. These might also reduce the cost of so many tribunals.

My critiques related to OLA included

  • Applying for PIP involves a lot of paperwork and postage that could be replaced by online systems, if applicants and their supporters wish to use such facilities. (Otherwise, post is inevitable.) Online systems might also save Department for Work and Pensions (DWP) officials time, e.g. not needing to interpret poor handwriting.
    • However, how could I prove my ID and right to be involved in an online-only application?
    • Also, how can people who do not own scanners submit copies of other documents, and prove that these copies have not been altered fraudulently?
  • The DWP did not accept that Powers of Attorney alone enable me to speak for my sister, despite the PoA process ‘proving’ my identity via a lawyer who knows me quite well. In effect, this denied my identity as my sister’s relative and supporter.
  • I have gathered supporting statements from people who know my sister well
    • How can I prove these people’s IDs and rights to give evidence supporting her claim to a purely online process?

The user-journey shown at the event ended with a decision to award PIP immediately after the applicant had applied applying. In reality, many applications go to appeal, at large costs to the state. Meanwhile, applicants are left without state support.

Clearly, the above and my other blog post are critiques of the DWP’s systems, not of the SG’s work towards OLA.

3.3      Registration of births

This was the other matter that caught my eye, mostly because my siblings and I have dual nationality.

  • If a child is dual-national, how would Scottish (or UK) eID be proven to another country?
  • How would Scotland (or the UK) deal with foreign eIDs?

4       My reactions after the event

A key word in the OLA definition (confidence that ‘other people can’t sign into online services as you to see your records or make fraudulent claims as you’) is ‘fraudulent’. With their agreement, I handle online matters for some relatives. This is by no means fraudulent – I do not benefit but my relatives get some of the state support to which they are entitled. However, I am not convinced that the Powers of Attorney they have given me legalise such ‘digital impersonations’ while they still have mental capacity, so may be legally questionable. So I look forward to anticipated work by Napier colleagues on ‘digital proxies’.

I’m not convinced there should be only one OLA mechanism: what happens when that mechanism fails or is hacked? What about ‘monoculture weakness’ versus ‘hybrid vigour’? Is having only one mechanism even possible? I think that humans are full of diversity and entropy, so different systems will evolve.

I think that multiple gateways to multiple mechanisms are likely to lead to confusion – and will add to quality assurance tasks. So I prefer a single gateway/front-end to a few robust mechanisms. The UK government’s Verify system does this. However, I’ve not felt confident about some Verify providers.

photo of the Discovery Project Technical Options process, which appears to be very linear/waterfall

See why I thought ‘waterfall’?

Gathering experiences to design services – which this event did – is only sensible. However, I got the impression that the process will be ‘waterfall’, although I was later assured that it will be ‘agile’/iterative.

Photo showing that the SG isn't looking for 'silver bullets'

The SG isn’t looking for silver bullets.

It’s also a relief that SG isn’t looking for ‘silver bullets’. I’m rather glad that Shelter and other groups working on behalf of disadvantaged and disabled people are involved. This at least nods towards the digital divide.

If having a birth certificate proves only that you have access to that service, isn’t the same true of all other state-generated proofs of ID? If you steal my passport and look like me, you can ‘be’ me. If you have my debit card and PIN, you can empty my bank account. If you have the keys to my online IDs, you can cheat me out of my services, and change log-in details to stop me receiving services or getting my IDs back!

Concerning name-changes, changing her surname to mine has – so far – taken my wife over three months. Some organisations have been very efficient, needing only certified copies of our marriage certificate. Others have demanded the original, and others have asked for information on paper several times over.

My wife and I have Powers of Attorney for my mother and sister. Creating these using the England and Wales online system was pretty painless, generating PDFs to be signed and posted to the UK public guardian. Scotland doesn’t have this system, instead providing a mish-mash of contradictory examples. It’s not going to be cheap to get a lawyer to check the PoAs we’ve drafted for each other using these examples!

Scottish Government data-sharing includes Revenue Scotland and HMRC sharing data on Scottish taxpayers; Revenue Scotland needs to share some Scottish taxpayer ID data with SEPA to operate Scotland’s landfill tax. I understand there has been some resistance to such data sharing.

5       My conclusions

SG is clearly trying to learn from real people to guide its OLA work. It’s clearly not saying ‘we’ve designed this system – now just use it!’ It’s trying to reach at least representatives of disadvantaged people. However, I suspect (and I wish I knew how to solve this) that it’s not reaching far enough. For example, most people at the event were white, middle-class, young-ish adults. I suspect that they were all people who could either afford to take a day off work or whose work is relevant to OLA.

I can’t help thinking of a beggar I met after this event. He had lost all his documentation when he became homeless. Perhaps if he had already had an online ID, this wouldn’t have been so devastating. However, he would now have difficulty establishing an online ID. The current furore over destruction of ID documents doesn’t fill me with confidence in the UK government.

For any technology to work, people need to believe it will benefit them. (See for example, Delone and McLean’s information systems success model (Wikipedia).) Such belief needs trust in the technology, trust in the providers, access to the technology and at least basic digital skills. (See my dissertation for some discussions of trust in the context of hyperlocal government.) How many people who need state support have all of these?

I am also concerned that people like me who are adept at navigating ‘the system’ will benefit, but people who need government services the most will experience OLA as just another barrier. Perhaps the discovery process needs to offer some homeless people accommodation and food for few days in return for their input.

None of this militates against OLA. If simple, secure systems enable access to services, especially if they work across regional and national borders and are easily accessed by me and my nominees, then I am entirely in favour. But these systems must clearly benefit the disadvantaged first and foremost.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.