Public services, like many sectors, are wrestling with how it can make the most of the opportunities on offer through digital transformation. Over the course of the coming weeks, we’ll look at some of the most common challenges faced by the public sector. Our blogs will cover why government has been slow to adopt digital transformation and move to the Cloud, how Edge computing and the Internet of Things can be integrated into everyday life, and what 'Smart Lives' really means. Today, we are considering identity verification, and whether it is the future of the public sector’s digital transformation.
Who are you? Can you prove it?
We are constantly asked to demonstrate our identity, whether it is with our bank, trying to book a doctor’s appointment or wanting to board a plane. The tests we must pass are only increasing as the risks of being a victim of identity theft grow. Organisations are also protecting themselves, as the arrival of GDPR shifts the spotlight onto the role of the data holder in safeguarding the data owner.
The majority of people understand that proving who they are is necessary to protect their personal information; what frustrates them most is when it becomes needlessly complex. Again, people understand that private enterprises are separate entities – banks, retailers, airlines, hotel operators will all need different ways of verifying identity.
Unfortunately, the same understanding can be missing when dealing with the public sector. After all, it’s all government, isn’t it? Yet, as an article in GovTech Leaders points out when it comes to customer service as a whole, 'the quality in service provision across [central and local government departments] can vary widely, often resulting in an inconsistent and frustrating customer experience'. Nowhere is that more apparent than identity verification.
Why verification is hard in the public sector
In theory, a standard approach to personal authentication sounds great – it would simplify the user experience, while saving government organisations time and money. It is a key tenet of the digital transformation projects Infomentum delivers for customers - if users can access your services easily and securely, they’re more likely to keep using them.
A standard approach to personal authentication sounds great – it would simplify the user experience, while saving government organisations time and money
Take, for example, a music licensing company we guided through digital transformation to improve operational efficiency, significantly reduce costs and enhance the accuracy of its data. By exposing its services and offering them as a single point of performers’ authentication to partner companies in Europe, the customer not only improved the accuracy of its royalty payments, but also expanded its network and global recognition.
Unfortunately, the reality is rather different. Registering with your GP requires an NHS number, while HMRC directs users to its Government Gateway scheme to sign up and pay self-assessment taxes. Elsewhere, paying car tax needs licence plate details and V5C log books if you’ve lost the number on your reminder letter. The net result is citizens need to have a variety of different identification methods to complete straight forward tasks, which can hamper the overall experience.
There is no consistent legacy system to support a new, standardised platform, unlike in other countries
It doesn’t help that as a country we are resistant to the idea of formal ID, as attempts to introduce card schemes have demonstrated over the years. This despite every adult UK resident having NHS and national insurance numbers past a certain age, plus about three quarters of the population holding driving licences of one form or another. As such, there is no consistent legacy system to support a new, standardised platform, unlike in other countries. Instead, individual organisations have made significant investments building their own systems and become protective when the notion of a universal approach is floated.
Yet this attitude misses the point, according to David Wilde, a digital and strategic change expert, former CIO for Essex Council, City of Westminster and Waltham Forest and Infomentum’s public services advisor. 'The true value of the likes of Government Gateway was that it reinvented HMRC’s business model and allowed it to save huge amounts of money. It is over a decade old, the return on investment has been realised and now it’s time to move on as central and local government moves into the digital era'.
The true value of the likes of Government Gateway was that it reinvented HMRC’s business model and allowed it to save huge amounts of money.
What about GOV.UK Verify’s standard approach?
A universal approach already exists, in the form of GOV.UK Verify. Designed to be a simple and secure way to access government services, the project has been the subject of significant and, in David’s view, misguided criticism. He points out that it 'has 3.4 million users, 38 per cent of all users of public digital services and is the access point of choice for 15 government services. While the number of users is short of the 25 million by 2020 target, it’s still a significant amount and a big step towards a standard way of accessing vital services.'
The Government Digital Service (GDS), which operates GOV.UK Verify, announced that it would be opening it up to the private sector towards the end of last year. The Director General of the GDS, Kevin Cunnington, explained why in a blog post announcing the move: 'The standards and guidelines which currently underpin the way Verify works will now be opened up to the private sector to build on. Through these standards and guidelines, GDS and government will ensure there is trust and confidence in the emergent digital identity market. And the private sector will invest to ensure the success of the market, bringing in even more innovation and forward-thinking solutions'.
Through these standards and guidelines, GDS and government will ensure there is trust and confidence in the emergent digital identity market.
- Kevin Cunnington
Opening the system to the private sector does have the potential to improve and align standards of digital authentication across multiple industries and verticals. Yet the GDS must remain committed to implementing Verify across as many public services as possible.
Why it’s better to build on what you have than re-invent the wheel
There’s also the question of re-inventing the wheel. In many ways GOV.UK Verify is a continuation of Government Gateway and other existing verification systems, which makes it ironic that that HMRC points to the latter as the reason for not needing the former. In many ways, it is a bit like the iPhone X and the original iPod. They are different entities, but the latest model never exists without the learnings of previous versions.
In other words, public service organisations should look at how they can build on what’s come before. 'Sometimes you will need to take parts out, other times you won’t be able to, so it is about understanding your ultimate objective, knowing what’s going to get you there and adapting accordingly', David says, a topic that we cover in more detail in our blog post 'Are we there yet? The public sector's approach to cloud adoption'.
There is also an obsession with newness in digital that the public sector would do well to ignore. At a time when budgets are restricted, and revenues are uncertain, building from scratch sometimes isn’t feasible, and could be unnecessary. Part of the point of digital transformation is being able to move quickly to make the most of opportunities. As part of that, things don’t necessarily need to be perfect, just good enough.
What does good enough look like?
What does good enough mean? According to David, 'in authentication terms, you are protecting personal data – anything else is window dressing. That is why GOV.UK Verify is good enough, because it does exactly that. Where there are instances of failings by verification agencies, then there needs to be rigour of consequences. We are in the trust game here – lose citizen trust in the ability of government to protect their data and it is a struggle to get it back. That is why there needs to be clear accountability'.
And what of those that say it is simply too hard to impose standard approaches to verification? Perhaps they should consider how the UK has implemented GDPR and information governance, or how the banking industry developed global standards post-2008. Mobile telecoms is another technology-based sector which has been able to come up with a set of standards. With the latter two, there were competing companies with separate commercial interests. It therefore stands to reason that the UK public sector, which has the common goal of supporting the country’s citizens, should be able to implement a standard way of verifying who someone is.
The UK public sector, which has the common goal of supporting the country’s citizens, should be able to implement a standard way of verifying who someone is.
Standard verification can deliver digital government
The public sector has done a lot of good work to develop a standard verification approach, but it is critical that decision-makers remain focused on the end goal. They must not throw something out because it isn’t perfect. As anyone who has ever run a digital transformation project will know, waiting for something to be perfect will only ensure that you miss the opportunity. The fact is that proving who we are is a necessary fact of modern digital life. Public sector services are always going to be a constant in the lives of UK citizens, and as government goes more digital finding ways to deliver a simple and secure experience must remain a priority. That means universal standards. It is the only way that is going to improve the citizen experience, while reducing cost and delivering a truly digital government.
The public sector has done a lot of good work to develop a standard verification approach, but it is critical that decision-makers remain focused on the end goal. They must not throw something out because it isn’t perfect.
Hear more about the issues shaping government today
Digital verification is just one of the topics we will be covering with public sector leaders at an event on Wednesday 23rd January. We will look at technology, government, health and places, discuss thinking smart when going digital and how we can make it real across public services for smart places, smart lives and smart working. Updates from the event and details on the key debates will be covered in posts over the coming weeks.
Don't forget to subscribe to our newsletter so you receive next posts on cloud computing. At the same time, if there are challenges you face that you want us to cover, let us know in the comments below.