But GOV.UK Verify was meant to be used as the login to allow people to access porn by proving they were over 18, perhaps this was t.may's plan all along, ban porn altogether by slowly removing all the verification options.
UK.gov withdraws life support from flagship digital identity system
It's official: the UK state's expensive-but-comatose digital identity system Verify has been taken off life support. Parliament photo by Shutterstock Identity disorder: Does UK govt need Verify more than we do? READ MORE The minister responsible confirmed to Parliament yesterday that it will halt funding for the project …
COMMENTS
-
Wednesday 10th October 2018 14:36 GMT Zippy´s Sausage Factory
So it follows the standard government "big transformational IT project" timeline then?
2011: We've got a brilliant idea... it'll work everywhere and everyone will use it
2013: This great idea works in most places, some people are using it already
2015: This idea works in some places, less people than we hoped are using it
2017: This thing sort of works, somebody is probably using it
2019: C'mere old Yeller...
Or was that the timeline for Google+ I've just quoted, I'm not sure?
-
Thursday 11th October 2018 00:12 GMT SVV
Timeline is wildly optimistic from 2013 onwards
2013 : the bidding process is complete, and who would have guessed, we've awarded it to Capita
2015 : lots of money spent, no sign of anything systemwise.
2017 : scope creep, system cost to quintuple.
2018 : errm, it'll be great, honest
2019 :too late to turn back now......
2025 : You can fill in a paper form at a post office, if you're lucky enough to live in a county that still has one.
-
-
Wednesday 10th October 2018 14:40 GMT Paul Johnson 1
It sucked lemons!
I tried to use this to get identified last year. You had a choice of four or five identification providers such as banks and the Royal Mail. Each would give you three or four questions to verify that you were you. The kicker was that if you got one answer wrong then you failed verification, and you weren't allowed to go round and try again with that provider. Obviously this was to prevent fraudsters from repeatedly guessing until they got a hit. However the banks only worked if you were an account holder, so most of them were out.
I started with the Royal Mail, but misremembered the year I moved in to my current house (getting the month right wasn't good enough!), so that failed. Then the only bank I had an account with simply wouldn't work and kept taking me back to a question I had already answered.
-
-
This post has been deleted by its author
-
-
Wednesday 10th October 2018 22:55 GMT D Moss Esq
Re: It sucked lemons!
smudge: "Genuine question - why would the Royal Mail know the year you moved house?".
Good question.
They wouldn't.
They rely on Equifax to provide identity proofing questions. How do Equifax and the other credit rating agencies get this information? How are they allowed to sell it to Royal Mail and the other "identity providers"?
Royal Mail don't actually do any identity management themselves. That job is farmed out to one of GDS's other "identity providers", GB Group plc, according to Royal Mail's privacy policy: "In order to verify your identity, we will share your information with our partners, GB Group, who will check it against information held on databases maintained by credit reference agencies or fraud prevention agencies, such as those held by Equifax and CallCredit" (para.4.1).
It's the same with the Post Office, who aren't even accredited as "identity providers". Customers who think they're signing up with the Post Office are, behind the scenes, really signing up with Digidentity.
The questions above about the credit rating agencies are unanswered. Here's another one. Why don't GDS explain all this to their parishioners, the users whose interests are supposed to be GDS's only guiding light? Same answer.
-
Wednesday 10th October 2018 23:12 GMT Graham 32
Re: It sucked lemons!
> Genuine question - why would the Royal Mail know the year you moved house?
They have scanners that read the address on every envelope and package be it printed or hand written. When you move home they can redirect your mail automatically to your new address at fairly low cost so I know it won't be a manual system. Anyhow, the scanner systems could record details of everything sent to every address and so a quick query of the database would reveal when your name started appearing on letters for your current home.
And they will be recording all that data. If the promise of some big data analytics isn't enough you can bet the government/GCHQ will have demanded it.
-
Wednesday 10th October 2018 23:35 GMT eldakka
Re: It sucked lemons!
When you move home they can redirect your mail automatically to your new address at fairly low cost so I know it won't be a manual system. Anyhow, the scanner systems could record details of everything sent to every address and so a quick query of the database would reveal when your name started appearing on letters for your current home.
I frequently have mail addressed to me at locations not my current home. For example, when I moved out of my parents home, I didn't go around changing all my postal addresses with all the various companies, as I would have dinner at my parents at least once every month (if not weekly) for years after I moved out, so I could just pick up any mail then from entities who I hadn't bothered to update.
At one point when I was moving frequently (living in group houses etc.), I got a post office box and started using that for all my mail. Therefore for about a decade, through about 15 house moves, I had the same postal address, the PO Box.
Therefore any such automated system as you propose would not have any idea of when I moved house, only when I changed address, which could be years after I'd moved house.
-
Thursday 11th October 2018 09:11 GMT Cuddles
Re: It sucked lemons!
"They have scanners that read the address on every envelope and package be it printed or hand written."
The problem with that is it doesn't actually mean anything. The thing about envelopes with your name on them is that they've been sent by someone else. Someone else who may or may not actually be sending things to the correct person at the correct address. For example, despite having lived in my house for years I still get post for both the previous owners and the ones before them. And the majority of the rest is for Mr The Occupier and Mrs Homeowner, because in these days of paperless bills pretty much everything I get is just junk mail (about 40% from Virgin, the massive cockwombles).
A central government identity system that relies on asking everyone except the person involved to guess who might be in a house doesn't really sound like a great idea.
-
-
-
Wednesday 10th October 2018 16:23 GMT Doctor Syntax
Re: It sucked lemons!
"I started with the Royal Mail, but misremembered the year I moved in to my current house"
There could also be a problem with Royal Mail not knowing the correct house. I discovered that PAF had the address wrong all the time my parents lived here. Off-hand I couldn't say whether I corrected it before or after we moved in.
-
-
-
Wednesday 10th October 2018 15:37 GMT FrogsAndChips
Tried it also last year. Went quite smoothly with RoyalMail, although the photo ID verification was done with low quality selfies that bore little resemblance to my passport picture.
Then SWMBO tried it and failed. Tried again once or twice, making sure the photos were as crisp as possible and matched her passport hairstyle. Fail again. Tried another provider, failed again and gave up.
Gave me zero confidence in their verification process.
-
Wednesday 10th October 2018 15:48 GMT JimmyPage
Estonia ?
Didn't one of the smaller former soviet countries manage to introduce a digital citizens ID which worked and didn't cost too much ?
Mind you, they did have a president who got stuff ... El Reg reported on it years ago (Googles) ....
https://en.wikipedia.org/wiki/E-Residency_of_Estonia
-
Wednesday 10th October 2018 16:17 GMT Len
Re: Estonia ?
Yep, Estonia has something similar
the Dutch have something similar (https://www.digid.nl/en/)
the French have something similar (https://franceconnect.gouv.fr/)
the Swedes have something similar (https://e-legitimation.se/)
the Italians have something similar (https://www.progettocns.it)
etc. etc.
-
Tuesday 16th October 2018 11:04 GMT DigitalWhat?
Re: Estonia ?
All these countries have one thing in common - a national identity register.
Until the UK bite the bullet and do the same, verifying your identity will always be a case of piecing together info from the private sector and the myriad of siloed public sector databases.
Privacy vs Security
-
-
-
-
Thursday 11th October 2018 08:19 GMT Spazturtle
Re: Next
Universal Credit is never going (if it ever does then it will be when we move to Universal Income or when we scrap all benefits), having 1 benefit which scales according to how many 'credits' you have is far more cost effective them having multiple benefits.
The issue isn't UC itself, it is how the government are applying things like sanctions.
-
Friday 12th October 2018 10:25 GMT Cuddles
Re: Next
"Maybe private prisons"
You didn't realise we already have those? The UK has the second highest proportion of people in private prisons in the world (12% of prisons holding 15% of inmates). First is Australia, not the US as might be expected. Obviously the trend was started by the Conservatives back in the '90s, but the current government is actually the first since then in which the number hasn't increased.
-
-
Thursday 11th October 2018 02:43 GMT streaky
Re: Couldn't roll out ...
UK doesn't need an export tax system by definition, and if the import changes all goes tits-up despite the NAO stating pretty clearly that the HMRC is on track (albeit with risks) we can just continue to operate as we are. Even if the WTO rules don't allow it (and they do) we'd be in full compliance by the time the case was heard even if Trump wasn't grinding the entire workings of the WTO to a halt because they forgot security exemptions are a catch-all in the WTO rules.
This simply isn't a thing.
Also by the way it wasn't just oauth anyway, as I'm sure you actually know.
-
Wednesday 10th October 2018 23:47 GMT eldakka
"The days of creating different user names and passwords for every new website are numbered, thank goodness," promised GDS Maximum Leader Mike Bracken* in November 2011.
What's the difference between using a single username/password on a gateway/portal that fronts a dozen different services, vs creating accounts on each of those same dozen services but using the same username/password for each of those dozen accounts? Surely you get the same user experience (only having to remember one set of username/passwords) and same security( one username/password pair for access to a dozen services)? I'd suggest you'd have a superior user experience not using a portal, because in the single-portal version if you accidentally lock your account you've locked yourself out of a dozen services, whereas with the independent (but same credentials) version you'll still be able to use the other 11 services that you haven't locked.
-
Thursday 11th October 2018 02:03 GMT Allan George Dyer
The difference is the security. When you use the same password on a dozen sites, any one of those sites could have poor security, allowing your credentials to be stolen and used on the other 11. With a central authentication service, only one place has your credentials. That place can* be given maximum protection.
*But it could just be outsourced to a bunch of muppets.
Also, with a single user experience across the services, you could educate users about what to expect in "security messages", and therefore make it less likely that people fall for phishing emails.
-
-
Thursday 11th October 2018 07:40 GMT Dan 55
Government verification gateway without the verification
Instead of roping in third parties who ask you the number they're thinking of based on the data they've got which may or may not be right, and are only there at great expense to avoid having actual real civil servants verify that you're you, how about this:
1. You set up an account at the government gateway, filling in your details and saying where you're going to get verified (DWP, council, main post offices).
2. You go to wherever it is and prove your ID.
3. They hit a button confirming that you're you and print out the instructions as to how to proceed from now on including a login code.
4. You go back to the government gateway, log in again with the login code, and follow the instructions to download your certificate.
Just an idea...
-
-
Thursday 11th October 2018 10:04 GMT VBF
I tried to use this awful verify system to get a Pension forecast. The amount of personal information shared with people i don't trust put me right off.
Then I realised that I could phone the DWP and after identifying myself, they would POST (remember that?) a forecast.
To me, the only other use for this verify was to log on to HMRC, and my accountant does that for me so I thought "stuff it!"
As the DVLC also used it, I will be OK until 2025 when my driving licence expires! :-)