The government takes a modest step towards electronic identity verification.
Almost unnoticed outside the specialist technology press, Britain has taken a step towards abolishing the wet signature in official transactions – and perhaps also the passport-and-utility-bill ritual of authenticating identity every time we enter a new commercial relationship.
The breakthrough is the announcement that a service called Gov.uk Verify is about to become available for public use. Verify is part of the Cabinet Office’s effort to make government services available over the web, the so-called ‘digital by default’ programme. Many solicitors will have encountered this in the form of the controversial initiative to put online the process of applying for lasting power of attorney.
However when it comes to sensitive transactions, digitisation can only go so far. To have legal validity, LPA forms completed on the web are still required to be printed out and physically signed. Gazette readers will not need reminding of the myriad need for wet signatures in transactions. Even the e-conveyancing system being built by the Law Society’s Veyo venture is envisaged as requiring a wet-signature-on-paper stage to meet Land Registry’s requirements.
Serious efforts to replace such processes with a digital signature go back to the dawn of electronic commerce, two decades ago. Electronic signatures are widely used in advanced digital economies such as Estonia and Singapore. The possibility of creating a national e-signature was part of the rationale for the last government’s identity card programme, abandoned in one of the coalition’s first policy announcements.
With much less publicity, it was replaced by a programme called identity assurance, run by the Cabinet Office. This is what is about to go live under the Verify brand. Unlike Labour’s planned national biometric database, Verify is operated by a market of certified ‘identity providers’ who verify individuals’ identities and certify them on demand.
These include commercial credit-checking firms such as Experian. The ‘public beta’ phase of the project, in which individuals will use Verify to prove their identities to a government agency, is due to begin this month.
In contrast to its hubristic predecessor, Gov.uk Verify has arrived with little publicity. This is perhaps because it is relatively uncontroversial – most experts seem to believe that a federated system is the right way to create an electronic identity infrastructure. Notably, even Labour month proposed a five-year programme to create an ‘online federated identity management framework’ rather than a return to a single national identity service.
I suspect also the Cabinet Office has deliberately kept the programme at a low profile, incrementally testing it in low-key services such as administering the Common Agricultural Policy.
A softly-softly development makes a lot of sense: coupled with an ‘agile’ systems methodology it means that technology and processes can be tested and tweaked, and mistakes rectified without ministers being pilloried for U-turns or creating ‘another government computer disaster’. It also avoids the bane of public policy innovation – a system that works in 99% of cases being paralysed while the intractable 1% is sorted out.
But there comes a point when a wider public debate is needed and I would have thought that Verify entering public beta testing will mark that point. Questions of legality and liability spring immediately to mind, not to mention how this all fits with anti-money laundering regulations.
As the front line of today’s paper-based identity management infrastructure, the legal profession will want to be part of that debate.
Michael Cross is Gazette news editor