Public & Academic/Government/Opinion/ The UK government needs to take digital identity seriously Mike Bracken, the former head of UK Government Digital Service who advises governments around the world on digital transformation, asks for proof that he is, in fact, Mike Bracken. \Public & Academic 'Good news for startups' — UK government launches new Science, Innovation and Technology department By Tim Smith 7 February 2023 Public & Academic/Government/Opinion/ The UK government needs to take digital identity seriously Mike Bracken, the former head of UK Government Digital Service who advises governments around the world on digital transformation, asks for proof that he is, in fact, Mike Bracken. By Mike Bracken Tuesday 16 April 2019 By Mike Bracken Tuesday 16 April 2019 I am Mike Bracken. I am a particular Mike Bracken, not just any Mike Bracken. I’m the one who used to run the UK’s Government Digital Service, then set up a digital function for the Co-op Group, and is now a partner at a consulting firm called Public Digital. I assert those facts here, and you’ll just have to take my word for it that they’re true. You can either believe that I am who I claim to be, or not. But it’s no good me asserting something if you cannot be sure who is asserting it. The same rule applies to transactions made online. Whoever the parties involved, both sides need assurance that their counterpart is who they say they are. The problem might manifest itself slightly differently in different places and circumstances, but the user need is usually the same: how do I prove my identity to a person or an organisation, without having to present myself at their office? For most commercial transactions, proof of identity doesn’t matter that much. Widgets Inc will be happy to sell me widgets, whoever I claim to be. As long as they get paid, that’s fine. For governments, identity is a bigger problem. Governments provide services that citizens can’t get from anyone else. Passports, driving licences and benefits all come only from governments. In the past, all of these services could be obtained by presenting yourself, in person, at a government office (or, in the UK, at a Post Office). In the last 20 years that all changed as society changed. More people just want to access those services the same way they do everything else: on their phone. The systems and processes governments set up to make that possible are known as “digital identity”. Different governments tackle it in different ways. Across Europe, there is a regulation called “Electronic Identification and Trust Services”, usually shortened to eIDAS. The great thing about standards is that they can be used across local, state and international boundaries. That’s what eIDAS aims to bring about. If one country accepts my proof of identity, so can other countries. This is called “Mutual Recognition”. One state will trust another state’s identity system, as long as it complies with eIDAS. It won’t surprise any readers when I say that there’s a difference between identities in most European countries and the UK: most European countries have a government-mandated, and culturally-supported identity card. Establishing identity is actually pretty easy because every citizen has a card from birth. No such card exists in the UK, and there’s no sign of that changing. We are forced to use proxies for identity, such as driving licences and passports, but these are corrupt to a degree. They were never designed to be identity documents, and they’re not that hard to fake. When I was at the Government Digital Service (part of Cabinet Office), we created a service called GOV.UK Verify. It introduced a trustworthy, eIDAS-compliant digital identity, without creating a central government database of people. The task of verifying identity was outsourced to a set of private companies, each of which had to go through rigorous checks to make sure they in turn could be trusted to keep identity data secure. This approach reduces the risk of a catastrophic data breach (such as the one that happened in South Korea in 2017). There’s no single central database waiting to be hacked. Digital identity data is distributed across the network. That’s how the internet was always supposed to work. The good thing about eIDAS is what it enables: services that work for individuals in countries they don’t normally live in. For EU states with workers, employers and citizens constantly moving around, the potential gains are huge. None of this matters for UK citizens if our government can’t, or won’t, take identity seriously enough to invest in making sure that it works for British citizens. Not just when they’re at home, but when they’re travelling abroad. With the UK’s imminent and tragic departure from the EU, those gains are put further out of our reach. Last year, control over UK digital identity policy was moved from the Government Digital Service to the Department for Digital, Culture, Media and Sport. Earlier this year, that department reassigned almost all of its digital identity team to work on desperate last-minute No Deal Brexit arrangements. That shows clearly, I think, how seriously our government takes the issue of digital identity. I assert here, non-verbally, that “I think” that’s true. But it’s up to you to decide whether or not my claim to be me should be backed up by something more trustworthy than that. Related Articles The brave new data-protected world By Carly Minsky Click here to read more We want diverse founders to access the Future Fund By John Glen Click here to read more Scooter startups take to UK streets from early July By Amy Lewin Click here to read more What will it take to save the UK’s startups and scaleups? By Sam Dumitriu Click here to read more Most Read 1 \Healthtech Is Daniel Ek’s new body scanner worth the hype? Sifted tried it out 2 \Venture Capital VC diversity needs to change — and white men need to take responsibility 3 \Venture Capital New €3.75bn European Investment Fund pot to back late-stage VCs 4 \Sustainability Counteract closes £15m fund for carbon removal solutions 5 \Mobility Was the $5bn that VCs plugged into escooters worth it?