UK Digital Identity and Attributes Trust Framework consultation response
This is my response to The UK digital identity and attributes trust framework. I work in the IT department of Hackney Council but am commenting here in a personal capacity.
I have filled in the online comment form but, rather than taking the option to engage in a line-by-line response to the consultation document, I have instead taken the option to provide this written response.
In general I was impressed by the level of thought that has gone into the proposal. It covers a relatively broad but well defined area with sufficient nuance but leaving space for more detailed implementation practicalities to be developed in the future. To that end, I strongly encourage the Framework Group to work closely with the Government Data Standards Authority, The ONS Data Quality Hub, The Data Ethics Framework and Cross-Government API Development Community of Practice to feed into a mandatory set of technical standards that companies and other organisations entering into the Framework must follow.
The development of this Framework, as well as similar schemes in countries like Canada, “X-Road” in Estonia and others elsewhere, is a vindication for the many people that have been describing encryption-backed attribute-exchange as a mechanism for both online identity and significantly improved information exchange for many years. There have been many important contributions in that area but I would like to highlight the people who have long investigated this possibility as part of GOV.UK VERIFY, “Doc” Searles for highlighting Vendor Relationship Management in his book ‘The Intention Economy’, as well as David Alexander and others at MyDex for tirelessly promoting the concept of Personal Digital Stores. To a very minor extent I was also involved in this conversation a number of times when I worked at GDS, including at least a couple of occasions with DCMS. It’s good to see those conversations now becoming mainstream. I am very much looking forward to the day when I will be able to change my address in one place that I control and have the organisations that I interact with seamlessly pick up the change.
It is very good to see the discussions around this proposal taking place in the open. I am a strong proponent of the fundamental ideas that lead to the Framework, but I am also very happy to hear that privacy advocate groups including medConfidental, the Open Rights Group, Big Brother Watch and others will be given ample opportunity to provide their own responses to the consultation. My only wish, as I’ve been stating in consultation responses for many years, is that rather than such conversations being made only out of a request for submissions, that instead a forum could be implemented where ongoing conversations could take place, including all interested parties, throughout the policy formation, execution and delivery of the Framework. Such a forum was part of the recommendations provided to GDS by Snook in the 2016 paper on how to improve online consultations.
I look forward to hearing more about the Governance and Oversight body for the Framework and how it will fit in with the existing Digital Identity Strategy Board. In particular I am keen to discover how the members of such a Board might be selected. I strongly advocate it to reflect the GOV.UK Verify Oversight Group that comprised members for government, the private sector, the third sector, academia and — importantly — privacy advocacy groups.
I was impressed by a number of sections in the proposal. Specifically support for the “vouch” system to enable identity verification and attribute exchange for people without traditional documents. Additionally it was very good to see inclusion of the “delegated authority” model to support Lasting Power of Attorney and other “assisted digital” use cases. It was very good to see inclusion of references to the Equalities Act 2010 and known issues in areas like algorithmic bias in facial recognition and other AI related areas. I was impressed by the notion of requiring organisations within the Framework to produce an annual “exclusion report” but I fear that they will be incentivised to simply say everything is okay and that any related enforcement body, such as the ICO, has historically been woefully understaffed and incapable of following up on such reports to see if they are accurate.
I was impressed by the notion of “Schemes” to bring together organisations, or organisation representatives, that could be revolutionised by the mainstreaming of digital attribute exchange. As someone who has recently been involved in the purchase of a new property, there is a huge amount of potential gain in the interchange of information between builders, banks, solicitors, planning organisations, etc.
I am interested to know how the Framework will support those people who, for various reasons, retain multiple valid public identities. It feels like further investigation of the user needs in this area need to be examined and added to the Framework.
I’m very interested in the concept of “scoring” the quality of data attributes but would need to know a lot more about how that would work in practice. Self-reported scores from attribute providers will always be incentivised to be very high and it seems unlikely that at scale there will be enough government oversight to be able to either provide attribute scoring itself or monitor the quality of scoring done by provider organisations.
It was good to see the inclusion of “data minimisation” as a key function of the Framework. There are a number of occasions where only knowing, for example, that the person has a valid address, Leave to Remain or is over 18 fulfills all the required user needs without requiring access to the underlying evidence for those assertions. Implementing a so-called “web of trust” will be a strong component of the Framework.
There is a significant issue that the Framework does not address and that is what counts as a fundamental government produced identity document. Birth certificates, for example, are very often required to be presented as forms of ID but the General Register Office insists that they are “not forms of identification”. The Framework must provide a list on GOV.UK of fundamental identity and attribute documents that it provides. That is, documents where the individual does not need to supply other documents to obtain one — leading to circular requirements where no government organisation fundamentally accepts the responsibility for assuring their own document provision.
I have a number of concerns about leaving the market to provide both platforms for digital identity as well as attribute storage and exchange. The failure of GOV.UK Verify is complex, and very much linked to lack of support from certain government departments, but part of the problem was continual issues with the associated private-sector digital identity providers. The government would need to have very good reasons to believe the same thing wouldn’t happen again. At the same time I have concerns about very large scale digital organisations, such as Amazon, Google or Facebook, offering government-compatible attribute frameworks quickly to large numbers of their existing users, thereby using the existing market dominance to make it very difficult for new small businesses to compete in this space.
Another of the issues encountered by GOV.UK Verify was that relating to different “levels of assurance”. There is no mention of this in the current Framework document. Even if this isn’t something that will be specifically supported by the Framework, it would be valuable to reference how and why it differs from the situation with Verify.
The document is somewhat confused by whether the Framework will also support the concept of attribute stores for businesses as well as individuals. Specifically section 5.1 says “decide if the person or business is eligible for something” but business-specific data is not mentioned elsewhere in the proposal.
The document states that “The trust framework is also central to the Government Digital Service’s work with other government departments to develop a new cross-government single sign-on and identity assurance solution.” I have concerns about both the practicality and timescales for the development of such a service, as a number of government departments are currently mid way through independently developing their own individual identity solutions — rather than working together to create a “government as a platform” component. Again, I wonder what practical levers the implementation stage of the Framework can use in order to steer recalcitrant government departments to focus on a single standard solution.
One of the key oversight processes that must be documented in full detail as part of the Framework must be those which relate to government organisations being able to use warrants to examine individuals’ attribute stores without their knowledge. I fully acknowledge that there are valid occasions when the police and other government organisations have valid reasons for doing this. However, while the transaction record visible to the individual may not be updated, it is vital that there is a transaction record somewhere that is and that it is available for later oversight. The mechanism for logging both user visible and non-visible transactions seems likely to be an implementation of distributed ledger technology (blockchain) — one of the few times that is an appropriate use of that technology in government. Associated with this it is very important that the Framework include details of the Oversight Board that will provide the regulations on how this will work as well as the circumstances in which individuals can request access to the hidden log of who has accessed their information. I strongly suggest this is developed in conjunction with the judiciary and the Ministry of Justice.
Without the potential of very significant penalties, organisations within the Trust Framework will be incentivised to store, reuse and share information gathered from individuals’ personal data stores. As legislation is derived from this policy I urge that it will contain criminal as well as civil proceedings for such violations of trust that are severe enough to act as a significant deterrent. This is especially important for a nascent technology that relies very significantly on public trust. Any early media revelations of bad actors in this space could significantly impact the roll-out of the Framework. In the same vein it is vital that the government improve the way it communicates about how information gathered from such personal data stores is shared both within and between government organisations. It is still unfathomable how in 2021 there is still no single location for the storage and searching of Data Sharing Agreements and this significantly increased flow of individuals’ data between systems will only increase the need for a much improved way of enabling people to understand how their data is used and shared.
I’m very keen to hear how this work will continue to develop and would appreciate continued work in the open by all concerned. There are many potential methods for doing this including a dedicated Twitter account, regular blog posts, week-notes, show and tells, email lists for interested parties, etc. I hope to see one or more of those emerge as the Framework continues to evolve towards legislation and delivery.
Finally, while I am currently perfectly content in local government, this is an area of keen interest for me so as this work, in time, moves into the implementation phase, I shall keep a look out for relevant positions opening up, as it is one of the few things that would significantly tempt me to return to central government.
Thank you for a high quality first draft of the Framework. I very much look forward to staying up to date about the work as it continues.