Identifying claimants for Universal Credit

It’s been confirmed that, for the October launch, UC will be the first service to use the Identity Assurance Programme to identify claimants.

That means that instead of government having a database of people, claimants will have to ‘assert’ their identity using a range of providers, made up of The Post Office, Cassidian, Digidentity, Experian, Ingeus, Mydex, and Verizon and one other to be confirmed.

Claimants will choose which of these ‘Identity Providers’ to use and they will work with existing online accounts to verify the identity of the person before passing them onto DWP.

Isn’t it all looking wonderful?

Yet another stage in the ongoing process whereby the DWP, Jobcentre plus in particular, disappear off the face of the known planet into a virtual black hole beyond the range of normal human contact, reachable by the public only after engaging in some ridiculous form of snakes and ladders game.  Put one foot wrong and it’s down the snake you go.  Preposterous nonsense and completely out of all proportion to the problem it purports to solve.

This is a data protection nightmare.

Don’t they already know everything about everybody already - its just that under the highly efficient private sector data systems they use they just don’t know how to retrieve the data (or match it up, or ensure its accurate, or understand it if they have retrived it, or what to do with it, or ... etc etc)?

Who are all these bodies?  I’ve only ever heard of Post Office, Experian & Verizon (which just happens to be a USA mobile phone company - how did they get in on the act!?).

More seriously, does anyone know what this means & how it is supposed to work?

The final company is ..... Paypal.

here’s a link to november rightsnet news story on announcement of first 7 providers -

http://www.rightsnet.org.uk/news/story/dwp-announces-providers-for-online-identity-scheme/

and DWP press release -

http://www.dwp.gov.uk/newsroom/press-releases/2012/nov-2012/dwp118-12.shtml

I’m getting past it!  I just don’t see how this is supposed to work.  Is there anything which explains it (preferably in words of one syllable) please?

Does it mean that claimants are meant to choose one of the eight (& how on earth will they be able to make an informed choice?), provide that firm with whatever info. they need to confirm their identity, choose some password or other means of identifying themselves whenever they log on, and log on to that firm’s system whenever they want to contact DWP about their claim?  And of course they then have to hope that a link to their DWP record has been accessed & comes up on their screen.

If that is the case, I do hope that each of the eight will have in big bold letters on their home page a clear link to the page the claimant needs to go to for the identity check & to log in. 

I can’t help wondering whether it wouldn’t be easier for DWP to do the identity check (I believe this can generally be done instantaneously online) themselves & then have a home page on their own system for logging in.

From UKAuthority.com

“Unique” Identity Assurance Programme Focuses on Citizen, Not Government

The government’s pioneering new Identity Assurance Programme focuses on the needs of the citizen, not the bureaucrat, Chris Ferguson, deputy director of the programme, told the latest UKA Live debate.

Unlike the former ID card and database scheme that was “roundly rejected” by the public, the new programme - unique in the world - centres on setting standards and reference architecture allowing government to accept citizen identities in a way that is “simple and convenient for them, as opposed to simple and convenient for us”, Ferguson said.

“The identity assurance approach is about allowing people to choose a provider, to remain in control of their own information, and just [for government] to set the standard that will inform industry standards [and] inform procurement,” he told the panel debate ‘UKA Live: Digital Public Services, Security and Identity Assurance’.

“What we would like to do is take government out of the account creation business, so it is not log-ins or passwords for each individual service or department.”

The desired result was an “identity ecosystem” designed and pump-primed by government but which could eventually also be used to allow people to identify themselves to commercial websites, Ferguson said.

Seven organisations have been successful in gaining a framework contract to develop the programme, namely Cassidian, Digidentity, Experian, Ingeus, Mydex, Post Office Group and Verizon, he said. But in keeping with a general move in government towards shorter, more flexible procurement, the initial framework is only an 18-month contract, so organisations which have not yet joined because they were not convinced it was the right time for them or it was not sufficiently mature would have another opportunity quite soon.

The first part of government to use the system will be the universal credits programme, Ferguson said, but it would soon become a cross-government approach.

Although the programme is being developed by central government, local government is being consulted and councils hope to be able to use it as well as soon as possible, said Geoff Connell, chief information officer of Havering and Newham London boroughs.

“I like the model, I like the fact that people can chose an identity provider they trust, somebody they already have a relationship with,” Connell said. “But for us it is about people being able to join up their identity across different bits of government, and there is an issue at the moment in that we then have to agree to what level we trust the identity that has been assured by one of these providers to come in to our services.

“[Councils] provide lots and lots of different services, it’s very complex, and a lot of those historically have come from a lot of different software vendors… the challenge for us is to join up identities across those silos.”

Once central government launches the service, the local government community will build and adapt their own systems based around this work, he said. But the big issues for councils are when will it be available, and how much will it cost?

“Because if it’s not soon enough I’ve got to build my own and, at the moment, the cost is a big unknown,” Connell said. “I think the standards approach [and] the fact you can have scalability… will all help the cost, but it’s still an unknown.”

Competition within the marketplace should help drive down those costs, as well as bringing other benefits, Chris Ferguson said.

“If you have a framework of identity providers… then as part of that competitive marketplace, they can stay abreast of technology as digital and mobile technology advances,” he said.

“There are various threshold levels of assurance that need to be passed for various transactions, [but] they are the ones competing for the customer to give them the best user journey, to give them the best experience. We are simply a consumer of those assertions of identity, and we pay to play. There will be a unit cost which will be driven down by competition and hopefully will be driven down by technology and scale.”

To succeed the system will require a new level of collaboration between companies such as telecoms firms and banks which normally compete fiercely, but the end goal would be valuable to them all in helping to fight fraud, Ferguson said. To this end the Cabinet Office is helping to fund a US-based umbrella group, the Open Identity Exchange, whose members include Google, Experian and RSA, he said, partly to ensure that “just because [only] seven have been named on the framework, everyone else doesn’t walk away from the conversation”.

A separate marketplace of organisations checking adherence to the new standards would also be needed, such as the existing “tScheme” whose members include BT, IBM, Royal Bank of Scotland and three government departments. “If you are going to have identity providers… those will need to be accredited. Alongside your marketplace of providers you are probably going to need a marketplace of accreditors as well… because asking CESG to do it all is not practical.”

Bill McCluggage, chief public sector technologist at EMC and former UK Government deputy CIO, said suppliers accepted that the new diverse approach would benefit everyone.

“Having something in the hands of one vendor puts you at huge risk,” McCluggage said. “Therefore having that ecosystem and market… competition is healthy; competition drives innovation, competition drives cost advantage to the consumer.”

The system would be complex but similar concepts of collaboration alongside competition had been shown to work already in the financial sector with credit cards that work in any cash machine or across any banking system, he said.

<end of part 1>

Part 2

So much for the citizen - what of identity checking within government? John Stubley, operations director of the Public Services Network at the Cabinet Office, said the intention was to develop a similar digital identity assurance system for public servants, so their log-ins too could be portable across organisations to promote efficiency and partnership working.

“We are working on a common approach,” Stubley said.

“We want to get to the point where you can be in a local district council, log on and your identity will be recognised across the whole of the public sector.”

There would often be a need for even tighter security and checking on the identity of a public servant than a member of the public, for obvious reasons, Stubley said, but the basic concept of multiple solutions aligned with central standards could still be applied.

As well as convenience for the citizen, the new identity assurance programme could save the public sector a lot of money - no small matter these days. Chris Ferguson pointed out that the government’s latest Annual Fraud Indicator estimated that more than £70bn was lost to fraud last year - so anything shaved off that could represent significant sums.

And Geoff Connell, from austerity-blasted local government, had an even starker message about cost: “We can’t afford to conduct any more [services] via face to face; it has to be web… [so] if we lose the trust of our residents and customers, we’re at risk of meltdown.”

Overall, public sector bodies should stop viewing data security as ‘defending the perimeter’ and see it as a complex, organic web of controlling risk and handling the inevitable breaches that arise, the panellists agreed. For more on this, see our further debate reporting on UKAuthority.com:
http://www.ukauthority.com/NewsArticle/tabid/64/Default.aspx?id=3947

And to view the debate in its entirety on UKA Live, see:
http://www.ukauthority.com/Live/tabid/217/Default.aspx

Wow, we’re only a step away from paying for our ebay purchases direct from our [s]budgetting loans[/s] payments on account. That’ll stop the curs buying beer and fags with their social!

Good thinking!

Gareth - Thank you!  Well, I suppose I asked for it - how naive of me to think there might be a straightforward explanation of anything these days! 

I do find Connell’s reference to this being done by organisations people know & trust a bit laughable.  Of the eight, I would say the only one the vast majority of the population will know is the Post Office.  And I’m not sure how much they are generally trusted and - so far as I am aware - they don’t have any major track record on IT systems.  And will people really stand for goodness knows how long in a queue at the Post Office (particularly in the lead up to Christmas) to do this?

They won’t be queuing, it will be online.

But don’t worry, the DWP have told us how much better it will be - “Universal Credit, which will go live nationally in October 2013, replaces the current complicated paper based benefits payment system we have now with a new online application that meets the needs of claimants and employers in today’s digital world.”

And how exactly will claimants provide evidence documents etc to proove their identity to a provider (or to DWP in support of their actual claim)? Will they be expected to scan documents through a portal that can confirm the document is not a forgery etc? Or will providers/DWP resort to good old snailmail or queue at local Jobcentre Plus (or Post Office) - shades of HB ‘verification framework’?

And what happens when their IT system is compromised like TC claims on line were within months or considering the fine handed out to Sony last week?

Shouldn’t someone report UKAuthority.com to the abuse of plain english police?

Reg 33 new C&P Regs - ‘must furnish in such manner as the Secretary of State may determine, such certificates, documents, information and evidence in connection with the claim, or any question arising out of it, as the Secretary of State may require…’ etc etc.

Old-fashioned language that gets us nowhere, other than the SoS may determine what he wants and how he wants it. My money’s on people being told to switch off the PC and get round to Jobcentre Plus with their papers.

Claimants are going to be asked to mess about wih a new system about which no-one appears to know much, but which will be tested and de-bugged in a magical period between April and October, and suddenly everyone will be ready to verify their identity, set up their claim, report changes of circumstances and if self-employed or incurring childcare costs, report their income and costs, all online, all with no problems, no confusion and no delays in this fraud-proof shining modern world.

Sorry, it’s obviously all getting to me….

A bit of big picture stuff.

Essentially it’s about selling your data to private companies.

The initial line will be that those companies will not be able to retain or use your data. However, after a while, those companies will mysteriously identify a number of services they offer which could be appropriate to claimants/people needing further “incentivising” to find work. Those services and people could be seamlessly identified if only the data could be matched. Well, it’s only a small step isn’t it!!! Government will protest at present that this isn’t the intent at all; just like the ESA and PIP assessments won’t eventually be merged because it makes logistic and financial sense. However, I suspect this government has already mapped out this privatisation of DWP functions long term and a tasty government contract won’t be sufficient to keep 7 providers happy unless there is some view of potential further profit in the future.

So, you claim UC and Child Benefit and private companies verify your identify your ID and then link you in to companies selling all manner of things to you and your children. Financial products etc.

The same process cannot then be prevented form impinging on the work of HMRC. Why would it not? (Avoid obvious common sense answers at this point). Having different ID verificiation systems would simply not make sense. We then enter the murky world of private companies holding the personal and tax data of shareholders who may well work for their rivals. A dystopian and entirely avoidable problem but one with which this government is leading us toward inexorably.

Mike

Agree completely

Andrew

Would you like a nice cup of tea?

I agree too.

And as it’s Burns Night I think Andrew needs a large glass of single malt.

As Peter indicates, the issue of how claimants will prove their identity to one of the eight is vitally important.  (It can’t be by taking/sending documents to JC+ or DWP because - unless I’ve misunderstood it entirely - the whole purpose is to get the proof done by one of the eight & DWP will then accept it.)

None of the eight except PO have locations near to population to which papers could be taken so it must be either scanning or snailmail?  It’s bad enough UC being designed around everyone being able to access & use a computer but surely they’re not daft enough to expect everyone to have access to a scanner as well?

I think this is going to lead to people having one over the eight!

(sorry if this is being discussed in a more recent thread ..?)

Identity Assurance is timetabled to start in December for: reporting to DWP changes of address; and in March 2015, for tax credit renewals and UC claims.

It has already been tried out for a Defra service, apparently there were some teething problems.

I find it troubling that thus far, (according to the above site):
“Experian remains the only certified company providing GOV.UK’s Verify system ... “

Don’t worry - it’ll all be fine; after all, all benefit claimants have credit cards, long term addresses, online access, full literacy and numeracy, complete English language skills, etc. etc.

Hmmm once it is in and… not working, we will decide we need a National ID card.

Gareth Morgan - 03 November 2014 02:55 PM

Don’t worry - it’ll all be fine; after all, all benefit claimants have credit cards, long term addresses, online access, full literacy and numeracy, complete English language skills, etc. etc.

I’m not entirely sure that I have all of those Gareth….