Data and securityCyber SecurityOnline activity could be used by Verify service

Online activity could be used by Verify service

Social media activity could be used to assist identity authentication in the GOV.UK Verify service following successful testing

Social media activity could be used to assist identity authentication in the GOV.UK Verify service, after a project by the Open Identity Exchange (OIX) was completed.

The project, which was carried out on behalf of the Government Digital Service (GDS), is part of a move to increase GOV.UK Verify’s demographic coverage.

In a blog post, the GDS said that it has been looking at projects that consider the use of different sources of activity history when proving an individual is who they say they are. This is because adding more data sources and a choice of methods will open up GOV.UK Verify to more people.

The post explained that there five different elements involved in identity verification, and a chosen certified company has to achieve specific thresholds in each one before they can verify an identity. Although the creation of many online accounts does not require details of a real identity at the point the account is set up, the accounts themselves are potentially a useful source of evidence that an identity has been active over time. This means the accounts can provide evidence of activity history, as described in the Good Practice Guide 45, under Element E.

 

Testing a hypothesis with the OIX

“Because of this,” the post said, “we recently took part in an Open Identity Exchange (OIX) Alpha project, together with Post Office, Experian, Verizon, LexisNexis and Veridu. The project looked at the online activity (social network data) of users and explored how an individual might release this in order to prove activity related to their identity over time. The project tested the following hypothesis: ‘A service providing online activity verification data allows for assertion of activity history of an individual and contributes to establishing a trustworthy digital identity for access to online services’.”

The project took place between March and June 2016 and consisted of user research where the concept was tested with the user and testing of a service developed specifically for this project. This was a follow on to an OIX project conducted in 2013 that looked at the use of social login data for digital identities.

 

The outcomes

The user research involved 12 one-to-one sessions with users who were taken through the prototype of the user journey where a page allowed them to choose from a number of online accounts to prove their activity history.

The overall reaction to using online accounts such as Facebook, PayPal, LinkedIn and others as part of the process of proving identity was positive.

The younger the participant, the more likely they were to complete the task with ease. Users from the older demographic, while still completing the task, were more likely to raise privacy concerns or to be worried that their data would be used for purposes other than identity verification.

The post added: “Compared to the findings from 2013-2014, our recent research suggests that people appear to be becoming more amenable to using online activity verification and allowing certified companies access to their personal online accounts to acquire a verified identity that gives safer, faster access to government services. Since 2013, there have also been developments in technology that allows for detection of whether the user is a real person or not. With these advancements the activity history of online accounts is much more valuable in an identity verification context.”

Related Articles

Housing associations collaborate around cyber awareness

Cyber Security Housing associations collaborate around cyber awareness

16h Austin Clark
Six top security and risk management trends revealed

Cyber Security Six top security and risk management trends revealed

1w Austin Clark
DDoS Defence Demands a Hybrid Approach

Cyber Security DDoS Defence Demands a Hybrid Approach

2w Guest Writer
NHS Digital joins forces with IBM to beef up NHS cyber security

Cyber Security NHS Digital joins forces with IBM to beef up NHS cyber security

3w Austin Clark
HMRC storing voice ID data 'without consent'

Cyber Security HMRC storing voice ID data 'without consent'

3w Austin Clark
Government’s rapid cloud adoption lacks security (Infographic)

Cloud Computing Government’s rapid cloud adoption lacks security (Infographic)

1m Austin Clark
Combatting the cyber security skills crisis: Retraining could help public sector digital transformation

Cyber Security Combatting the cyber security skills crisis: Retraining could help public sector digital transformation

1m Guest Writer
The need for a strategic approach to cyber security purchasing

Cyber Security The need for a strategic approach to cyber security purchasing

2m Guest Writer