Data and securityIs it time the UK public sector adopted self-sovereign identity?

Is it time the UK public sector adopted self-sovereign identity?

Given the recent news about GOV.UK Verify, is now the time to look to a self-sovereign identity programme?

This month, the Government’s GOV.UK Verify scheme has been making headlines after it was announced that central funding for the project will end within 18 months. While it’s far from the end for Verify – responsibility for its development will shift to the private sector – it has caused plenty of people in the govtech arena to question its value.

Some commentators are pointing to Microsoft’s all-singing-all-dancing citizen ID gateway has the potential to glue together Verify, Facebook and so on, while others say creative projects such as the Open Identity Exchange (OIX) digital log-book pilot project, who are working with the London Borough of Tower Hamlets to try and create a digital ID for people who don’t typically have digital access. These people are traditionally difficult to interact with digitally, so apart from the social benefits there are potentially great financial benefits for councils.

Others, meanwhile, are pointing out that identity is a universal function that spans government, banking and every other online service that we use. While Verify does attempt to do this, up to a point, ID experts suggest it’s an ‘old technology’ approach, and that the future is one of ‘Self-Sovereign Identity’, being pioneered by organisations such as the Sovrin Foundation.

The self-sovereign concept

Sovrin is a decentralised, global public utility for self-sovereign identity. Self-sovereign means a lifetime portable identity for any person, organisation, or thing. It’s a smart identity that everyone can use and feel good about. Having a self-sovereign identity allows the holder to present verifiable credentials in a privacy-safe way. These credentials can represent things as diverse as an airline ticket or a driver’s license.

Sovrin says this approach will transform the current broken online identity system. Identities will lower transaction costs, protect people’s personal information, limit opportunity for cybercrime, and simplify identity challenges in fields from healthcare to banking to IoT to voter fraud – something all government organisations would surely welcome.

In this ID2020 white paper the fundamental principles are described as:

  • Every individual human being is the original source of their own Identity.
  • Identity is not an administrative mechanism for others to control.
  • Each individual is the root of their own identity, and central to its administration.
  • The role of names, citizenship, licences and other credentials should be distinct.

Converging technologies

Interest in self-sovereign identities have taken a boost mainly because of convergence of few things:

  1. Rise of Blockchain and Distributed Ledger technologies enable creation of truly self-sovereign and open solutions.
  2. As has been much publicised, the amount of data generated by humans is growing exponentially.
  3. The value of personal data is being realised.
  4. Growing numbers of personal data hacks are constantly putting people and organisations at risk.
  5. GDPR requirements are forcing organisations to rethink their position with personal data. In fact, because of the increased hacks and risks of EU fines, some companies are considering getting rid of this “toxic personal data”.

All these things together take us to the brink of major transformation, where organisations are rethinking their approach to managing personal data.

One organisation taking this rethink seriously – and leading the way when it comes to self-sovereign identity at a government level – is British Columbia. It is one of the first governments to pioneer adoption and it’s something we’ll be covering in more detail over the coming months.

In the meantime, a handy resource is the webinar (below) from John Jordan of the British Columbia ID team, who describes the initiative it from a practical, day-to-day perspective, in terms of how it might be adopted by governments for functions like online drivers licence services.

Key points discussed in the webinar include how to develop the legislation required to underpin the technology framework for Identity-enabled digital services, the role blockchain plays and how the key is to approach design models as an Ecosystem, the ‘Decentralised Identity Solar System’.

The webinar also discusses how previous identity approaches resulted in semi-digital versions of the offline paper-based process, resulting in yet more multiple online accounts, an effect greatly exasperated by the many levels of government citizens must interact with to complete one process.

 

What are your thoughts on Verify and/or self-sovereign identity programmes? We would love to hear from you – email us here.

Related Articles

Regulation for the Fourth Industrial Revolution

Data and security Regulation for the Fourth Industrial Revolution

2m Jay Ashar
Organisations are still struggling with GDPR compliance

Data and security Organisations are still struggling with GDPR compliance

3m Jay Ashar
Government and tech industry hold roundtable on IoT security

Cyber Security Government and tech industry hold roundtable on IoT security

3m Jay Ashar
New Army cyber operations centres for MOD

Cyber Security New Army cyber operations centres for MOD

3m Jay Ashar
Competing priorities biggest roadblock to cybersecurity

Cyber Security Competing priorities biggest roadblock to cybersecurity

3m Jay Ashar
Cybersecurity is a market for lemons

Cyber Security Cybersecurity is a market for lemons

3m Bernard Parsons
Data breach by Scotland's largest local authority

Data Protection Data breach by Scotland's largest local authority

3m Jay Ashar
Compulsory cyber awareness training for Cardiff council staff

Cyber Security Compulsory cyber awareness training for Cardiff council staff

3m Jay Ashar