Data and securityIs it time the UK public sector adopted self-sovereign identity?

Is it time the UK public sector adopted self-sovereign identity?

Given the recent news about GOV.UK Verify, is now the time to look to a self-sovereign identity programme?

This month, the Government’s GOV.UK Verify scheme has been making headlines after it was announced that central funding for the project will end within 18 months. While it’s far from the end for Verify – responsibility for its development will shift to the private sector – it has caused plenty of people in the govtech arena to question its value.

Some commentators are pointing to Microsoft’s all-singing-all-dancing citizen ID gateway has the potential to glue together Verify, Facebook and so on, while others say creative projects such as the Open Identity Exchange (OIX) digital log-book pilot project, who are working with the London Borough of Tower Hamlets to try and create a digital ID for people who don’t typically have digital access. These people are traditionally difficult to interact with digitally, so apart from the social benefits there are potentially great financial benefits for councils.

Others, meanwhile, are pointing out that identity is a universal function that spans government, banking and every other online service that we use. While Verify does attempt to do this, up to a point, ID experts suggest it’s an ‘old technology’ approach, and that the future is one of ‘Self-Sovereign Identity’, being pioneered by organisations such as the Sovrin Foundation.

The self-sovereign concept

Sovrin is a decentralised, global public utility for self-sovereign identity. Self-sovereign means a lifetime portable identity for any person, organisation, or thing. It’s a smart identity that everyone can use and feel good about. Having a self-sovereign identity allows the holder to present verifiable credentials in a privacy-safe way. These credentials can represent things as diverse as an airline ticket or a driver’s license.

Sovrin says this approach will transform the current broken online identity system. Identities will lower transaction costs, protect people’s personal information, limit opportunity for cybercrime, and simplify identity challenges in fields from healthcare to banking to IoT to voter fraud – something all government organisations would surely welcome.

In this ID2020 white paper the fundamental principles are described as:

  • Every individual human being is the original source of their own Identity.
  • Identity is not an administrative mechanism for others to control.
  • Each individual is the root of their own identity, and central to its administration.
  • The role of names, citizenship, licences and other credentials should be distinct.

Converging technologies

Interest in self-sovereign identities have taken a boost mainly because of convergence of few things:

  1. Rise of Blockchain and Distributed Ledger technologies enable creation of truly self-sovereign and open solutions.
  2. As has been much publicised, the amount of data generated by humans is growing exponentially.
  3. The value of personal data is being realised.
  4. Growing numbers of personal data hacks are constantly putting people and organisations at risk.
  5. GDPR requirements are forcing organisations to rethink their position with personal data. In fact, because of the increased hacks and risks of EU fines, some companies are considering getting rid of this “toxic personal data”.

All these things together take us to the brink of major transformation, where organisations are rethinking their approach to managing personal data.

One organisation taking this rethink seriously – and leading the way when it comes to self-sovereign identity at a government level – is British Columbia. It is one of the first governments to pioneer adoption and it’s something we’ll be covering in more detail over the coming months.

In the meantime, a handy resource is the webinar (below) from John Jordan of the British Columbia ID team, who describes the initiative it from a practical, day-to-day perspective, in terms of how it might be adopted by governments for functions like online drivers licence services.

Key points discussed in the webinar include how to develop the legislation required to underpin the technology framework for Identity-enabled digital services, the role blockchain plays and how the key is to approach design models as an Ecosystem, the ‘Decentralised Identity Solar System’.

The webinar also discusses how previous identity approaches resulted in semi-digital versions of the offline paper-based process, resulting in yet more multiple online accounts, an effect greatly exasperated by the many levels of government citizens must interact with to complete one process.

 

What are your thoughts on Verify and/or self-sovereign identity programmes? We would love to hear from you – email us here.

Related Articles

Cyber security is about much more than technology

Cyber Security Cyber security is about much more than technology

21h Austin Clark
Five questions you need to ask about your capture workflow

Data and security Five questions you need to ask about your capture workflow

1d Austin Clark
Councils ‘need to do more to unlock full potential of data’

Data and security Councils ‘need to do more to unlock full potential of data’

5d Austin Clark
New board for Centre for Data Ethics and Innovation

Data and security New board for Centre for Data Ethics and Innovation

3w Austin Clark
Q&A: How cyber security is changing in the public sector

Cyber Security Q&A: How cyber security is changing in the public sector

1m Austin Clark
NHS data sharing – creating the frameworks for better patient care

Data and security NHS data sharing – creating the frameworks for better patient care

2m Guest Writer
NCSC defends UK from more than 10 cyber attacks a week

Cyber Security NCSC defends UK from more than 10 cyber attacks a week

2m Austin Clark
GDS clarifies private sector access to GOV.UK Verify

Cyber Security GDS clarifies private sector access to GOV.UK Verify

2m Austin Clark