IPS finds no nuggets in ID checking goldmine
Claims targets exceeded, but fee income tiny
Government plans to position the Identity & Passport Service as the UK's de facto identity services broker seem not to have entirely caught the imagination of the private sector, figures in IPS' annual report and accounts suggest. Although IPS recruited 44 new customers for its Passport Validation Service (PVS), income from this for the year ending March 2008 was only £357,000.
The PVS could be viewed as a kind of blueprint for the future identity verification regime envisaged by the government, and stems from IPS' strategic switch from a document-centric to a person-centric organisation. Previously, the UK Passport Service issued passports and kept track of them, now the new-look IPS keeps track of individuals and issues identity documents to them. It accesses government and commercial databases in order to help build 'biographical footprints' for them, and sells ID verification services in the shape, currently, of the Passport Validation Service.
But from the point of view of verification, it's a mouse. The PVS can be used by financial service companies or employers to confirm that a passport is genuine and valid, but that's all they can do with it. In early 2007 the then home secretary, John Reid, claimed 18 customers for the PVS as of January 2007, and shortly afterwards told Parliament that "seven financial services organisations" - which he declined to name - used the PVS.
In its business plan, published in April 2007, IPS claimed 80 customers in total, which with the 44 subsequent recruits ought to have meant a total of 124 by March 2008. According to the Home Office, however, the service currently has 43 private sector customers and 20 public sector ones, fewer than it had in March 2007, apparently. Rather than this meaning customers have fled in terror over the past 12 months, however, it seems more likely that that the business plan was over-enthusiastic in tallying up the public sector customers - the leap from Reid's 18 to 80 in a matter of weeks seems, well, implausible.
To put the £357,000 into perspective, the Foreign & Commonwealth Office paid IPS over £3 million for use of passport equipment, while IPS' total income was just under £380 million. Assuming there really are 63 customers now, that would give us an average spend per customer of around £2,000 - not all the customers would have been signed up (it's a subscription service) for the whole year, of course. Income from the service for 2006-7 wasn't, at £312,000, spectacularly different from the 2007-8 figure - oddly, considering that it didn't actually go into operation until the second half of 2006. So are customers using it less, or have the goalposts been moved there too?
Potential private sector partners might well question what the PVS brings to the table apart box-ticking and arse-covering. Once you're signed up for the service you have access to a call centre - you pass on the passport details, then you're told either that it's valid, it's not valid, or it's not valid and you're to hang on to it and forward it to IPS.
It's worth noting here that with this service our person-centric organisation is offering us a fairly limited document-centric service that tells you nothing about the person. It'll detect a forgery because there won't be a record of the passport, it'll detect alterations in the data (e.g. date of birth), and it'll detect lost or stolen passports provided they've been reported. But it won't spot copies, it won't guarantee the person presenting the passport is the owner, and it won't tell you anything about right to work or criminal record.
So the gains for the subscribing organisation are fairly small, and could easily turn into losses if - as seems likely - having a passport validated starts to be viewed as the only proof needed to, say, open a bank account or sign on with an employment agency.
More perspective on the PVS can be had by looking at the way its major public sector customers use it, via the OmniBase system. OmniBase gives government departments access to IPS passport data in order to check details directly via a browser. Departments using the system in this way include the FCO, DWP, HMRC and the Criminal Records Bureau. The FCO doesn't pay for access (it's a special case because it issues overseas passports) while the others pay a flat fee per access. Aside from the ability to access the data directly rather than going through a call centre, however, the system seems similar to that offered to private sector companies, and has similar vulnerabilities.
Potentially all of these departments could be bulk users of the system, but according to IPS they check "when they are suspicious", and the pay per access pricing model means they're unlikely to run checks as a matter of course. That's what's supposed to happen in the government's vision of the ID card future, but clearly its own departments haven't received the message yet. Might we suggest to IPS that it switch to a flat fee, issue passport chip readers to all subscribers and charge annual rental for them? If you're going to build a database state you really ought to have a coherent business plan for it.
The DVLA is likely to be one of the heavier users of OmniBase, in its OmniBase Autocheck form. Autocheck links the DVLA to the IPS systems so that when driving licence applicants fill in their passport number online, the passport can be validated and - so long as it's a new model chipped passport - the picture and signature picked up and used for the driving licence. The IPS accounts don't break out numbers for validation payments from other government departments, but total transactions are in tens of millions. It seems safe to assume that the major ones aren't counted as part of the declared PVS income, and to speculate that income from government checking transactions far outstrips private sector income. ®
Sponsored: Network DDoS protection