Feeds

IPS finds no nuggets in ID checking goldmine

Claims targets exceeded, but fee income tiny

Gartner critical capabilities for enterprise endpoint backup

Government plans to position the Identity & Passport Service as the UK's de facto identity services broker seem not to have entirely caught the imagination of the private sector, figures in IPS' annual report and accounts suggest. Although IPS recruited 44 new customers for its Passport Validation Service (PVS), income from this for the year ending March 2008 was only £357,000.

The PVS could be viewed as a kind of blueprint for the future identity verification regime envisaged by the government, and stems from IPS' strategic switch from a document-centric to a person-centric organisation. Previously, the UK Passport Service issued passports and kept track of them, now the new-look IPS keeps track of individuals and issues identity documents to them. It accesses government and commercial databases in order to help build 'biographical footprints' for them, and sells ID verification services in the shape, currently, of the Passport Validation Service.

But from the point of view of verification, it's a mouse. The PVS can be used by financial service companies or employers to confirm that a passport is genuine and valid, but that's all they can do with it. In early 2007 the then home secretary, John Reid, claimed 18 customers for the PVS as of January 2007, and shortly afterwards told Parliament that "seven financial services organisations" - which he declined to name - used the PVS.

In its business plan, published in April 2007, IPS claimed 80 customers in total, which with the 44 subsequent recruits ought to have meant a total of 124 by March 2008. According to the Home Office, however, the service currently has 43 private sector customers and 20 public sector ones, fewer than it had in March 2007, apparently. Rather than this meaning customers have fled in terror over the past 12 months, however, it seems more likely that that the business plan was over-enthusiastic in tallying up the public sector customers - the leap from Reid's 18 to 80 in a matter of weeks seems, well, implausible.

To put the £357,000 into perspective, the Foreign & Commonwealth Office paid IPS over £3 million for use of passport equipment, while IPS' total income was just under £380 million. Assuming there really are 63 customers now, that would give us an average spend per customer of around £2,000 - not all the customers would have been signed up (it's a subscription service) for the whole year, of course. Income from the service for 2006-7 wasn't, at £312,000, spectacularly different from the 2007-8 figure - oddly, considering that it didn't actually go into operation until the second half of 2006. So are customers using it less, or have the goalposts been moved there too?

Potential private sector partners might well question what the PVS brings to the table apart box-ticking and arse-covering. Once you're signed up for the service you have access to a call centre - you pass on the passport details, then you're told either that it's valid, it's not valid, or it's not valid and you're to hang on to it and forward it to IPS.

It's worth noting here that with this service our person-centric organisation is offering us a fairly limited document-centric service that tells you nothing about the person. It'll detect a forgery because there won't be a record of the passport, it'll detect alterations in the data (e.g. date of birth), and it'll detect lost or stolen passports provided they've been reported. But it won't spot copies, it won't guarantee the person presenting the passport is the owner, and it won't tell you anything about right to work or criminal record.

So the gains for the subscribing organisation are fairly small, and could easily turn into losses if - as seems likely - having a passport validated starts to be viewed as the only proof needed to, say, open a bank account or sign on with an employment agency.

More perspective on the PVS can be had by looking at the way its major public sector customers use it, via the OmniBase system. OmniBase gives government departments access to IPS passport data in order to check details directly via a browser. Departments using the system in this way include the FCO, DWP, HMRC and the Criminal Records Bureau. The FCO doesn't pay for access (it's a special case because it issues overseas passports) while the others pay a flat fee per access. Aside from the ability to access the data directly rather than going through a call centre, however, the system seems similar to that offered to private sector companies, and has similar vulnerabilities.

Potentially all of these departments could be bulk users of the system, but according to IPS they check "when they are suspicious", and the pay per access pricing model means they're unlikely to run checks as a matter of course. That's what's supposed to happen in the government's vision of the ID card future, but clearly its own departments haven't received the message yet. Might we suggest to IPS that it switch to a flat fee, issue passport chip readers to all subscribers and charge annual rental for them? If you're going to build a database state you really ought to have a coherent business plan for it.

The DVLA is likely to be one of the heavier users of OmniBase, in its OmniBase Autocheck form. Autocheck links the DVLA to the IPS systems so that when driving licence applicants fill in their passport number online, the passport can be validated and - so long as it's a new model chipped passport - the picture and signature picked up and used for the driving licence. The IPS accounts don't break out numbers for validation payments from other government departments, but total transactions are in tens of millions. It seems safe to assume that the major ones aren't counted as part of the declared PVS income, and to speculate that income from government checking transactions far outstrips private sector income. ®

5 things you didn’t know about cloud backup

More from The Register

next story
Has Europe cut the UK adrift on data protection?
EU reckons we've one foot out the door anyway
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
'Greenhouse effect is real, but as for the rest of it ...'
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
CIA super-spy so sorry spies spied on Senate's torture scrutiny PCs
That thing we swore blind we never did? About that…
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?