Feeds

IPS finds no nuggets in ID checking goldmine

Claims targets exceeded, but fee income tiny

Maximizing your infrastructure through virtualization

Government plans to position the Identity & Passport Service as the UK's de facto identity services broker seem not to have entirely caught the imagination of the private sector, figures in IPS' annual report and accounts suggest. Although IPS recruited 44 new customers for its Passport Validation Service (PVS), income from this for the year ending March 2008 was only £357,000.

The PVS could be viewed as a kind of blueprint for the future identity verification regime envisaged by the government, and stems from IPS' strategic switch from a document-centric to a person-centric organisation. Previously, the UK Passport Service issued passports and kept track of them, now the new-look IPS keeps track of individuals and issues identity documents to them. It accesses government and commercial databases in order to help build 'biographical footprints' for them, and sells ID verification services in the shape, currently, of the Passport Validation Service.

But from the point of view of verification, it's a mouse. The PVS can be used by financial service companies or employers to confirm that a passport is genuine and valid, but that's all they can do with it. In early 2007 the then home secretary, John Reid, claimed 18 customers for the PVS as of January 2007, and shortly afterwards told Parliament that "seven financial services organisations" - which he declined to name - used the PVS.

In its business plan, published in April 2007, IPS claimed 80 customers in total, which with the 44 subsequent recruits ought to have meant a total of 124 by March 2008. According to the Home Office, however, the service currently has 43 private sector customers and 20 public sector ones, fewer than it had in March 2007, apparently. Rather than this meaning customers have fled in terror over the past 12 months, however, it seems more likely that that the business plan was over-enthusiastic in tallying up the public sector customers - the leap from Reid's 18 to 80 in a matter of weeks seems, well, implausible.

To put the £357,000 into perspective, the Foreign & Commonwealth Office paid IPS over £3 million for use of passport equipment, while IPS' total income was just under £380 million. Assuming there really are 63 customers now, that would give us an average spend per customer of around £2,000 - not all the customers would have been signed up (it's a subscription service) for the whole year, of course. Income from the service for 2006-7 wasn't, at £312,000, spectacularly different from the 2007-8 figure - oddly, considering that it didn't actually go into operation until the second half of 2006. So are customers using it less, or have the goalposts been moved there too?

Potential private sector partners might well question what the PVS brings to the table apart box-ticking and arse-covering. Once you're signed up for the service you have access to a call centre - you pass on the passport details, then you're told either that it's valid, it's not valid, or it's not valid and you're to hang on to it and forward it to IPS.

It's worth noting here that with this service our person-centric organisation is offering us a fairly limited document-centric service that tells you nothing about the person. It'll detect a forgery because there won't be a record of the passport, it'll detect alterations in the data (e.g. date of birth), and it'll detect lost or stolen passports provided they've been reported. But it won't spot copies, it won't guarantee the person presenting the passport is the owner, and it won't tell you anything about right to work or criminal record.

So the gains for the subscribing organisation are fairly small, and could easily turn into losses if - as seems likely - having a passport validated starts to be viewed as the only proof needed to, say, open a bank account or sign on with an employment agency.

More perspective on the PVS can be had by looking at the way its major public sector customers use it, via the OmniBase system. OmniBase gives government departments access to IPS passport data in order to check details directly via a browser. Departments using the system in this way include the FCO, DWP, HMRC and the Criminal Records Bureau. The FCO doesn't pay for access (it's a special case because it issues overseas passports) while the others pay a flat fee per access. Aside from the ability to access the data directly rather than going through a call centre, however, the system seems similar to that offered to private sector companies, and has similar vulnerabilities.

Potentially all of these departments could be bulk users of the system, but according to IPS they check "when they are suspicious", and the pay per access pricing model means they're unlikely to run checks as a matter of course. That's what's supposed to happen in the government's vision of the ID card future, but clearly its own departments haven't received the message yet. Might we suggest to IPS that it switch to a flat fee, issue passport chip readers to all subscribers and charge annual rental for them? If you're going to build a database state you really ought to have a coherent business plan for it.

The DVLA is likely to be one of the heavier users of OmniBase, in its OmniBase Autocheck form. Autocheck links the DVLA to the IPS systems so that when driving licence applicants fill in their passport number online, the passport can be validated and - so long as it's a new model chipped passport - the picture and signature picked up and used for the driving licence. The IPS accounts don't break out numbers for validation payments from other government departments, but total transactions are in tens of millions. It seems safe to assume that the major ones aren't counted as part of the declared PVS income, and to speculate that income from government checking transactions far outstrips private sector income. ®

Top three mobile application threats

More from The Register

next story
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.