Feeds

Verizon, Experian and pals bag £25m to inspect Brits' identities for UK gov

And yet, no sign of PayPal

Top three mobile application threats

The first private companies to win UK government contracts to verify Brits' identities online have been named. And PayPal is absent from the list despite being in the running for a slice of the £25m pot of public cash.

Credit agency Experian, the Post Office, Brit upstart Mydex, Verizon and crypto biz Digidentity have now inked deals to deliver the first "live services", the Cabinet Office's Government Digital Service team said in a blog post this morning.

The firms promise to provide a way for citizens to securely prove who they are when logging into government websites. The GDS explained:

The identity assurance service will enable people to assert their identity online safely and securely, and allow government to be confident that users of online services are who they say they are.

We are pleased that these suppliers have chosen to invest in this phase of the programme and work with government to create this new market. We will now be working closely with those that have signed, who represent the range of types of providers needed to make online identity provision a success.

eBay-owned PayPal was in the running for a contract, but for now will not deploy its tech. Two other suppliers, Ingeus and Cassidian, did not bid for contracts after initially showing an interest.

The Register asked the Cabinet Office to comment on the absence of the aforementioned trio. A spokesman said: "We can’t speak for these suppliers, but they have decided not to participate for the time being. This doesn’t mean that they will not participate in the future."

As for the identity assurance (IDa) system, El Reg understands that the first trial of the tech will be used by company car drivers and employers filling in P11D staff expenses forms for HMRC.

In recent months, it has become clear that the Department for Work and Pensions' crisis-hit Universal Credit system would not be the first to use the ID assurance service as was originally planned.

Instead the five providers who have bagged the contracts will be involved in the first prototype, which is expected this autumn. It's expected to test how company car users will be able to choose between the suppliers within the IDa system.

It's less clear at this stage if additional government services will be authenticated in the same trial.

It's a much simpler test for a specific kind of user, which should mean that the authentication process is completed quite quickly. But it also points to another failure for Universal Credit: our source said that the DWP's one-dole-system-to-rule-them-all was unlikely to be in the initial wave of ID services that go online. Whitehall, when questioned, agreed.

The Cabinet Office told El Reg late last month:

IDa is not participating in the Pathfinder phase, but Universal Credit remains part of the future delivery plans for the cross-government IDa Service in development at the Cabinet Office.

It also confirmed to us that the IDa framework would currently use existing data protection law.

We are pleased to have developed an IDa solution that can be implemented without new legislation. Both the IDa Programme and our Privacy and Consumer Advisory Group will regularly assess whether future legislation is required as the service iterates and scales.

In the meantime, the IDa Programme will work with end users, government colleagues and industry partners to deliver IDA within the framework of existing legislation.

The original tender document, dated March last year, called for 44 ID providers to bid for government contracts. It said that the system would be "fully operational" from spring 2013. ®

SANS - Survey on application security programs

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
Reprieve for Weev: Court disowns AT&T hacker's conviction
Appeals court strikes down landmark sentence
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.