UK.gov admits it was slow to intervene in Verify's abject failure to meet user targets
We might not have signed up users, but at least we created a standard. It only cost £154m...
UK.gov has admitted it was slow to intervene as it failed to meet “overambitious” targets for the adoption of Verify, and has been accused of splashing £154m on creating an open standard for the identity service.
Civil servants were hauled in front of the influential Public Accounts Committee this week to discuss a damning assessment of the Verify scheme that was published by the UK's spending watchdog earlier this month.
Up to 2016, the Government Digital Service was claiming that 25 million people would be signed up to Verify by 2020 – based on current estimates, the real figure will be more like 5.4 million. As of last month, just 3.6 million were verified.
You are saying really that the previous GDS… had not really tuned into what users, in this case the department users, wanted, needed… You couldn’t carry on beating people up and saying, 'Would you please use the service?', because it wasn't right...
Despite acknowledging that some reasons for slow uptake – user demographic and the fact strong nudges can't be used for systems like benefits – should have been predictable, the witnesses attempted to pin the blame on previous leadership teams and other government departments.
"In 2015, we had only 25 live services across the whole of government, yet we were projecting to have 46 more incorporate Verify over the next few years," said GDS boss Kevin Cunnington.
"That has just not turned out to be true. The government has not transformed as quickly as we had hoped; therefore we have seen this reduction in volume."
Civil service chief exec John Manzoni echoed this: "I think the government at the time, back in 2015… were optimistic about the level of transformation that could happen across the services."
Manzoni did accept some portion of blame, saying he "might have been a bit late in the intervening" but did so "quite heavily" in 2016 – and emphasised that soon after the leadership in GDS and the programme was changed.
The new team became "increasingly aware that the volumes simply were hopeless" throughout 2017, when it carried out a nine month review to assess the incentive structure for departments and compare costs with HMRC's existing Government Gateway that many services still use.
Why did you keep plugging at it, when all the users said no?
Committee chair Meg Hillier attempted to sum up Manzoni's point: "You are saying really that the previous GDS… had not really tuned into what users, in this case the department users, wanted, needed… You couldn’t carry on beating people up and saying, 'Would you please use the service?', because it wasn't right."
Both she and Gareth Snell, who led the grilling, expressed exasperation during the hearing, asking why the government hadn't decided to just close the project down, as it had with other past failures.
They didn't exactly get a straight answer, and while both Cunnington and Manzoni managed to admit that "overambitious" targets had been set, they repeatedly tried to wriggle out of quantitative failings by pointing to qualitative successes.
UK.gov withdraws life support from flagship digital identity systemREAD MORE
Namely that it had achieved one of its strategic aims, to establish what Manzoni said was an “internationally acclaimed” set of standards – and that private providers wanted to take over the system from 2020.
"It is quite an expensive standard though, is it not — £154m for a standard?" quipped Snell at one point, adding that at that price he would hope it was internationally acclaimed.
Later in the session, the witnesses were asked about the risk that, now there is a bigger market of identity verification providers, departments might end up using something other than Verify – but the response was that the government only cared about whether the service met the standard.
"What you seem to be saying is that it was over-ambitious at the beginning," said Hillier. "The decision… to have an identity assurance strategy really over-reached in trying to be the provider as well as setting the standards. You are nodding, Mr Manzoni, for the record."
However, the committee expressed some concern that the government wouldn't recoup the money and time invested in establishing the standard – and perhaps to some extent encouraging the growth of the market – once Verify moved to the private sector.
This is because the different identity verification providers have always owned the IP for the identify-checks, and the standard is open – so the government owns only the brand name "Verify".
Asked whether another country or provider would have to pay to use the Verify brand, Cunnington said "we have not had that discussion candidly".
He did say, though, that he was "confident" the independent providers would build up the volume of users and would keep investing in the scheme.
However, the government is still in negotiations for what will happen to Verify when funding shifts to the private sector in 2020, and it is not yet clear how the departments will be able to use Verify, or how much it will cost them. ®
Sponsored: Becoming a Pragmatic Security Leader