Analysis The Government Digital Service's troubled identity system Verify has been at the heart of a controversial plan to supposedly track users online in the run-up to Brexit. However, its unlikely role in Brexit preparations may be more about GDS finding an excuse to save the moribund platform than anything more sinister.
Prior to Buzzfeed's recent story claiming Boris Johnson had secretly ordered the Cabinet Office to turn the government's public internet service into a platform for "targeted and personalised information," sources had also told us there were plans underway to track users on Gov.uk via Verify.
"At its most ridiculous I think the plan was to make everyone log in to GOV.UK with Verify so that they can be profiled, monitored, analysed and spammed," said one source close to the matter. "However, more realistically they could probably do a lot of this anyway with the usual browser fingerprinting, cookies, etc that most mainstream sites use."
The supposed reason for all this was related to offering citizens micro-targeted relevant information to their specific needs around Brexit.
The problem is a complete lack of detail as to what exactly the UK government was tying to achieve or the way it was trying to achieve it.
In the Buzzfeed report, the prime minister is quoted as talking about "the next steps on Verify," and how EU exit operations have "tasked GDS with developing — in cooperation with others — a digital identity accelerated implementation plan and I would ask you all to engage in that work urgently."
That does little to illuminate how the plan would work in practice.
Verify has a fairly small number of users across the population, just five million (which would make its role fairly meaningless in any mass data-gathering), while the original point of the system was to avoid having a centralised database. In other words, it's not really designed to "track users".
Neither does the platform appear to be the right solution: members of the public only use it for transactional services with departments: why would they authenticate themselves to simply get information on a government service?
Sources close to one large government department also said they haven't been asked to do anything at all around these "accelerated" plans or Verify.
While an intention to use Verify to "track users" may have been floated, that does not mean it’s possible or is indeed happening.
"This strikes me as a wonk in No 10, maybe [Dominic] Cummings, maybe someone else, throwing an idea out and seeing if it will stick. Of course I can see that they would want to do it, but, at the same time, I can see that it can’t be done," one insider told us.
So how did the broken Verify system end up on the table of EU exit operations? According to another well placed contact, its role in Brexit planning was pushed by the Cabinet Office under its post-Brexit digital and data planning - some of which involve the perfectly reasonable efforts to inform the public about Brexit via the Gov.uk site.
GDS was proposing the government try to tell departments to use Verify over other identity platforms such as the Gateway. By doing so it might revive a £154m failing programme that has been heavily criticised by the Public Accounts Committee, been rated as undeliverable by the Infrastructure Projects Authority, and which is lagging well below its original estimate of having 25 million users by 2020.
One source concluded: "This is really about GDS trying to reignite a broken bunch of technology and using the current situation as an excuse to do that."
A Cabinet Office spokesman sent us a statement: “Ahead of the UK’s departure from the EU on October 31st the Government Digital Service is working to ensure people have the best possible experience when they access GOV.UK services."
All data remains anonymised and no personal data is collected at any point during the process, he added. "All activity is fully compliant with our legal and ethical obligations under the Government’s Data Ethics Framework." This project is not related to the GOV.UK/Verify. ®