Welcome to the new Independent website. We hope you enjoy it and we value your feedback. Please contact us here.


Inside Whitehall: The Government is aiming to set the standards for online security

If the project is successful it will not be long before you’ll be able to read your medical records or consult a doctor online

17 October 2012 is a date that sticks in the memory of Mike Bracken, the Government’s digital director. It was the day that perhaps the largest IT project ever undertaken by the civil service went live – and absolutely nothing terrible happened.

Nothing crashed. Nobody’s data was lost. No budget was overspent and nobody was dragged in front of Margaret Hodge and the Public Accounts Committee for a  ritual savaging.

In the troubled history of government and computers, it was a memorable date indeed.

Here is something rather unlikely: Whitehall is actually now getting rather good at IT – and the “Gov.uk” transformation of 15 months ago is some proof of that.

Anyone who has ever clicked on the Government’s official website will have noticed the difference.

Instead of dozens of different sites for every ministerial department and public-sector agency – each with its own different look, way of organising information and individual quirks – there is now just a single portal for everything that the Government does.

It all looks the same, works in the same way – and most importantly, is designed for people who need to use Government services or seek information online but don’t want to be bamboozled by policy documents, ministerial pronouncements or statistical updates.

Behind the scenes, the transformation required building an entirely new architecture for the Government’s presence online that was simple to use, coherent and stable. On the night of switchover it required the redirection of 134,000 individual web pages onto the new system in a matter of hours, while ensuring that the old links still worked.

Perhaps hardest of all, it required behind-the-scenes politics to corral the notoriously independent departments to give up their own digital fiefdoms and embrace a single, unified approach.

But this is just the start. The Government Digital Service (GDS) has now embarked on a project with much wider ramifications which, if successful, will not only have a profound effect on how we, as citizens, interact with the state – but also how we interact online in general.

GDS is seeking a solution to a problem that affects not just Government, but anyone dealing in personal information over the web: how do you know the person you are dealing with online is who they say they are?

Until now, the Government, banks and commercial organisations have all built individual systems of online verification, at significant cost and with varying success. Now GDS are attempting to create a new market for identity verification – underpinned by Government standards – and accessible to the private sector as well. 

It works like this: starting later this year, anyone wanting to use a Government service online (such as renewing a tax disc or passport, filling in a tax return (or, eventually, claiming universal credit) will be asked to set up an identity verification account.

These will be privately provided by companies such as the Post Office, and will involve individuals proving who they say they are by providing information such as their passport number, address, or the last digits of their bank account or mobile phone. Utility account numbers can also be used.

This information is then cross-checked against existing records held by the Government and private-sector credit-rating agencies to verify their identity. Once this is done, the person will set their own user name and password and provide answers to security questions.

The useful bit is that once you have set up your free account you will never have to do so again – and will be able to access any Government service from anywhere in the world simply by logging in.

The idea is that, once this is established, other private-sector organisations such as banks are likely to use the same systems to verify their customers’ identity. So, for example, you may in the future be able to switch bank accounts online rather than in person; apply for a loan; or buy age-restricted items in online stores such as Amazon.

Although at this stage the NHS will not be included, if the project is successful it will not be long before you’ll be able to read your medical records or consult a doctor online.

Such a change obviously carries risks. While theoretically it should make access to our personal data more secure, any loss or theft of that information would have more profound consequences.

But whether we like it or not, more and more things we need to do in life are going to be done online – and it has to make sense for the Government to get involved in setting standards and regulating what is so far an unregulated market. Besides, all the information that we provide to verify our identity is already held in different forms on computer servers across the country  and beyond.

Interestingly, the Cabinet Office Minister Francis Maude claims that such identity verification will be the final nail in the coffin of the need for a national identity card.

But here the argument in favour is less robust. Although the scheme is voluntary, if it is successful it may, in a few years’ time, be impossible to operate a “digital life” without it.

If that’s the case, we’ll simply have created a digital national identity card by default.