UK government unveils digital identity plans based on wallet tech
The UK’s government has unveiled a trust framework for its proposed digital identity system.
Conservative MP and minister for digital infrastructure, Matt Warman, led the policy paper and calls it “a first stage industry prototype”.
He also cites Canada, Australia, Sweden and New Zealand – countries taking similar approaches to digital identity as the UK – as inspiration.
The UK government plans to test its “alpha” framework with “services, industries, organisations and potential users”, before unveiling the final version for mass consumption.
According to 2015 Open Identity Exchange data, the UK spends up to £3.3 billion each year on manual, offline identity proofing.
“Digital wallet” vision
The framework presents two main forms that a digital identity could take, based on two different uses: in-store and online.
In-store (or simply face-to-face), it would work like a digital wallet. A person would store their approved attributes – what the government is calling personal details – on a “personal data store app”.
But instead of presenting all their details in one go, the government says the app could use QR codes. That way, ID-checkers only have to scan the relevant information, and individuals don’t have to over-disclose personal details.
“In the same way that we use bank cards to authorise payments, digital identities will let us authorise the release of trusted information about ourselves,” the framework reads.
As for online, the paper says a person “would securely sign in to [their] identity service provider and authorise them to release appropriate information to the organisation”.
Being the framework only, the proposed system will require software providers to make these products work and render them available en masse.
The government puts these providers into two buckets: attribute service providers or digital wallet makers, and identity service providers which proof and verify users’ identities.
“Trust mark” and point systems
The paper says “a governing body chosen by the UK government” will implement the UK’s digital identity “trust framework”.
This body will, among other powers, be able to decide “how to onboard, suspend, remove and reinstate” people’s digital identities living in the UK.
Each digital identity provider will get “a trust mark” after receiving approval to handle individuals’ data.
The idea is that “relying parties”, such as airlines, banks and retailers, don’t have to check users’ identities themselves. Instead, they can use the private companies providing the digital wallets and identity proofing.
When these private firms are checking individuals’ various “attributes”, they can score them numerically from zero to four.
Zero means unverified, whereas one means that an attribute is backed by one piece of evidence. Two means the attribute has an “authoritative source” behind it, as well as multiple pieces of evidence. Three counts for two authoritative sources and stronger evidence. Four means the checker themselves is the authoritative source.
Evidence is also scored out of four, which then informs the overall rank. All scores are then recorded in the attribute’s metadata, according to the policy document.
This means a person’s different identity details will essentially hold individual legitimacy rankings. This will be based on the companies approving them and the evidence provided.
Inclusion – too little, too late?
The government will require all related vendors to publish reports detailing demographics they have excluded from their services and why. The paper says this is in an effort to highlight potential “inclusivity problems in their products”.
It points out that technologies such as facial recognition still carry inherent racial bias. It says checking a credit reference agency database alone would be discriminatory against those without a credit file – which often include immigrants.
“Our aim is for digital identities to be available for anyone who wants one, including those without traditional identity documents,” the government says.
In recent years a Conservative party government under Theresa May found itself in the centre of an identity-related scandal. The Windrush Scandal centred on discriminatory immigration policies passed under Conservative leader David Cameron in 2012.
It saw Commonwealth citizens who had arrived in the UK in the 1950s detained and deported due to a lack of identity documents. It was found these citizens had a right to settle in the UK under The British Nationality Act of 1948. The scandal led to the resignation of then-Home Secretary Amber Rudd in April 2018.
To overcome such hurdles, this new framework will allow the use of “vouching”.
This is where “trusted people” within the community, like a doctor or teacher, can “vouch for” people, in place of a passport or driving licence.
Back in May 2020, director general for the Emerging Payments Association (EPA), Tony Craddock, told FinTech Futures: “I bet the current [UK] government wished it had been bolder on digital identity earlier.”
“Many have tried to bring this to the top of the government agenda as it really needs to be funded centrally,” Craddock said. Since the 2006 Identity Card Act failed “totally”, no government has been prepared “to grasp this nettle”, he said.