Any day now, if the timetable holds, DWP should announce the winners in their identity procurement. The plan was to create a market of competing identity providers so as to allow Universal Credit claims to proceed with some certainty regarding the person claiming (it’s not as simple as that, but that will do for now).
The procurement was originally released as a £250m, 5 year contract (spread across multiple suppliers) before being pulled a day or so later after Cabinet Office intervention. The revised procurement came out some weeks later for a £25m, 18 month contract (the headlines claimed massive cost reductions; it’s not clear that there are any).
Whilst the aim is to create a market, DWP are not buying a commodity product that exists today. If I want to assert your identity on the Internet I do whatever each site asks me to do – at the lowest level, that’s an email address; at the highest level it can include postal address, credit card number, date of birth and some other details. But the identity I’ve created is relatively unportable (Facebook connect notwithstanding). Being trusted by my bank does not make me trusted by the government (and vice versa).
The government wants to change that. DWP are, as Cabinet Office say, “the first cab off the rank” but they will be followed by others (HMRC are discussing their approach with the market and will perhaps issue a procurement later this year or early next year).
I was reminded of the challenges of creating a market by this graph in a recent issue of Fortune magazine.
It shows how in the 60s, the US military essentially funded the microchip business by buying up the vast bulk of their products. As the market grew – and consumer products began to use chips – the portion of the market supported purely military purchases fell. And so everyone carries a smartphone, a tablet and, if they want, their fridge can surf the web whilst figuring out what dinner might be.
The trouble is, DWP aren’t creating a market that way – they’re promising some funds (and we don’t know how much yet) to several vendors (we don’t know how many yet) for a short period without saying how many customers there will be for Universal Credit (and, given the history of this kind of thing, you’d be forgiven, I think, for guessing that rollout will be slower and longer than expected).
And yet suppliers entering this market are building, largely from scratch, the capability that government needs – because government, being government, inevitably has some onerous and entirely bespoke requirements that mean that whatever is already out there won’t work just as it works not and so will need customisation (and sadly not configuration).
Now, if HMRC speedily come along and have the same requirements as DWP, the volume of customers will increase. And if other departments – http://www.gov.uk for instance – say that they want to play too, then all might still be rosy. And if the private sector picks up on this and wants to make use of the same, then things really will be impressively rosy.
But it’s unclear how it’s all going to work. If you bid, and win, DWP identity, will you even need to compete to provide identity to HMRC? It’s hard to see why you would need to – if you have UK citizens with identities in your system that were triggered by DWP, they are just as likely to be needed by HMRC (or any of the other departments). Will the private sector want to use the same identities – after all, government will not validate the identity in any way (that is, if I successfully transact with DWP, my identity doesn’t get an additional stamp saying “DWP trusts me”?)
Government is certainly seeding this market which is a good thing. It’s looking for the market to provide solutions, also a good thing. The mechanisms for how this will all work are still being defined and there is plenty that could still go wrong. Fingers crossed it doesn’t, this is important stuff.
With funds being disbursed by government (unlike existing online services such as self assessment) there will be a reason to hack into the systems. As well as other issues listed there is the question of who carries the loss from fraud. Most individuals do not have secure storage for their existing identities, witness the losses of the payment/credit card industry. I see little sign of thinking \”how will it go wrong,\” and who will be responsible.
There's a bit of a track record with funds being disbursed and online services – look up what happened with tax credits for instance.DWP are, as far as I know, carrying the liability themselves this time round; HMRC are saying that they won't carry it but I haven't seen how they propose it is managed (nor what the cost of carrying it in either case is).Plenty to go wrong, I agree. I'm sure they have people working on those scenarios; we'll have to wait and see perhaps.
I'm all for your government going at it to create a free online market, but how they're planning to layout the whole thing is rather… tipsy, at the very least. If they can't entirely get the terms defined then they might as well let the real experts handle it.