The Gateway has long since been seen as end of life – indeed, I’ve been told several times that it has now been “deprecated” (which apparently means that the service should be avoided as it has been or is about to be superseded). Yet it’s still here.
What is happening then?
Two years ago, in November 2011, I wrote a post about the Cabinet Office’s new approach to Identity. Perhaps the key paragraph in that post was “With the Cabinet Office getting behind the [Identity Programme] – and, by the sounds of it, resourcing it for the first time in its current incarnation – there is great potential, provided things move fast. One of the first deliverables, then, should be the timetable for the completion of the standards, the required design and, very importantly, the proposed commercial model.”
There was talk then of HMRC putting up their business case for using the new services in April 2012. The then development lead of Universal Credit waxed on about how he would definitely be using Identity Services when UC went live in April 2013. Oh, the good old days.
DWP went to market for their Identity Framework in March 2012 as I noted in a post nearly a year ago. Framework contracts were awarded in November 2012.
Nearly five Gateway development cycles later, we are yet to see the outcome of those – and there has been little in the way of update, as I said a year ago.
Things may, though, be about to change
GDS, in a blog post earlier this month, say “In the first few months of 2014 we’ll be starting the IDA service in private beta with our identity providers, to allow users to access new HMRC and DVLA services.”
Nine gateway development cycles later, we might be about to see what the new service(s) will look like. I am very intrigued.
Some thoughts for GDS as they hopefully enter their first year with live services:
Third Party Providers
With the first iteration of the Gateway, we provided the capability for a 3rd party to authenticate someone and then issue them a digital certificate. That certificate could be presented to the Gateway and then linked with your identity within government. Certificates, at the time, were priced at £50 (by the 3rd party, not by government) because of the level of manual checking of documents that was required (they were initially available for companies only). As long ago as 2002, I laid out my thoughts on digital certificates.
There were many technical challenges with certificates, as well as commercial ones around cost. But one of the bigger challenges was that we still had to do the authentication work to tie the owner of the digital certificate to their government identity – it was a two step process.
With the new approach from the Cabinet Office – a significantly extended version of the early work with multiple players (up to 8 though not initially, and there is doubtless room for more later) but the same hub concept (the Gateway is just as much a hub as an authentication engine) – the same two step process will be needed. I will prove who I am to Experian, the Post Office, Paypal or whoever, and then government will take that information and match that identity to one inside government – and they might have to do that several times for each of my interactions with, say, HMRC, DWP, DVLA and others. There is still, as far as I know, no ring of trust where because HMRC trusts that identity, DWP will too. Dirty data across government with confusion over National Insurance numbers, latest addresses, initials and so on all make that hard, all this time later.
As Dawn Primarolo, then a minister overseeing the Inland Revenue, said to me, very astutely I thought, when I first presented the Gateway to her in 2001 – “But people will realise that we don’t actually know very much about them. We don’t have their current address and we may have their National Insurance number stored incorrectly“. She was right of course.
Managing Live Service
The new approach does, though, increase the interactions and the necessary orchestration – the providers, the hub and the departments all need to come together. That should work fine for initial volumes but as the stress on the system increases, it will get interesting. Many are the sleepless nights our team had as we worked with the then Inland Revenue ahead of the peak period in January.
End to end service management with multiple providers and consumers, inside and outside of government is very challenging. Departments disaggregating their services as contracts expire are about to find that out, GDS will also find out. There are many lessons to learn and, sadly, most of them are learned in the frantic action that follows a problem.
The Transaction Engine – The Forgotten Gateway
The Gateway doesn’t, though, just do the authentication of transactions. That is, you certainly use it when you sign in to fill in your tax return or your VAT return, but you also use it (probably unwittingly) when that return is sent to government. All the more so if you are a company who uses 3rd party software to file your returns – as pretty much every company probably does now. That bit of the Gateway is called the “Transaction Engine” and it handles millions of data submissions a year, probably tens of millions.
To replace the Gateway, the existing Authentication Engine (which we called R&E) within it must be decoupled from the Transaction Engine so that there can be authentication of submitted data via the new Identity Providers too, and then the Transaction Engine needs to be replaced. That, too, is a complicated process – dozens of 3rd party applications know how to talk to the Gateway and will need to know how to talk to whatever replaces it (which, of course, may look nothing like the Transaction Engine and might, indeed, be individual services for each department or who knows what – though I have some thoughts on that).
Delegation of Rights
Beyond that, the very tricky problem of delegation needs to be tackled. The Gateway supports it in a relatively rudimentary way – a small business can nominate its accountant to handle PAYE and VAT, for instance. A larger business can establish a hierarchy where Joe does PAYE and Helen does VAT and Joe and Helen can do Corporation Tax. But to handle something like Lasting Power of Attorney, there need to be more complex links between, say, me, my Mother and two lawyers. Without this delegation capability – which is needed for so many transactions – the Digital by Default agenda could easily stall, handling only the simplest capabilities.
Fraud Detection and Prevention
Tied in with the two step authentication process I mention above is the need to deal with the inevitable fraud risk. Whilst Tax Credits was, as I said, briefly the most popular online service, it was withdrawn when substantial fraud was detected (actually, the Tax Credits service went online without any requirement for authentication – something that we fervently disagreed with but that was only supposed to be a temporary step. Perhaps in another post I will take on the topic of Joint and Several Liability, though I am hugely reluctant to go back there).
In the USA, there is massive and persistent Tax Return fraud – Business Week recently put the figure at $4 billion in 2011 and forecast that it would rise to $21 billion by 2017. That looks to be the result of simple identity fraud, just as Tax Credits experienced. Most tax returns in the USA are filed online, many using packages such as TurboTax. Tax rebates are far more prevalent in the USA than they are in the UK, but once the identification process includes benefits, change of address and so on, it will become a natural target. Paul Clarke raised this issue, and some others, in an excellent recent post.
The two step process will need to guard against any repeat of the US experience in the UK – and posting liabilities to the authentication providers would doubtless quickly lead to them disengaging from the business (and may not even be possible given the government carries out the second step which ties the person presented to a government identity record, or to a set of them).
We included a postal loop from day one with the Gateway, aimed at providing some additional security (which could, of course, be compromised if someone intercepted the post); removing that (as a recent GDS blog post claims it will), as I imagine will be done in the new process (Digital by Default after all) requires some additional thinking.
Given that “User Led” is the GDS mantra, I have little fear that users won’t be at the heart of what they do next, but it is a tricky problem this time. For the first time, users will be confronted with non-government providers of identity (our Gateway integration with 3rd parties still resulted in a second step directly with government). How will they know who to choose? What happens if they don’t like who they chose and want to move to someone else? How will they know that the service that they are using is legitimate – there will be many opportunities for phishing attacks and spoof websites? How will they know that the service they are using is secure – it is one thing to give government your data, another, perhaps, to give that data to a credit agency? Will these services be able to accumulate data about your interactions with Government? How will third party services be audited to ensure that they are keeping data secure?
Moving On From Gateway
There are more than 10 million accounts, I believe, on the Gateway today. Transitioning to new providers will require a careful, user benefit led, approach so that everyone understands why the new service is better (for everyone) than the old one. After all, for 13 years, people have been happily filing their tax returns and companies have been sending in PAYE and VAT without being aware of any problems. It would help, I’m sure, if the existing customers didn’t even realise things had changed – until they came to add new services that are only available with the coming solutions and were required to provide more information before they could access them; I think most would see that as a fair exchange.
Here’s To The Future then
Our dream, way back on Burns Night in 2001, was that we would be able to break up the Gateway into pieces and created a federated identity architecture where there would be lots of players, all bringing different business models and capabilities. We wanted to be free of some of the restrictions that we had to work with – complex usernames and even more complicated passwords, to work with an online model, to bring in third party identification services, to join up services so that a single interaction with a user would result in multiple interactions with government departments and, as our team strap line said back then, we wanted to “deliver the technology to transform government”.
Thirteen years on there have been some hits and some misses with that dream – inevitably we set our sights as high as we could and fell short. I fully expect the Gateway to be around for another four or five years as it will take time for anyone to trust the new capabilities, for 3rd parties to migrate their software and for key areas like delegation to be developed. It’s a shame that we have gone through a period of some 8 years when little has been done to improve how citizens identify themselves to government; there was so much that could have been done.
I’m looking forward to seeing what new capabilities are unveiled sometime in the next few months – perhaps I will be invited to be a user in the “private beta” so that I can see it a bit quicker. Perhaps, though, I shouldn’t hold my breath.