Government Gateway At Nearly 19

Work on the new new Government Gateway started this time nearly 19 years ago. Here’s a picture from July 2000 showing how we thought it might all work – at the time the Inland Revenue was looking to extend an existing EDIFACT solution (the EDS EbX solution on the right). From the beginning the plan was to join everything up and become the traffic director for all transactions to and from government.

One of the oft-told stories of the development of the Government Gateway is that it took the team only 90 days, from flash to bang, to put the first version live (our MVP if you will). Remember that this was in 2000/2001, when servers had to be bought, installed and cabled up. When code was deployed on actual spinning disks that you could look at. When architects laboured in data centres, working long hours to make everything work.

Here’s another slide, from the same time, showing how we thought the Gateway would handle Self Assessment. Note the “*” in the bottom right that, again, recognises that the “app” (as we would call it today) could be from anyone.

It’s roughly true. There had been an earlier, failed attempt at delivering a Government Gateway, with a contract let by Cabinet Office. There was then a period when a signed entitled “Under New Management” hung on the office door (actually, in the Inland Revenue’s Bush House office) and, with the IR providing funding for a replacement, we went looking for a supplier who could deliver what we wanted. We knocked on a lot of doors and were mostly laughed at: our ambition was too great, no products existed that could do what we wanted, we should stick to email and send forms back and forth and so on.

We landed on Microsoft at about this time of year in 2000. Lots of people had to get involved in governing whether it could go ahead – all the way to Bill Gates at their end and all the way to the Minister of the Cabinet Office at our end. We picked the live date, 25th January 2001, largely because the MCO was Ian McCartney and we thought Burns Night was appropriate. For a month or so the project was even called “Caledonia.” Before that it had been called “Shark” on the basis that, to meet the timeline, it would need to keep moving and never sleep.

The live date was not entirely arbitrary – we were working back from needing to have PAYE live on April 6th 2001, and we knew we needed to launch the first part (registration and enrolment) by the end of January so as to give us time for the next release, the transaction engine which would process the tax forms.

And then, sometime in October, we got the go-ahead, after an independent OGC Gateway review by Andrew Pinder (who, at the time, was not the e-Envoy and who was not even working in government more widely).

Here’s what the homepage looked like when it was launched, on time and on budget, in January 2001.

I’m not writing about this for nostalgic reasons though, I’m writing because I’ve just seen another project launch in UK government that plans to take data from third party software packages and websites and process/transform (in the technical sense) them so that they can be handled in new, yet to be built government systems.

That’s what the Gateway was built to do. And it still does it, nearly 20 years later, for every PAYE form that is sent to Government. Until a few weeks ago, it did it for every VAT form too, though HMRC appears to have gone back to CSV files, abandoning the great work on GovTalk done by others in the Office of the e-Envoy when the Gateway was still a sketch on a piece of paper.

We are in some kind of endless loop where we keep building what’s already been built and proven, “because we’re special” or because “it doesn’t quite meet our needs” or “because it’s not open source” or “because we don’t want to be beholden to a supplier” … and so we don’t make any substantive progress or break any new ground. It’s a stairway to nowhere.

HMRC … you were the future once

No-one should ever read your first draft. Neil Gaiman.

Nearly 20 years ago when I joined the Inland Revenue (years before it became HMRC), the Internet was new in government.  In the IR HQ, there was one PC that had access to the ‘net – via a dial up 28.8k modem if I recall correctly.  Maybe it was 56.6.  You don’t easily forget the noise that such a modem makes as it works its way to a connection.

Not long after, the IR’s email system was shut down for 3 days by a variant of the Melissa virus.  Sometime later, that led us to back some great work by Al Collier, at what became OGC, to deploy MessageLabs anti-virus capability across the whole of the GSI.  Email was never lost again, as far as I know, by anyone so protected.

The Revenue, as they called themselves, had a website.  But that was it.  Indeed, government had a website (open.gov.uk), but that, too, was it.  In the weeks and months that followed, thanks to clear, forward thinking leadership and insightful direction from the Perm Sec (Sir Nick Montagu), the CIO (John Yard) and what would now be called the CDO (Barry Glassberg), Self Assessment went online (remember the £10 rebate to encourage you to file online? And the floppy disc with the “app” on it, replaced at the beginning of the next year with a web app built by Ezgov?), PAYE came next, then Corporation Tax and many other services.

We took hits – despite publishing the need for a maintenance window (to take Self Assessment down) for a few hours on a Friday evening, we made it to above the fold news the following day, when SA was down (when there were, maybe, at best, 10,000 users).  We took flak from the Welsh, Mac using vicar who couldn’t file his tax return (we didn’t do Welsh, didn’t support Macs, and vicars, it turns out, have special tax forms that were not in our initial release; this is not a fable, there really was a Welsh, Mac using vicar that wanted to file his tax return online in 2000).

We built and rebuilt and threw some things away that didn’t;t work.  We ran parallel projects in competition to see what would work and to try and ensure that at least one horse would cross the finish line in time,  Before there was agile, this was agile.

As we worked to put PAYE online, the foundation of it was really the GovTalk standard that the Office of the e-Envoy had already put together (I liked to describe GovTalk as the envelope that you put a letter in, along with the format for the address and the writing inside; the content was yours to figure out).  We worked with dozens of both major and minor software vendors – from Rutherford Webb to Sage through to Oracle – to agree the PAYE XML format that would flow through the Government Gateway (which was in-flight at the same time as PAYE) and into the IR’s systems.  It was detailed work, led mostly by the inimitable and irrepressible Phil Stradling, but it established two important baselines – (1) there would be a single front door into online government services, via the Gateway and (2) the format adopted for all messages through that route would be GovTalk compliant.  Phil was quietly responsible for many firsts in the world of e-government.  I suspect we’ve never thanked him sufficiently for the incredible work he did.

There’s no question that the Inland Revenue (and then HMRC), almost entirely because of John and Barry, led e-government from the front – and were,  I suspect, baffled when other departments got credit for doing a tiny fraction of what they were doing.  They took risks in a world where taking risks was frowned upon. They were the first to put real transactions online (SA, PAYE, CT etc – each of which won awards in its time). They provided the initial funding for the Government Gateway (the vision came from a mixture of IR and HMCE thinking with a very large extra dose from Mark Gladwyn at CITU).  They were the first to get meaningful take-up, from both citizens and businesses – with the Carter review, in 2007, HMRC (as they were by then) became the first department to focus on driving 100% take-up of online services (with the aim of achieving that by 2012; my guess is they hit that, or, at least, got closer than anyone else did by then)

Many years later, I find myself in front of my Mac, painfully rekeying VAT/expenses data from the carefully crafted Excel sheets that I put together a decade ago into the cloud accounting package that, to date, I have only used for sending and tracking invoices.

And, at the same time, I find myself wondering just how far we have progressed.  Or, indeed, if we have progressed at all.

As far as I can tell, the Gateway is still there (my login credentials remain the same, but there was talk that, by now, the Gateway would be replaced – indeed, the website that remained unchanged from 2004 when I left it behind until even a few months ago is now apparently hidden away replaced by a gov.uk front end).

Is the Gateway a dead man walking?  or is it dead?  I hope they gave it a good send off, it served us all well.  Too many awesome people worked on Gateway to mention here; but they know what they achieved, up against the odds.

What used to be a single front end for transactions into government now looks fragmented across dozens of sites.

And what I’m sending to HMRC, from my cloud accounting package (one login), through some bridging software (another login), through the Gateway (yet another login) …

… is a CSV file with the 9 boxes required for the VAT form.

There doesn’t seem to be a GovTalk envelope.

There’s no additional data.

But there is new overhead and new cost.

And yet no obvious benefit … HMRC are getting what they got before … and countless businesses are sending what they sent before, but with more effort.

And, obviously, no Verify … yet if every single company in the UK is going to send their tax returns this way, and as many as 9 million individuals (roughly 50% used to use accountants, perhaps it’s more now) and then 30 million individuals who might want to check their PAYE status … or a few million students who will want to check their student loan (which inevitably ties to PAYE) … this way in is going to become the default, at least for all financial transactions with government (there may be a good case for why NHS has a different way in; I don’t have a particular view).

Clearly there is more underway here and a bigger picture … but it’s not obvious to me that we have advanced at all since achieving the 100% (or near to it) objective perhaps 7 years ago.

Citizen focused?  Joined up?

I’m not sure.  Doesn’t look like it.

GDS Isn’t Working – Part 4 (Verify)

The conclusion to Part 3 (The Reboot) was:


  • Verify – It’s time to be brave and ignore sunk costs (investment to date and contractual exit costs if any) and let this one go.  It hasn’t achieved any of the plans that were set out for it and it isn’t magically going to get to 20m users in the next couple of years, least of all if HMRC are going their own way.  The real reason for letting it go, though, is that it doesn’t solve the real problem – identity is multi-faceted. I’m me, but I do my mother’s tax return, but appoint my accountant to do mins, but I work for a company and I do their payroll, and I counter-sign the VAT return that is prepared by someone else, and I act as the power of attorney for my blind father.  Taking a slice of that isn’t helping.  Having many systems that each do a piece of that is as far from handling user needs as you can get.  Driving take up by having a lower burden of proof isn’t useful either – ask the Tax Credits folks.  HMRC are, by far, the biggest user of the Gateway.  They need citizen and business (big business, sole trader, small company) capability.  Let them take the lead – they did on the Gateway and that worked out well – and put support around them to help ensure it meets the wider needs.

Instead, GDS appear to be doubling down, based on this article in Computer Weekly:

  • GDS speakers at the event encouraged suppliers to use the GaaP tools in their own products, in the hope of widening their use. However, according to guests at the event that Computer Weekly talked to – who wished to remain anonymous due to their ongoing relationships with GDS – GDS was unable to give any guarantees around support or service levels.
  • GDS has now developed a new feature for Verify that allows “level of assurance 1” (LOA1) – a reduced level of verification that is effectively a straightforward user login and password system, which offers “minimal confidence in the asserted identity” of users for low-risk transactions. In effect, LOA1 means the government service trusts the user to verify their own identity.
  • The government has committed to having 25 million users of Verify by 2020, and offering LOA1 is seen as a key step in widening the adoption of the service to meet this target.
This is, though, to miss the point of “What is Verify for?”:

  • The goal isn’t to have 25 million users.  That’s a metric from 1999 when eyeballs were all that mattered.  25 million users that don’t access services, or that sign up for one and never use another service isn’t a measure of relevancy
  • A government authentication platform is instead for:
    • Giving its users a secure, trusted way of accessing information that government holds about them and allowing them to update it, provide new items and interact with government processes
    • Allowing users to act as themselves as well as representatives of others (corporate and personal) with the assurance that there is proper authorisation in place from all necessary parties
    • Putting sufficient protection in the way so as to ensure that my data and interactions cannot be accessed or carried out by people who aren’t me.  In other words, “I am who I say I am” and, by definition, no one else is
What then, if we took away the numbers and the arbitrary measures and said, instead, that the real purpose is to:
  • Create an environment where a first time user, someone who has had no meaningful interaction with government before, is able to transact online and need never use offline processes from that moment on
  • Sixteen year olds would begin their online interaction with government by getting their National Insurance numbers online
  • They would go on to apply for their student loan a couple of years later
  • With their first job they would receive their PAYE information and perhaps claim some benefits
  • Perhaps they would be handling PAYE, or VAT, or CT for their own employer
  • Health information and records would be available to the right people and would move them as they moved jobs and locations
  • Perhaps they would be looking at health information and records for others
  • They would see the impact of pension contributions and understand the impact of changes in taxation
  • Perhaps they would be helping other people figure out their pension contributions and entitlements
  • They might decide whether they can afford an ISA this year
  • In time some would pay their Self Assessment this way
  • Or maybe they would be completing Self Assessments for others
A 2002 Slide


Instead of spot creating some transactions that are nearby or easy, we would seek to change the entire experience that someone has who doesn’t know about government – they would never know that it had been broken for years, that paper forms were the norm for many, or that in 2010 people had to go from department to department to get what they needed.  They would take to this the way a baby learns that you swipe an an iPad screen – it would never occur to them that a magazine doesn’t work the same way.


Along the way, those who were at later stages of life would be encouraged to make the move online, joining at whatever stage of the journey made sense for them.


This wouldn’t be about transformation – the bulk of the users wouldn’t know what it was like before.  This would just be “the way government is”, the way it’s supposed to be.  Yes, in the background there would have been re-engineering (not, please, transformation), but all the user would see is the way it worked, fluidly, consistently and clearly, in their language, the language of the user.

Progress would no longer be about made up numbers, but about the richness of the interaction, the degree to which we were able to steer people away from paper and offline channels, and the success with which we met user needs.  The measure would be simply that they had no need, ever, to go offline.

Verify isn’t the way into this journey.  Verify started out trying to solve a different problem.  It isn’t seen, and wasn’t conceived, as part of a cohesive whole where the real aim is to shift interaction from offline to online.  In its current form, it’s on life support, being kept alive only because there’s a reluctance to deal with the sunk costs – the undoubtedly huge effort (money and time from good people) it’s taken to get here.  But it’s a “you can’t get there from here” problem. And when that’s the case … you have to be brave and stop digging.


If my original take on “What is GDS for” was:

GDS is for facilitating the re-engineering of the way government does business – changing from the traditional, departmentally-led silos and individual forms to joined-up, proactive, thought-through interactions that range widely across government.  It is not, in my view, about controlling, stopping, writing code or religious/philosophical debates about what’s right. It’s job is to remove the obstacles that stop government from championing the user cause.

Then what if GDS took the vanguard in moving government to cater for the user journey, from a user’s first interaction to its last.  A focused programme of making an online government available to everyone.  A way of assessing that “I am who I say I am” is an essential part of that – and starting with a 16 year old with minimal footprint is going to be challenging but is surely an essential part of making this work.  This would be a visionary challenge – something that could be laid out step by step, month to month, in partnership with the key departments.


It can be dull to look backwards, but sometimes we have to, so that we move forward sensibly.  The picture above shows the approach we planned at the Inland Revenue a long time ago.  We would take on three parallel streams of work – (1) move forms online, (2) join up with some other departments to create something new and (3) put together a full vertical slice that was entirely online and extend that – we were going to start with a company because our thinking was that they would move online first (this was in 2000): register the company, apply for VAT and tax status, send in returns, add employees, create pensions etc.


It feels like we’ve lost that vision and, instead, are creating ad hoc transactions based on departmental readiness, budget and willingness to play.  That’s about as far away from user needs as I can imagine being.




As a post-script, I was intrigued by this line in the Computer Weekly report:

GDS was unable to give any guarantees around support or service levels.

On the face of it, it’s true.  GDS is part of the Cabinet Office and so can’t issue contracts to third parties where it might incur penalties for non-delivery.  But if others are to invest and put their own customer relationships on the line, this is hardly a user needs led conversation.  Back in 2004 we spent some time looking at legal vehicles – trading funds, agencies, JVs, spin-offs – and there are lots of options, some that can be reached quite quickly.

My fundamental point, though, is that GDS should be facilitating the re-engineering of government, helping departments and holding them to account for their promises, not trying to replace the private sector, or step fully into the service delivery chain – least of all if the next step in the delivery promise is “you will have to take our word for it.”

Performance Dashboard July 2003 – The Steep Hill of Adoption

With gov.uk’s Verify appearing on the Performance Dashboard for the first time, I was taken all the way back to the early 2000s when we published our own dashboards for the Government Gateway, Direct.gov.uk and our other services.  Here’s one from July 2003 – there must have been earlier ones but I don’t have them to hand:

This is the graph that particularly resonated:

With the equivalent from back then being:

After 4 years of effort on the Identity programme (now called Verify), the figures present pretty dismal reading – low usage, low ability to authenticate first time, low number of services using it – but, you know what, the data is right there to see for everyone and it’s plain that no one is going to give up on this so gradually the issues will be sorted, people will authenticate more easily and more services will be added.    It’s a very steep hill to climb though.

We started the Gateway with just the Inland Revenue, HM Customs and MAFF (all department names that have long since fallen away)- and adding more was a long and painful process.  So I feel for the Verify team – I wouldn’t have approached things the way they are but it’s for each iteration to pick its path.  There were, though, plenty of lessons to learn that would have made things easier.

There is, though, a big hill to climb for Verify.  Will be interesting to watch.

Digital Government 2002 – Doing Something Magical

Now here’s a blast from the past!  Here’s a “talking head” video recorded, I think, in early 2002 all about e-government (I am, of course, the talking head).  Some months later, much to my surprise, the video popped up at a conference I was attending – I remember looking up to see my head on a dozen 6′ tall screens around the auditorium.

It’s easily dated by me talking about increasing use of PDAs (you’ll even see me using one) and the rollout of 3G, not to mention the ukonline.gov.uk logo flashing up in the opening frames and e-government, as opposed to Digital By Default.

But the underpinning points of making the move from government to online government, e-goverment or a Digital by Default approach are much the same now as then:

“The citizen gets the services they need, when they need them, where they need then, how they need them … without having to worry about … the barriers and burdens of dealing with government”

“You’ve changed government so fundamentally … people are spending less time interacting and are getting real benefit”

Lessons learned: get a haircut before being taped, learn your  lines, even when in America don’t wear a t-shirt under your shirt (my excuse is that it was winter).

Government Gateway – Teenage Angst

Tomorrow, January 25th, the Government Gateway will be 13.  I’m still, to be honest, slightly surprised (though pleased) that the Gateway continues to be around – after all, in Internet time, things come and go in far shorter periods than that.  In the time that we have had the Gateway, we rebuilt UKonline.gov.uk with three different suppliers, launched direct.gov.uk and replatformed it some years later, then closed that down and replaced it with gov.uk which has absorbed the vast bulk of central government’s websites and has probably had 1,000 or more iterations since launch.  And yet the Gateway endures.

In 13 years, the Gateway has, astonishingly, had precisely two user interface designs.  In the first, I personally picked the images that we used on each screen (as well as the colour schemes, the text layout and goodness knows what else) and one of the team made ‘phone calls to the rights holders (most of whom, if I recall correctly, were ordinary people who had taken nice pictures) to obtain permission for us to use their images.  If you look at the picture above, you will see three departments that no longer exist (IR and C&E formed HMRC, MAFF became Defra) and five brands (including UKonline) that also don’t exist.

Of course we carried out formal user testing for everything we did (with a specialist company, in a purpose built room with one-way glass, observers, cameras and all that kind of thing), often through multiple iterations.  The second UI change was carried out on my watch too.    I left that role – not that of Chief UI Designer – some 9 years ago.

My own, probably biased (but based on regular usage of it as a small business owner), sense is that the Gateway largely stopped evolving in about 2006.  Up until that point it had gone through rapid, iterative change – the first build was completed in just 90 days, with full scrutiny from a Programme Board consisting of three Permanent Secretaries, two CIOs and several other senior figures in government.  Ian McCartney, the Minister of the Cabinet Office (the Francis Maude of his day) told me as he signed off the funding for it that failure would be a “resignation issue.” I confirmed that he could have my head if we didn’t pull it off.  He replied “Not yours, mine!” in that slightly impenetrable Scottish accent of his.  We had a team, led by architects and experts from Microsoft, of over 40 SMEs (radical, I know).  Many of us worked ridiculous hours to pull off the first release – which we had picked for Burns Night, the 25th of January 2001.

On the night of the 24th, many of us pulled another all nighter to get it done and I came back to London from the data centre, having switched the Gateway on at around 5am – the core set of configuration data was hand carried from the pre-production machine to the production machine on a 3 1/2” floppy disc.  I don’t think we could do that now, even if we could find such a disc (and a drive that supported it).  

The Programme Board met to review what we had done and, to my surprise, the security accreditation lead (what would be called a Pan-Government Accreditor now) said that he wanted to carry out some final tests before he okayed it being switched on.  I lifted my head from the table where I may have momentarily closed my eyes and said “Ummm, I turned it on at 5.”  Security, as it so often did (then and now), won – we took the Gateway off the ‘net, carried out the further tests and turned it back on a few hours later.

Over the following months we added online services from existing departments, added new departments (and even some Local Authorities), added capability (payments, secure messaging) and kept going.  We published what we were doing every month in an effort to be as transparent as possible.  We worked with other suppliers to support their efforts to integrate to the Gateway, developing (with Sun and Software AG, at their own risk and expense) a competitive product that handled the messaging integration (and worked with another supplier on an open source solution which we didn’t pull off).

We published our monthly reports online – though I think that they now lost folllowing perhaps multiple migrations of the Cabinet Office website.  Here is a page from February 2004 (the full deck is linked to here) that shows what we had got done and what our plans were:






The Gateway has long since been seen as end of life – indeed, I’ve been told several times that it has now been “deprecated” (which apparently means that the service should be avoided as it has been or is about to be superseded).  Yet it’s still here.


What is happening then?


Two years ago, in November 2011, I wrote a post about the Cabinet Office’s new approach to Identity. Perhaps the key paragraph in that post was “With the Cabinet Office getting behind the [Identity Programme] – and, by the sounds of it, resourcing it for the first time in its current incarnation – there is great potential, provided things move fast.  One of the first deliverables, then, should be the timetable for the completion of the standards, the required design and, very importantly, the proposed commercial model.”


There was talk then of HMRC putting up their business case for using the new services in April 2012.  The then development lead of Universal Credit waxed on about how he would definitely be using Identity Services when UC went live in April 2013.  Oh, the good old days.


DWP went to market for their Identity Framework in March 2012 as I noted in a post nearly a year ago. Framework contracts were awarded in November 2012.  

Nearly five Gateway development cycles later, we are yet to see the outcome of those – and there has been little in the way of update, as I said a year ago.


Things may, though, be about to change


GDS, in a blog post earlier this month, say “In the first few months of 2014 we’ll be starting the IDA service in private beta with our identity providers, to allow users to access new HMRC and DVLA services.”


Nine gateway development cycles later, we might be about to see what the new service(s) will look like.   I am very intrigued.

Some thoughts for GDS as they hopefully enter their first year with live services:

Third Party Providers 


With the first iteration of the Gateway, we provided the capability for a 3rd party to authenticate someone and then issue them a digital certificate.  That certificate could be presented to the Gateway and then linked with your identity within government.  Certificates, at the time, were priced at £50 (by the 3rd party, not by government) because of the level of manual checking of documents that was required (they were initially available for companies only).  As long ago as 2002, I laid out my thoughts on digital certificates.


There were many technical challenges with certificates, as well as commercial ones around cost.  But one of the bigger challenges was that we still had to do the authentication work to tie the owner of the digital certificate to their government identity – it was a two step process.


With the new approach from the Cabinet Office – a significantly extended version of the early work with multiple players (up to 8 though not initially, and there is doubtless room for more later) but the same hub concept (the Gateway is just as much a hub as an authentication engine) – the same two step process will be needed.  I will prove who I am to Experian, the Post Office, Paypal or whoever, and then government will take that information and match that identity to one inside government – and they might have to do that several times for each of my interactions with, say, HMRC, DWP, DVLA and others.  There is still, as far as I know, no ring of trust where because HMRC trusts that identity, DWP will too.  Dirty data across government with confusion over National Insurance numbers, latest addresses, initials and so on all make that hard, all this time later.

As Dawn Primarolo, then a minister overseeing the Inland Revenue, said to me, very astutely I thought, when I first presented the Gateway to her in 2001“But people will realise that we don’t actually know very much about them.  We don’t have their current address and we may have their National Insurance number stored incorrectly“.  She was right of course.

Managing Live Service


The new approach does, though, increase the interactions and the necessary orchestration – the providers, the hub and the departments all need to come together.  That should work fine for initial volumes but as the stress on the system increases, it will get interesting.  Many are the sleepless nights our team had as we worked with the then Inland Revenue ahead of the peak period in January.

End to end service management with multiple providers and consumers, inside and outside of government is very challenging.  Departments disaggregating their services as contracts expire are about to find that out, GDS will also find out.  There are many lessons to learn and, sadly, most of them are learned in the frantic action that follows a problem.


The Transaction Engine – The Forgotten Gateway


The Gateway doesn’t, though, just do the authentication of transactions. That is, you certainly use it when you sign in to fill in your tax return or your VAT return, but you also use it (probably unwittingly) when that return is sent to government.  All the more so if you are a company who uses 3rd party software to file your returns – as pretty much every company probably does now.  That bit of the Gateway is called the “Transaction Engine” and it handles millions of data submissions a year, probably tens of millions.


To replace the Gateway, the existing Authentication Engine (which we called R&E) within it must be decoupled from the Transaction Engine so that there can be authentication of submitted data via the new Identity Providers too, and then the Transaction Engine needs to be replaced.  That, too, is a complicated process – dozens of 3rd party applications know how to talk to the Gateway and will need to know how to talk to whatever replaces it (which, of course, may look nothing like the Transaction Engine and might, indeed, be individual services for each department or who knows what – though I have some thoughts on that).

Delegation of Rights


Beyond that, the very tricky problem of delegation needs to be tackled.  The Gateway supports it in a relatively rudimentary way – a small business can nominate its accountant to handle PAYE and VAT, for instance.  A larger business can establish a hierarchy where Joe does PAYE and Helen does VAT and Joe and Helen can do Corporation Tax.   But to handle something like Lasting Power of Attorney, there need to be more complex links between, say, me, my Mother and two lawyers.  Without this delegation capability – which is needed for so many transactions – the Digital by Default agenda could easily stall, handling only the simplest capabilities.

Fraud Detection and Prevention


Tied in with the two step authentication process I mention above is the need to deal with the inevitable fraud risk. Whilst Tax Credits was, as I said, briefly the most popular online service, it was withdrawn when substantial fraud was detected (actually, the Tax Credits service went online without any requirement for authentication – something that we fervently disagreed with but that was only supposed to be a temporary step.  Perhaps in another post I will take on the topic of Joint and Several Liability, though I am hugely reluctant to go back there).  

In the USA, there is massive and persistent Tax Return fraud – Business Week recently put the figure at $4 billion in 2011 and forecast that it would rise to $21 billion by 2017.  That looks to be the result of simple identity fraud, just as Tax Credits experienced.  Most tax returns in the USA are filed online, many using packages such as TurboTax.   Tax rebates are far more prevalent in the USA than they are in the UK, but once the identification process includes benefits, change of address and so on, it will become a natural target.  Paul Clarke raised this issue, and some others, in an excellent recent post.

The two step process will need to guard against any repeat of the US experience in the UK – and posting liabilities to the authentication providers would doubtless quickly lead to them disengaging from the business (and may not even be possible given the government carries out the second step which ties the person presented to a government identity record, or to a set of them).  

We included a postal loop from day one with the Gateway, aimed at providing some additional security (which could, of course, be compromised if someone intercepted the post); removing that (as a recent GDS blog post claims it will), as I imagine will be done in the new process (Digital by Default after all) requires some additional thinking.

User Led

Given that “User Led” is the GDS mantra, I have little fear that users won’t be at the heart of what they do next, but it is a tricky problem this time.  For the first time, users will be confronted with non-government providers of identity (our Gateway integration with 3rd parties still resulted in a second step directly with government).  How will they know who to choose?  What happens if they don’t like who they chose and want to move to someone else? How will they know that the service that they are using is legitimate – there will be many opportunities for phishing attacks and spoof websites? How will they know that the service they are using is secure – it is one thing to give government your data, another, perhaps, to give that data to a credit agency?   Will these services be able to accumulate data about your interactions with Government?  How will third party services be audited to ensure that they are keeping data secure?

Moving On From Gateway

There are more than 10 million accounts, I believe, on the Gateway today.  Transitioning to new providers will require a careful, user benefit led, approach so that everyone understands why the new service is better (for everyone) than the old one.   After all, for 13 years, people have been happily filing their tax returns and companies have been sending in PAYE and VAT without being aware of any problems.  It would help, I’m sure, if the existing customers didn’t even realise things had changed – until they came to add new services that are only available with the coming solutions and were required to provide more information before they could access them; I think most would see that as a fair exchange.

Here’s To The Future then


Our dream, way back on Burns Night in 2001, was that we would be able to break up the Gateway into pieces and created a federated identity architecture where there would be lots of players, all bringing different business models and capabilities.  We wanted to be free of some of the restrictions that we had to work with – complex usernames and even more complicated passwords, to work with an online model, to bring in third party identification services, to join up services so that a single interaction with a user would result in multiple interactions with government departments and, as our team strap line said back then, we wanted to “deliver the technology to transform government”.


Thirteen years on there have been some hits and some misses with that dream – inevitably we set our sights as high as we could and fell short.  I fully expect the Gateway to be around for another four or five years as it will take time for anyone to trust the new capabilities, for 3rd parties to migrate their software and for key areas like delegation to be developed.  It’s a shame that we have gone through a period of some 8 years when little has been done to improve how citizens identify themselves to government; there was so much that could have been done.

I’m looking forward to seeing what new capabilities are unveiled sometime in the next few months – perhaps I will be invited to be a user in the “private beta” so that I can see it a bit quicker.  Perhaps, though, I shouldn’t hold my breath.

Identical Transparency

A little over a year ago I praised the team at GDS for their openness (Re-Inventing Government IT, February 2012):

All of these changes are underpinned by an openness and transparency that is incredibly refreshing.  Seeing new starters in GDS blog about what it’s like to work there and very senior people across government blog / tweet / respond to comments has opened up the workings of government – my guess is that the regular audience consists of a relatively small number of geeks but the occasional bursts into the mainstream press so no change in message.  We have done betas and pilots and test versions in UK government before, but never quite in this way.  

As I said at the beginning, with reinvention comes risk. With risk comes the potential for failure. With failure comes interrogation and criticism.  The good news is, I think, that all of the interrogation and criticism will have been done on the inside and posted on blogs long before that point

Since then the gov.uk team have been relentless in their communication – every detail of everything they do is blogged, tweeted or otherwise made public (GitHubbed and beyond).


But there is little sign of that same transparency and relentless communication either in the rest of GDS or, indeed, in the rest of government.  Universal Credit, for instance, has ignored my plea (and that of others) to say more about how things were going (despite an, as yet, never-ending stream of negative press stories). 


Where GDS and UC come together is, of course, in the field of digital identity.


In March 2012, DWP went to market (for the second time), seeking providers who could join an identity framework, specifically to support UC (initially).


Indeed, at the time Mike Bracken (in a blog on the Cabinet Office site), said:

“[This] marks the start of the formal process to create a market of identity services for access to digital public services.” 

Bracken said that using this approach has cut the cost of procuring IDA from £240m to £30m

“Creating a trust infrastructure is an exciting challenge. It is a complicated subject and won’t be delivered overnight,” he wrote in the blog. 

Great things were expected – after all, Government had suddenly saved £210 million (through some substantial sleight of hand and changing of scope it has been said) – and the digital identity market was soon to be real.  UC itself needed the service to be ready in March 2013.
In November 2012, the DWP announced its first seven providers (The Post Office, Cassidian, Digidentity, Experian, Ingeus, Mydex, and Verizon) within the framework and in January 2013, added an eighth (Paypal).
Last week, Computer Weekly let the world know that DWP was putting use of identity services for UC on ice.  DWP in response said:

“The identity provider framework was designed to be available to other government departments, which, like DWP, are also working with the Government Digital Service to develop personalised online services for citizens. 

“In line with government best practice for cross-government services, responsibility for the framework is now being moved to the Government Procurement Service – as we’ve always said it would.”

The latter paragraph is certainly true.   And so is the former.  There was no comment on when,if or whether UC or the DWP would use services from its own framework.
But surely DWP should be the first buyer of services from its own framework?  And looking around government, I am yet to see a queue of other buyers of identity services.  HMRC certainly put its head above the parapet (in June and July 2012) and took a look at a new schema for identity, organising a series of workshops and detailed reviews with dozens of possible helpers (including Rainmaker Solutions, a company in which I am a partner).  But since then?  Deafening silence.
Of course, during the last year, the GDS blog has been alive with reports of the progress, issues, challenges and achievements of the digital identity team.  Hasn’t it?  Well, no, not really.  I mean with a year gone since the procurement started and five months since the award, we must be well past discovery, into Alpha and seeing some betas … ready for UC to be live in March 2013 (or whenever it is going to come along)?
Oddly, it seems not.  The only post I can find recently, dated March 2013, refers to an Alpha with a company that, even more oddly, is not one of the eight on the framework.  Apparently the Alpha “started long before the procurement process for central govt IDA services began”.  Long before?  Can Alphas go on for more than a year?  Doesn’t sound as agile as I had in mind.  There have been 11 GDS blog posts on Identity Assurance in the last year.  Apart from the last one noted above, none mention Alphas or any other tangible progress.  Although there was a nice trip to Washington.
Of course, one of the key tenets that GDS have regarding their agile methodology is that there need not be a roadmap, because that would constrain the process.  So in November when an important first milestone was passed – there was no mention of when the second or third milestones would be reached.

Re-set Identity Assurance: £10 million of funding has allowed us to start the GDS programme to work collectively across Government to deliver identity assurance  solutions for digital transactions. 

Next year we look forward to a faster pace for delivery. While our roadmap is not finalised, and indeed will never be given the agility to which we aspire, we can look forward to some major releases.

So where does all this leave identity in government?
I hear talk only of the Government Gateway’s support contract being simultaneously “deprecated” and re-procured to allow it to continue providing its current services until 2017 or 2018.  That would make it an agile service – designed, developed and delivered in 90 days – still running after 15+ years.  It is, though, time for it to be retired and replaced with more capable services – they are out there, though not in the configuration and complexity that GDS seem to desire.  Government can certainly be the stimulus behind delivery of a marketplace too.  
I hope that we’ll see a transparency identical to that adopted by the gov.uk team from the Identity Assurance team.  You can’t only publish the good news stories, that’s what politicians do.  To be open, you have to be open. The good, the bad; the rough, the smooth; the issues, the challenges; the successes, the failures.  And this looks like a failure.
If it is, let’s get it out there and figure out how to correct it and move ahead.  Proper digital identity will underpin much of what GDS aspire to do, so we need to get it addressed.  The framework providers will be wondering where they point their solutions next, if they even have solutions.  Those who weren’t ready to bid first time around will want to know what their next opportunity is and departments wondering how to get identity done for their transactions are looking for someone to lead the way.