The Verify Delusion

Verify, the self-declared “new way for you to prove who you are online, so you can use government services safely”, seemingly crossed 4m users in April, and has since (as of 2/8/19) climbed to nearly 4.7m.

We know little, though, about who is using the “20” available services or what they are doing with them.
We do know, for instance, that Self Assessment returns are still filed, in the majority, by users with a Government Gateway ID.   The recent NAO report says that only 4% of HMRC’s users route through Verify.  Verify was supposed to work for everyone, including businesses … but that plan was abandoned, first accidentally and then on purpose.  Gradually then suddenly as I believe Hemingway first said.
We also know that some of the services claimed to be using Verify really aren’t – Defra’s RPA (payments to farmers through an EU scheme) tried to use it, but the experiment failed; stories of problems with Universal Credit’s failed attempts to make Verify work usefully are rife.  More than half of the services can be accessed through other routes, including the Gateway.
We also know – it’s up there in the top right hand corner of the image above – that the success rate is only 49%.  That means, in theory, that more than 9m people have tried to use Verify and as many have failed who have succeeded.  That doesn’t come for free … it’s £20 to sign someone up and £10, I hear, per login thereafter.
£10 per login.  The dashboard, where the graph above comes from, says that 42,000 users are creating IDs each week and 70,000 users are logging (again, we don’t know what they are doing.  Maybe they are seeing if they can do anything with their shiny “new” Verify ID.  One assumes that 42,000 create the ID and login to see if it works and perhaps the other 28,000 are coming back).  That’s £420k/week for new IDs and £700k/week for logins.  More than £1.1m/week.   £57m a year.  Plus costs of operation.
Even with revenues at those levels, it’s not clear if the diminishing number of Identity Providers (IDPs) will stick this out given the “planned” move to the private sector in March 2020.  Some may drop out before then.  Millions of users will have to create new identities, if they see Verify as useful.  Of course, those new IDs won’t be free either.
The same NAO report referenced earlier stated that costs were expected to be £212m (far, far away from the original “we can do this for £25m and save hundreds of millions”) with benefits of £873m; the latter has now been revised down to less than £300m (and that number is doubtless falling given the bulk of it is not direct benefits but a made up calculation of “spend avoidance”).  Some 38% of those costs went to the IDPs.  They haven’t, on the face of it, done badly, but we don’t know the investment they made, or the ongoing costs they incur, nor do we know what their original expectations were in terms of cost and return.

The clearest evidence of delusion is when if there’s nothing to say, you still feel the need to say something. This piece, on the GDS blog, this week, filled that gap in the evidence.

When a tax return is filed online through the Self Assessment service, HM Revenue & Customs (HMRC) need to confirm a user’s identity. One way users can prove they are who they say they are online is via the government’s identity assurance platform, GOV.UK Verify. The other route is through Government Gateway. 

This year, HMRC saw their highest online Self Assessment peak. This refers to the rush in tax returns that occurs as the deadline of midnight 31 January approaches, usually from the start of the month onwards. 

We prepared for this anticipated demand by working closely with HMRC, learning from previous years and keeping up regular contact. All this work allowed us to help HMRC with their busiest Self Assessment peak and highest number of tax returns made online.

Yes, that’s right.  It was the end of July and GDS were crowing about how they had helped HMRC deliver the highest ever volume of Self Assessment returns online.  That highest volume comes in January – it always has done (in the past there was a paper peak in September, but January is the crunch month).  I’ve been there – I used to stay up nights as the peak approached as we made sure everything worked, for both HMRC and the Gateway.  We worked very closely together.  But, of course, HMRC say that Verify accounts for less than 4% of customer usage.  That suggests that 96% is via the Gateway.  That’s some peak you’re managing with Verify.

(In other news, the Titantic hit an iceberg, people landed on the moon, DotCom stocks boomed and busted … you get it)

What happens now?  Does it go to the private sector?  If you ran a business, would you take on a service that fails to fulfil the user need of half of the people who use it?  If Facebook turned away 50% of its users, would people use it?  If you tried to connect to your bank and half the time they decided you weren’t who you said you were, would you switch banks?

Perhaps more importantly, if you were paying for this, ahem, service, would you?  It’s trite, but you are paying, in so many ways.

Failed project? Check.  Top 10 reasons for failure fulfilled? Check.  Sunk cost fallacy?  Check. Spin machine out of control?  Check. Deluded? Check.

I last wrote about a longish piece about Verify two years ago today

When Is A Lighthouse The Eye of Sauron?

People working in government, whether in project delivery, policy formulation or deep in operations, know that, occasionally, a bright light will be shone on whatever they’re doing.  They fervently hope that this is the beam of a lighthouse, knowing that, if they’re right, it will quickly move on and allow them to get on with their work without distraction.

The lighthouse can range from a routine update to the programme board, to a Minister seeking a briefing all the way up to a multi-day review by the Infrastructure and Projects Authority.  Such attention distracts key people in the project team and little is done except for that immediate task for a day or a week … but then work settles back to normal and progress continues to be made.

The trouble with government projects, particularly, is that everyone working on every other project is hoping that the light is shining on your project, and not theirs.  Because with every project, there’s a definitively non-zero (and often much higher) chance that it really isn’t a lighthouse.  It is, instead,  the Eye of Sauron (in its Peter Jackson incarnation), firmly locked onto your location and determined to see deep into your soul and seemingly never move on.

Projects that are in trouble get into a loop.  More scrutiny.  More reports.  More status updates.  More approvals.  More checks.  More reviews.  More drives more.  Soon, the only thing being done is looking more closely at what might be done, how it might be done or who might do it and when, not actually doing any of it.  Late projects get later.  Projects losing scope lose even more scope.  Over-spends become extraordinary over-spends.

And then a failed project spawns other failed projects.  There is little to no consequence, individually or collectively, for failure so people on one failed project move on to the next.  And because lessons are written down but never learned, nothing changes, and the next one fails again.  This is one reason why government, today, is full of discovery and alpha stages – if you never commit to a scope or date, you can’t be on the hook for anything.

The Eye of Sauron is, as you’d expect, a sign of impending doom.  But not always.  Some projects carry on – once a rock is rolling down a hill, you’d be a fool to jump in its way. The sunk cost fallacy is, for some, not a fallacy at all, but an explanation for why more needs to be spent.  If we just spend some more we can fix it; we can’t afford to waste everything we’ve spent so far – think of the increased scrutiny if we say it was all for nothing?  Think of the write-off!  The PAC! The NAO! It’s perverse logic but it’s intrinsic.

And then, of course, there are those projects that somehow slip away from Sauron; they somehow endure its gaze, slipping through the shadows.  Some projects have more than nine lives. Zombie projects, wandering the corridors of non-delivery seemingly forever.

Far off the shadows of Sauron hung; but torn by some gust of wind out of the world, or else moved by some great disquiet within, the mantling clouds swirled, and for a moment drew aside; and then he saw, rising black, blacker and darker than the vast shades amid which it stood, the cruel pinnacles and iron crown of the topmost tower of Barad-dûr. One moment only it stared out, but as from some great window immeasurably high there stabbed northward a flame of red, the flicker of a piercing Eye; and then the shadows were furled again and the terrible vision was removed.

GDS Isn’t Working – Part 4 (Verify)

The conclusion to Part 3 (The Reboot) was:


  • Verify – It’s time to be brave and ignore sunk costs (investment to date and contractual exit costs if any) and let this one go.  It hasn’t achieved any of the plans that were set out for it and it isn’t magically going to get to 20m users in the next couple of years, least of all if HMRC are going their own way.  The real reason for letting it go, though, is that it doesn’t solve the real problem – identity is multi-faceted. I’m me, but I do my mother’s tax return, but appoint my accountant to do mins, but I work for a company and I do their payroll, and I counter-sign the VAT return that is prepared by someone else, and I act as the power of attorney for my blind father.  Taking a slice of that isn’t helping.  Having many systems that each do a piece of that is as far from handling user needs as you can get.  Driving take up by having a lower burden of proof isn’t useful either – ask the Tax Credits folks.  HMRC are, by far, the biggest user of the Gateway.  They need citizen and business (big business, sole trader, small company) capability.  Let them take the lead – they did on the Gateway and that worked out well – and put support around them to help ensure it meets the wider needs.

Instead, GDS appear to be doubling down, based on this article in Computer Weekly:

  • GDS speakers at the event encouraged suppliers to use the GaaP tools in their own products, in the hope of widening their use. However, according to guests at the event that Computer Weekly talked to – who wished to remain anonymous due to their ongoing relationships with GDS – GDS was unable to give any guarantees around support or service levels.
  • GDS has now developed a new feature for Verify that allows “level of assurance 1” (LOA1) – a reduced level of verification that is effectively a straightforward user login and password system, which offers “minimal confidence in the asserted identity” of users for low-risk transactions. In effect, LOA1 means the government service trusts the user to verify their own identity.
  • The government has committed to having 25 million users of Verify by 2020, and offering LOA1 is seen as a key step in widening the adoption of the service to meet this target.
This is, though, to miss the point of “What is Verify for?”:

  • The goal isn’t to have 25 million users.  That’s a metric from 1999 when eyeballs were all that mattered.  25 million users that don’t access services, or that sign up for one and never use another service isn’t a measure of relevancy
  • A government authentication platform is instead for:
    • Giving its users a secure, trusted way of accessing information that government holds about them and allowing them to update it, provide new items and interact with government processes
    • Allowing users to act as themselves as well as representatives of others (corporate and personal) with the assurance that there is proper authorisation in place from all necessary parties
    • Putting sufficient protection in the way so as to ensure that my data and interactions cannot be accessed or carried out by people who aren’t me.  In other words, “I am who I say I am” and, by definition, no one else is
What then, if we took away the numbers and the arbitrary measures and said, instead, that the real purpose is to:
  • Create an environment where a first time user, someone who has had no meaningful interaction with government before, is able to transact online and need never use offline processes from that moment on
  • Sixteen year olds would begin their online interaction with government by getting their National Insurance numbers online
  • They would go on to apply for their student loan a couple of years later
  • With their first job they would receive their PAYE information and perhaps claim some benefits
  • Perhaps they would be handling PAYE, or VAT, or CT for their own employer
  • Health information and records would be available to the right people and would move them as they moved jobs and locations
  • Perhaps they would be looking at health information and records for others
  • They would see the impact of pension contributions and understand the impact of changes in taxation
  • Perhaps they would be helping other people figure out their pension contributions and entitlements
  • They might decide whether they can afford an ISA this year
  • In time some would pay their Self Assessment this way
  • Or maybe they would be completing Self Assessments for others
A 2002 Slide


Instead of spot creating some transactions that are nearby or easy, we would seek to change the entire experience that someone has who doesn’t know about government – they would never know that it had been broken for years, that paper forms were the norm for many, or that in 2010 people had to go from department to department to get what they needed.  They would take to this the way a baby learns that you swipe an an iPad screen – it would never occur to them that a magazine doesn’t work the same way.


Along the way, those who were at later stages of life would be encouraged to make the move online, joining at whatever stage of the journey made sense for them.


This wouldn’t be about transformation – the bulk of the users wouldn’t know what it was like before.  This would just be “the way government is”, the way it’s supposed to be.  Yes, in the background there would have been re-engineering (not, please, transformation), but all the user would see is the way it worked, fluidly, consistently and clearly, in their language, the language of the user.

Progress would no longer be about made up numbers, but about the richness of the interaction, the degree to which we were able to steer people away from paper and offline channels, and the success with which we met user needs.  The measure would be simply that they had no need, ever, to go offline.

Verify isn’t the way into this journey.  Verify started out trying to solve a different problem.  It isn’t seen, and wasn’t conceived, as part of a cohesive whole where the real aim is to shift interaction from offline to online.  In its current form, it’s on life support, being kept alive only because there’s a reluctance to deal with the sunk costs – the undoubtedly huge effort (money and time from good people) it’s taken to get here.  But it’s a “you can’t get there from here” problem. And when that’s the case … you have to be brave and stop digging.


If my original take on “What is GDS for” was:

GDS is for facilitating the re-engineering of the way government does business – changing from the traditional, departmentally-led silos and individual forms to joined-up, proactive, thought-through interactions that range widely across government.  It is not, in my view, about controlling, stopping, writing code or religious/philosophical debates about what’s right. It’s job is to remove the obstacles that stop government from championing the user cause.

Then what if GDS took the vanguard in moving government to cater for the user journey, from a user’s first interaction to its last.  A focused programme of making an online government available to everyone.  A way of assessing that “I am who I say I am” is an essential part of that – and starting with a 16 year old with minimal footprint is going to be challenging but is surely an essential part of making this work.  This would be a visionary challenge – something that could be laid out step by step, month to month, in partnership with the key departments.


It can be dull to look backwards, but sometimes we have to, so that we move forward sensibly.  The picture above shows the approach we planned at the Inland Revenue a long time ago.  We would take on three parallel streams of work – (1) move forms online, (2) join up with some other departments to create something new and (3) put together a full vertical slice that was entirely online and extend that – we were going to start with a company because our thinking was that they would move online first (this was in 2000): register the company, apply for VAT and tax status, send in returns, add employees, create pensions etc.


It feels like we’ve lost that vision and, instead, are creating ad hoc transactions based on departmental readiness, budget and willingness to play.  That’s about as far away from user needs as I can imagine being.




As a post-script, I was intrigued by this line in the Computer Weekly report:

GDS was unable to give any guarantees around support or service levels.

On the face of it, it’s true.  GDS is part of the Cabinet Office and so can’t issue contracts to third parties where it might incur penalties for non-delivery.  But if others are to invest and put their own customer relationships on the line, this is hardly a user needs led conversation.  Back in 2004 we spent some time looking at legal vehicles – trading funds, agencies, JVs, spin-offs – and there are lots of options, some that can be reached quite quickly.

My fundamental point, though, is that GDS should be facilitating the re-engineering of government, helping departments and holding them to account for their promises, not trying to replace the private sector, or step fully into the service delivery chain – least of all if the next step in the delivery promise is “you will have to take our word for it.”

GDS Isn’t working – Part 3 (The Reboot)



What is GDS for?  It’s a question that should be asked at a fundamental level at least every year for an organisation that set out to be agile, iterative and user led.   It’s easy to be superficial when asking such a seemingly simple question.  People inside the organisation are afraid to ask it, doubtless they’re busy being busy at what they’re doing.  They’re afraid of the consequences.  They don’t want to touch the question in case it bites – the electric fence that prevents introspection and, perhaps more importantly, outrospection.


There are several reasons why this question should be asked, but one that I would take as important, right now, is because GDS don’t know themselves, as the NAO highlighted recently.

“GDS has found it difficult to redefine its role as it has grown … initially, GDS supported exemplars of digital transformation … major transformations have had only mixed success … GDS has not sustained it’s framework of standards and guidance … roles and responsibilities are evolving … it is not yet clear what role GDS will play [in relation to transformation]”

If there was ever a time to ask “What is GDS for?”, it’s now … to help understand these numbers:

The budget is £150m in 16/17 and 17/18 (though it falls over coming years, to £77m in 19/20) and GDS has around 850 staff today (again, falling to 780 by 19/20).

Let me ask again, what is GDS for?


When those 850 staff bounce into work every morning, what is it that they are looking forward to doing?  What user needs are they going to address?  How will they know that they have been successful?  How will the rest of us know?

Given a budget, Parkinson’s Law of Government, says the department will expand to absorb that budget.

GDS has demonstrated this law in action:

  • The exemplars have finished, with varying degrees of success.  There are no further exemplars planned.  The organisation has only grown.
  • Major digital projects have stumbled badly and, in some cases, failed entirely, for instance:
    • The RPA Common Agriculture Programme, specifically re-engineered by GDS early in its life and then directly overseen by senior staff, failed to deliver.  The lessons learned in the previous RPA project, 7 years earlier, were not learned and the result was the same – a system that was late, high disallowance costs and a poor experience for the real users, the farmers.
    • Digital Borders is progressing slowly at best, even allowing for the tuned and optimistic language in the IPA report.  Seven years after the last programme was terminated in difficult circumstances, the first, less aggressive than planned, rollout of new capability is starting now
  • Nearly 5 years after DWP were ready to complete their identity procurement and around three years since its replacement, Verify design to save millions, was about to enter public Beta, the Government Gateway is still there, 16 years old and looking not a day older than it did in 2006 when the UI was last refreshed.  Verify has garnered around 1.4m users,  a very small fraction of even Self Assessment users, let alone overall Gateway users.
    • The Government Gateway is slated for replacement soon, but Verify is clearly not going to replace it – it doesn’t handle transaction throughput and validation, it doesn’t handle nomination (e.g. please let my accountant handle my Self Assessment) and, most obviously, it doesn’t handle business identity.  Given the vision that we laid down for the Gateway and all of the work that was done to lay the foundations for a long term programme that would support all aspects of identity management, Verify is nothing short of a fiasco, as demonstrated by the increasingly vocal war about its future, with HMRC seemingly building its own identity platform.  Others far more able than me, including Jerry Fishenden and David Moss have exposed its flaws, muddled thinking and the triumph of hope over ability.
    • Even now, instead of bringing departmental transactions on board, addressing true user needs and massively improving completion rate from its current low of less than 50%, the Verify team are talking up their prospects of getting 20m users by lowering identity standards and getting the private sector on board.  They blame lack of take up to date on slow delivery of digital services by departments, according to the IPA report.
  • Gov.uk, whilst a triumphal demonstration of political will to drive consolidation and a far greater achievement in presenting a joined up view of government to the citizen than achieved before, is still a patchy consolidation with formats and styles changing as you move from level to level, departmental websites still having their own separate space (compromising, as soon as you arrive in a departmental domain, the sense of consolidation), PDFs abound, and, of course, it lacks major transactions (and those that are available often have a very disjointed journey – follow the route to filing a VAT return for instance).  The enormous early progress seems to have lapsed into iterative tinkering.
  • Alongside all of that we have the latest in a long series of transformation strategies. For many months the strapline on this blog read “transforming government is like trying to relocate a cemetery, you can’t expect the residents to help”.  Since then I’ve revised my view and now believe, firmly, that in any effort to achieve transformation, government will remain the catalyst, in the true chemical sense of the word.  This strategy says that by 2020 “we will”
    • design and deliver joined-up, end-to-end services
    • deliver the major transformation programmes
    • establish a whole-government approach to transformation, laying the ground for broader transformation across the public sector
  • We all want to believe those words.  We know that these have been the goals for years, decades even.  We know that little has really been achieved.  And yet here we are, after 7 years of GDS, being asked to believe that transformation can be achieved in the next 3.  There is a Jerry Maguire feeling to this, not so much “show me the money” as “show me the plan”
  • And, lastly, we have Government as a Platform.  No one was ever quite sure what it was.  It might include the Notifications and Payments service – oddly, two services that were available on the Gateway in 2002/3, but that were turned off for some reason.
So why not ask “What is GDS for?” and use the thinking generated by that question to restructure and reboot GDS.  Any reboot requires a shutdown, of course, and some elements of GDS’s current work will, as a result of the introspection, close down.

If I were asked to answer the question, I would suggest


GDS is for facilitating the re-engineering of the way government does business – changing from the traditional, departmentally-led silos and individual forms to joined-up, proactive, thought-through interactions that range widely across government.  It is not, in my view, about controlling, stopping, writing code or religious/philosophical debates about what’s right. It’s job is to remove the obstacles that stop government from championing the user cause.


Within that the main jobs are:
  • Standards and guidelines for IT across government.  This could get dangerously out of hand but, as the NAO note, GDS has, to date, not kept its standards up to date.  Some key areas:
    • Data formats – messaging standards to allow full interoperability between government services and out to third parties through APIs.  In 2000, we called this govtalk and it worked well
    • Architecture – eventually, government IT will want to converge on a common architecture.  We are likely decades away from that on the basis it’s hardly started and replacing some of the existing systems will take more money than is available, let alone increased capacity across the user and technology community at a time when they have plenty going on.  New projects, though, should be set on a path to convergence wherever possible – that doesn’t mean getting religious about open source, but it does mean being clear about what products work and what doesn’t, how interactions should be managed and how we streamline the IT estate, improve resilience and reliability and reduce overall cost.  This team will show what the art of the possible is with small proofs of concept that can be developed by departments
    • Common component planning – all the way back in 2003 I published a first take on what that could look like.  It’s not the answer, but it’s a start.  I’m a strong believer in the underlying principles of Government as a Platform – there are some components that government doesn’t need more than one of and some that it needs just a few of.  They need to be in place before anyone can intercept with them – promising to deliver and then having a queue of projects held up by their non-availability won’t work.  And they don’t have to be delivered centrally, but they do have to take into account wider requirements than just those of whoever built them
  • Gov.uk publishing team – joined up content will best come from the centre.  This team will control what to publish and how to publish and how to ensure consistency across Gov.uk.  They will rationalise the content is there, doing what Martha originally set out – kill or cure – to make sure that the user is getting what they need
  • Agile and user needs – perhaps the single largest achievement of GDS so far,  far beyond consolidating websites for me, is getting government to recognise that there are many ways to deliver IT and that taking a user-led approach is an essential part of any of them.  I’m not wedded to agile or any other methodology, but there’s a strong argument for a central team who can coach departments through this and checkpoint with them to see how they are doing, refresh knowledge and transfer skills so that everyone isn’t learning the same lessons over and over again
  • Spending controls – a team of elite people who know how to get inside the biggest projects, not waste time on the small ones, and understand what’s being built and why and who can help design the solution at a lower cost than proposed, who can help create the hooks for current and/or future common components and who can help negotiate better deals.  These folks should be the best that can be found – a SWAT team sent to work on mission critical projects.  Their job will be to help drive delivery, not slow it down through interminable bureaucracy and arguments about the philosophy of open source.
  • Transactions team – people who go beyond the pure publishing role into understanding how to hook users into a transaction and drive completion through smart design, innate user understanding and the ability partner with departments, not preach to them from some remote ivory tower.  These folks won’t make promises they can’t keep, they will work closely with departments to move transactions that are offline today to the online world, designing them to foster high take up rates and better service for users.  This team is the future of government – they will be a mix of people who can help rethink policy and legislation, service designers, UI folks who know how to put something slick together and technologists who can understand how to manage load and resilience and integrate with third parties inside and outside of government.
  • Project managers – a mixed team who know how to deliver small and large projects, who are comfortable managing all aspects of delivery, can work with users as well as departments and suppliers and who understand the tension that is always there between waiting and shipping.
Lastly, two areas that I think are contentious; there may be others:
  • Gov.uk development – Personally, I’m in favour of using companies to do build work.  They can maintain a bench and keep their teams up to date with evolving technologies.  They can locate wherever it makes sense and call on disparate teams, around the globe if necessary.  They can call on experience from other clients and use relationships with partners and the big vendors to do the heavy lifting.    The in-house project managers will keep the suppliers in check and will manage scope, cost and time to bring projects home.  This is contentious I know – there’s an increasing appetite for government to bring development in-house; some departments, such as HMRC, have had to locate far from the usual places to ensure that they can recruit and retain staff and I think, if you’re going to do it, that’s more sensible than trying to recruit in Holborn or Shoreditch. But, me, I would give it to an up and coming UK company that was passionate about growth, entirely aligned with the user led approach and looking to make a splash.  I’d then work closely with them to make an effective transition, assuming that the code stands up to such a transition.
  • Verify – It’s time to be brave and ignore sunk costs (investment to date and contractual exit costs if any) and let this one go.  It hasn’t achieved any of the plans that were set out for it and it isn’t magically going to get to 20m users in the next couple of years, least of all if HMRC are going their own way.  The real reason for letting it go, though, is that it doesn’t solve the real problem – identity is multi-faceted. I’m me, but I do my mother’s tax return, but appoint my accountant to do mins, but I work for a company and I do their payroll, and I counter-sign the VAT return that is prepared by someone else, and I act as the power of attorney for my blind father.  Taking a slice of that isn’t helping.  Having many systems that each do a piece of that is as far from handling user needs as you can get.  Driving take up by having a lower burden of proof isn’t useful either – ask the Tax Credits folks.  HMRC are, by far, the biggest user of the Gateway.  They need citizen and business (big business, sole trader, small company) capability.  Let them take the lead – they did on the Gateway and that worked out well – and put support around them to help ensure it meets the wider needs.
How many people does that make? I’m very interested in views, disagreements, counter-points and omissions.