Jerry Fishenden writes in Computer Weekly:
The government’s new identity assurance strategy is a significant and welcome change of direction.
Until last year, the Identity Cards Act sought to provide government with monopoly ownership of our identity. But now the Act has been repealed and proposals brought forward to let us choose our own identity provider in an open marketplace of trusted providers. In the future we could find ourselves authenticating to government services using our own choice of ID, such as a bank card or mobile phone – or perhaps even an ID issued by a “Big Society” mutual or social enterprise.
This “new” approach is not in fact entirely new. The UK government tried something similar during the late 1990s, working closely with third-party ID providers such as Royal Mail, Barclays, NatWest and the British Chamber of Commerce. Citizens and businesses could use such third-party IDs to authenticate themselves to online government services. Several “joined-up” service demonstrators were piloted including notifying the whole of government of a change of address once; and registering as self-employed using a single, integrated smart form.
So what went wrong? The lack of a sustainable commercial model led the third-party ID providers to exit from the market. Some providers tried to charge for their cards – as much as £50 a year – and found little appetite among their potential audience to pay for the debatable pleasure of interacting with government online. Another unresolved issue was liability. Who, for example, was liable if a third-party provider authenticated someone and government subsequently suffered fraud as a consequence? Why would you take that risk as an ID provider unless there was also a balancing commercial benefit in providing the service?