Skip to main content

Digital Identification Protocol

Volume 812: debated on Thursday 20 May 2021

Question

Asked by

To ask Her Majesty’s Government what plans they have to introduce a distributed digital identification protocol for the United Kingdom.

My Lords, I beg leave to ask the Question standing in my name on the Order Paper and declare my technology interests as set out in the register.

My Lords, in 2020, the Government committed to creating a framework of standards, governance and legislation to enable a UK digital identity market. The DCMS published a draft trust framework in February this year setting out the Government’s vision for the rules governing the future use of digital identities. A next iteration is expected to be published this summer and we are expecting to consult on digital identity legislation during this year.

My Lords, which specific sectors do the Government believe are best to run proofs of concepts in when it comes to digital ID? Further, does my noble friend agree with the analysis from McKinsey that suggests an additional 13% in UK GDP if we get digital identity effectively deployed? That is a prize certainly worth prioritising.

I absolutely agree with my noble friend that this is a prize worth prioritising—although I cannot comment on the specific McKinsey data. On his question about areas for pilots, we are working with a number of sectors and are eager to look into pilots in healthcare, tourism, housing, conveyancing and insurance—but all of this is of course subject to spending review outcomes.

It is increasingly important for all of us as citizens to be able to simply and securely verify our identity to others and, likewise, that we can always have confidence that the person with whom we are engaged in a transaction is who they say they are. Yet there have been 11 wasted years since the Government scrapped the previous proposals for a secure identity system. Why has there been that waste of time? Can the Minister assure us, the public, that our personal identity data will be secure and not exploited for profit by these new private sector solutions?

I cannot comment on the delay to which the noble Lord refers. What I can say is that we are working at pace and have made considerable progress since our response to the call for evidence in September. As he is aware—the clue is in the name—a fundamental of the “trust framework” is that citizens can trust how their digital ID will be used.

My Lords, identity theft is a major, growing crime in this country and many people, particularly the elderly, are commonly relieved of their life savings. In the digital, financial and communications world, we all use fingerprint, facial and iris recognition applications to access our personal and financial information. They also safeguard travellers at airports. Unique DNA data has revolutionised crime investigation, resulting in serious historical crimes being detected. Does the noble Baroness agree that proof of identity brings welcome security to most people living in the modern world? However, for it to be trusted, we need to capture this biometric data, verify its authenticity and digitise it securely.

I absolutely agree that a secure and trusted digital ID framework can help reduce data breaches, identity fraud and some of the problems to which the noble Lord referred.

My Lords, I remind the House of my interest as chair of the Proof of Age Standards Scheme board. I congratulate my noble friend and welcome the moves that the Government are making in this direction. However, mindful of the fact that digital identity verification is fiendishly complicated, I urge the Government to consult as widely as they can, to embrace the consequences for rural as well as urban areas and to ensure that any such framework is fit for purpose and will, as my noble friend says, be used safely and appropriately.

My noble friend makes an important point on which I absolutely agree. That is why we have taken this very transparent approach with the publication of the trust framework alpha. A second iteration will be published this summer and then, as I mentioned, further work towards legislation later this year.

My Lords, the Government Digital Service is hiring a new head of design with the statement:

“Our vision is that citizens will be able to use one login for all government services.”

But we have already spent £200 million on Verify without notable success. Despite what seemed to be the intention in the call for evidence response of creating an open marketplace for verifiable credentials, are the Government really planning to reinvent Verify?

We are not planning to reinvent anything. We will continue to run the Verify system, plan for its retirement and the offboarding of services, while working closely with departments, including my own, to develop a viable long-term digital identity solution for all government, which will be called “One Login for Government”.

My Lords, I congratulate my noble friend Lord Holmes on his persistence on this important subject. Does the Minister agree that we have to introduce a unified digital ID protocol for many reasons, not least the IT benefits for people’s well-being, which will require building equal digital opportunities, widespread digital literacy and strong digital security? For this to succeed, the Government need to introduce their own digital ID protocol as soon as possible and use that opportunity to consider launching further widespread digital literacy education campaigns.

I thank my noble friend for highlighting another opportunity for digital ID. The Government are committed to realising the benefits of these technologies, albeit without creating ID cards. My honourable friend the Minister for Digital Infrastructure and the Parliamentary Secretary at the Cabinet Office are working closely together, as both the trust framework and the single sign-on system for government are needed, so that users can control their data in line with the principles that we published in our response to the 2019 call for evidence.

My Lords, anonymity online has encouraged people to say things that are rude, hurtful, untrue and, sometimes, murderous. This does huge damage to society and individuals, so could the Minister undertake that any move towards a distributed digital identity protocol would include an examination of how it might be used to prevent people hiding behind pseudonyms on social media?

The noble Baroness will know that issues around anonymity on social media are extremely complex. She rightly raises instances where anonymity is abused, but we also know that some people use anonymity and pseudonyms for their own protection. I will take her remarks back to the department.

My Lords, I congratulate the noble Lord, Lord Holmes of Richmond, on pursuing this issue so doggedly, and I challenge the Minister’s assertion that the Government are moving at pace on this. But it is crucial that our economy and public services move with the times. Bodies such as the Financial Action Task Force acknowledge the existence of risks if digital ID is not properly implemented. So how do the Government intend to strike the right balance between risk and reward in this important area?

The noble Lord raises an important question. It will be through the transparency that I mentioned earlier, with the publication of the trust framework alpha and a second iteration, a beta version, which will be tested before going live.

The Minister rightly stresses the importance of building public trust in all this. Given increasing concerns about the partisan fashion of so many recent public appointments, what are the Government doing to build broad support for forthcoming key appointments in this field, such as the new Information Commissioner, the new chair of the board at the Centre for Data Ethics and Innovation, and others?

I absolutely do not accept the noble Lord’s assertion about the political complexion of recent appointments. All go through the public appointments process and are entirely transparent.

My Lords, live automated recognition technology is currently on trial by the police, under the supervision and care of the Surveillance Commissioner. Is it envisaged that digitised identity will similarly be subject to the remit of the commissioner, or will they be run as completely separate issues of digitisation?

I welcome the noble and learned Lord to his place and thank him for his question. My understanding is that there will be a need for co-operation between different regulatory authorities. As he will be aware, we have not yet established the governance structure for digital identity—but if there is further information to share, I will write to the noble and learned Lord.