https://identityassurance.blog.gov.uk/2015/06/22/gov-uk-verify-hub-privacy-aspects/

GOV.UK Verify hub - privacy aspects

We've been asked to comment on an academic paper - 'Toward mending two nation scale brokered identity systems'. The paper explores some interesting issues about how federated identity assurance systems like GOV.UK Verify work, and how users' privacy can best be protected.

We welcome the paper, and its contribution to the developing pool of knowledge and ideas about digital identity assurance.

GOV.UK Verify offers people a convenient, secure way to prove their identity when accessing digital government services. It does not have any other connection with or ability to monitor people or their data.

GOV.UK Verify protects users' privacy. It has been designed to meet the principles developed by our privacy and consumer advisory group. GOV.UK Verify does not allow for mass surveillance.

Only minimal data passes through the GOV.UK Verify hub. The person’s name, address and date of birth (and gender, if the user has chosen to state it) is sent through the hub to a government department the person is trying to access. This only happens when the person accesses a service through GOV.UK Verify - the data is sent through the hub for the purposes of matching the person to the record that is already held about them in that department. No data about the person’s interactions or activities within certified companies or government departments passes through the hub.

We are working with the author of the paper to clarify this aspect and provide assurance on the issues raised. We have invited one of the authors, Dr Danezis, to join our privacy and consumer advisory group (and we are pleased he has accepted the invitation), so that we can continue to consult a range of experts and privacy and consumer groups on our approach to these important issues.

 

2 comments

  1. Sean Green

    when will verify be available to be used for my council services?

    Link to this comment
    • Rebecca Hales

      Hi Sean

      GOV.UK Verify isn't available for local authorities yet, but we do want GOV.UK Verify to be available for local authorities to use in the future. We've built the service to make that possible and we've supported alpha projects with local government services through the Open Identity Exchange – see http://oixuk.org/?page_id=10 for information about them.

      However, we haven’t yet developed the model for how GOV.UK Verify would be used by local authorities; we're prioritising central government services in the first instance and will start working on this for local authorities after GOV.UK Verify goes live in April 2016.

      See this post: https://identityassurance.blog.gov.uk/2014/10/23/identity-assurance-for-local-authority-and-private-sector-services/

      Link to this comment