UK gov unveils plan for nationwide digital identity scheme

Digital fingerprint
(Image credit: Getty Images)

The UK government has revealed its plans to introduce new legislation to securely handle the introduction of digital identities for use throughout modern society.

Announcing the news on Thursday following a consultation period, the Department for Culture, Media, and Sport (DCMS) said it sees digital identities being used in place of physical documents like passports and driving licences.

Online verification that requires scans of such physical documents will soon offer the opportunity to use a digital identity instead. The digital equivalent can also be used to buy age-restricted items in retail stores, such as alcohol.

The digital identities will not replace physical documents, the DCMS said, but can be used if anyone wants to - there will be no obligation to create a digital identity in the UK.

A new governing body for the technology will be formed, called the Office for Digital Identities and Attributes (ODIA), and companies that are tasked with handling the personal information associated with the digital identities will need to apply for a new, to-be-created trustmark to show they have the adequate protections in place.

“The ODIA will have the power to issue an easily recognised trustmark to certified digital identity organisations, to prove they meet the security and privacy standards needed to handle people’s data in a safe and consistent way,” said the DCMS.

“The ODIA will ensure trust-marked organisations adhere to the highest standards of security and privacy.”

The DCMS said it will bring the legislation forward when parliamentary time allows it to. In order for it to be implemented into law, a legal gateway that allows organisations to securely carry out verification checks needs to be established and proper checks will need to be made to ensure the digital identities are legally equal to physical documents.

Such digital identities will be accessible via mobile apps and websites, and are thought to help tackle the “record high” levels of fraud in the UK with an estimated 5 million cases in the year ending September 2021, the DCMS said.

Centralised vs decentralised identities

The proposed rollout will operate on a centralised model - it will see designated third-party organisations manage the digital identities of many people in the UK. This goes against the model suggested by Microsoft, which also published its views on the topic of digital identities on Thursday.

RELATED RESOURCE

Multi-factor authentication deployment guide

A complete guide to selecting and deploying your MFA authentication guide

FREE DOWNLOAD

Microsoft said simply digitising a physical document like a driving licence and using it as a like-for-like replacement allows companies to see more information than perhaps may be necessary. Instead, it proposed a decentralised model which sees the individual own their identity fully and also the power to reveal or revoke parts of the digital document as needed.

“With decentralisation, you can prove the person is the genuine owner of the real-world identity by verifying their digital signed credentials,” it said. “Individuals can use a secure, encrypted wallet to store their identity data and easily control access to it.

“A decentralised identity could replace the need for usernames and passwords altogether and work with other forms of authentication to provide the required level of attestation.”

Government’s competence in question

The UK government has attempted to implement a secure digital verification for a number of years, most notably culminating in the widely admonished Verify project.

Verify was introduced in 2013 by the Government Digital Service and was slammed by the likes of the National Audit Office and internal Parliamentary committees for missing every one of its targets and “failing the public”, three years after its advent.

A panel of experts, assembled in 2020 to debate a techUK report on digital identification, called the government’s call for evidence “vague” and branded its response to the topic as “woeful”.

Connor Jones
Contributor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.