Credit: Crown Copyright/Open Government Licence v3.0

The chief executive of the Government Digital Service has outlined some of the key mistakes made in the delivery of the Verify identity assurance tool – and how the work on the new government-wide platform will avoid replicating them.

Appearing last week before MPs on the Public Accounts Committee, Tom Read was asked to provide examples of where and why an agile approach to the development of services works well. Agile methodologies espouse flexibility and short-term goals – rather than setting out a grand plan and ultimate objective at the beginning of a project.

Read cited “what didn’t work with Verify, and what is working with One Login” as an example of the benefits of adopting an agile approach.

Verify allows citizens to prove their identity in order to gain to access some government services; the service through which applications can be made for Universal Credit is the biggest user of the security platform.

Related content

• GOV.UK Verify to continue until 2023 with £11m-a-year funding
• Minister on plan for government digital tools that ‘serve users proactively – rather than reactively’
• Government says ‘lack of mandate’ contributed to muted Verify uptake

The verification process is conducted by external providers – the ranks of which have shrunk in the last couple of years from seven to just two: Digidentity and the Post Office. 

Read told MPs that the model of “a complete separation” between the service and the verification process had been decided upon too early in the process, without sufficient testing of its efficacy.

“With the Verify programme, the technology approach and the overall design was baked in right at the beginning,” he said. “The founding principle was ‘we will use external providers to prove somebody’s identity, [who will] then just say “yes” or “no” back to the service… which is very good for protecting citizens’ data. But what wasn’t done is proper, iterative testing with real users to see if that worked - and we now know that that doesn’t work for around half of the users who use it.”

The One Login programme aims to replace not only Verify, but scores of other existing sign-in processes currently used across departments to allow access to services. 

In developing the new platform, GDS aims to work closely with the rest of government and shape the system to their needs and those of the citizens they serve – rather than setting out and handing down a pre-defined approach.

Read said: “What we are doing instead is working with departments across government  – with the frontline of departments – to say: ‘let’s learn more about how your users work, and we will build a solution for that works for that set of those users’. Then we will go to the next set of users to see if that works and, if not, we will need to pivot and will need a slightly different solution.”

He added: “What we are seeing already is, if we had made technology decisions right at the beginning, we would be dead wrong already. We have already seen that there are people who… have a passport, a driving licence and a mobile phone. Then there are other users that do not have any of those things, and they have very messy, chaotic lives. And our agile iterative approach has proved that we need completely different solutions for those different types of users, and we are going to be iteratively building them and rolling them out, and we will be able to stop or change at any point on the way through.”

Problem solving
The creation of the One Login platform – also known as GOV.UK Accounts – was announced a year ago.

Funding for Verify has been extended to April 2023 while work continues on the incoming system, which is due to launch next year.

Read said that One Login aims to address “three main problems”.

“The first is that interaction between citizens and government is quite confusing – you need to understand the structure of government and what individual departments offer to find the right services,” he added. “So, that is confusing, and quite disenfranchising for citizens.”

The second issue the length of time it can take to validate information provided by citizens. Currently, this can take months,

“There is a growing dissatisfaction from users; in the consumer world, you are not going to wait 14 weeks for a credit card decision,” Read said.

The third problem the login system aims to address is the “need to make things cheaper and more efficient for government”.

“[We can also] show people what data we hold on them and what connections we have between different government departments,” the GDS chief added. “And – where it works for users, where users are happy to make their user journey more efficient – we want to start using the data we hold on people, rather than pretending we don’t know anything about them when they come in, and asking them to post in passports or proof of residence.”