Skip to main content

Abandoned in Cyberspace: Identification and cybersecurity

Insight Published on 29 July 2021

As the world becomes increasingly more digitised, so too has the idea of identity verification. But with digital identity comes a variety of questions of convenience, security and privacy. In this article, Chris Gledhill discusses these issues and how we should create a voluntary yet robust cyber identity framework for all. 

I vividly remember my first passport. It was an expression of independence, a proof of my status as an individual with rights and responsibilities and a demonstration that the British state would have my back if I ever got into trouble abroad. 

On the inside cover was a very confident demand from Her Britannic Majesties Principal Secretary of State for Foreign and Commonwealth affairs requesting and requiring that I be allowed to pass and afforded assistance as required.

Sadly, her Britannic Majesties Government do not have the same clarity of purpose or self confidence in cyberspace.

Recent announcements about the imminent demise of the Verify programme and its replacement with a new, as yet unspecified but ‘better’ government digital identity, do not necessarily inspire confidence! It has long been my view that official verification of my identity as a British Citizen is as important in cyberspace as it is at an immigration desk, a physical bank branch (should such a thing exist) or an airline check-in desk.

There is no reason why the level of identity assurance expected in the physical world cannot be carried over into cyberspace, not only for British citizens consuming domestic public services, but for anyone wishing to do business in ‘Global Britain’.  

There is no technical barrier but a huge cultural resistance to the idea. An officially recognised digital identity is instinctively seen as a potential assault on civil liberties.  Within government, it gets confused with the challenges of data sharing between departments and data protection. For decades, we seem to have totally failed to see that a digital ‘passport’ should simply be a service provided for the convenience and security of citizens and businesses should they wish to use it.

My aim in this blog post, is not to engage in complex arguments about the economic benefits of a reliable digital identity – because there is already an overwhelming consensus about that.  Similarly, I am not aiming to get into the argument about privacy, civil liberties and curbing the intrusive power of the state – because these arguments completely miss the point.  As a British Citizen, I am not legally required to carry physical identification documents. I don’t technically need to have any form of photo ID, but try living without them!

My simple question is why have we collectively failed to grasp that providing a robust and reliable digital identity for citizens to use if they want to is the government's job?

It’s time to provide a national cyber identity assurance framework for citizens, companies and those who would like to do business with us. Make it voluntary but provide practical incentives to use it in terms of convenience, security and legal certainty.  Stop thinking about digital identity purely from the point of view of its role in government IT strategy.  It is a service to the citizen first, and once established, a basic component of better service design for both public and private sector.

This article was written for TechUK as part of their Innovation in Public Services Week.

Topics

  • Technology
  • Digital Transformation