Digital identity in the UK: is it time?

Paul Inglis at ForgeRock asks whether it is time for the UK to embrace digital IDs

 

Earlier this year, once bitter parliamentary rivals, Lord William Hague and Sir Tony Blair released a joint report discussing productivity and innovation in the UK. However, the report was met with significant criticism due to the fact that it brought up discussions around digital IDs in the UK—something which the UK has always turned away from. 

 

But why does the UK fear the concept of a digital ID? The government already has various forms of ID for the public, from driving licenses to NHS documents. And this doesn’t seem to anger most people. It is clear that the general public lacks trust in a formal identity system operated by the government.

 

So what needs to be done to build trust in a digital ID system? 

 

First and foremost, the government must ensure that the public’s data is safe in their hands, both from their overreach and the actions of a cyber-criminal. As phishing remains the single biggest cyber-security threat in the UK, it makes sense that a government ID system needs to be impenetrable against such campaigns.

 

Realistically, there’s only one way to achieve this, putting in place a long-term plan that removes the need for passwords throughout the system. By removing the biggest threat to public data, trust may flow toward a government ID system. Once trust is fully established, the government could potentially look into creating a singular ID, but the need may never arise. 

 

(Digitally) identifying the fear 

Given the UK public’s significant outcry regarding IDs, one might assume they would be angered by the fact that various government IDs already exist. Wrong. In reality, UK citizens are comfortable with government data usage and tracking. But only when done with a specific purpose in mind. In fact, 81% of the public is comfortable with the NHS using their data indiscriminately.

 

However, it is critical to note that the public worries about who has access to that data and whether it is secure. All roads lead back to trust, an achievable objective. One can look at how the Australian government has rolled out an overwhelmingly successful digital infrastructure with digital IDs at the centre of the project. 

 

How did they manage this successful launch?

• Offering protection for users’ privacy
• Offering safeguards that nullify issues around third-party collections 
• Offering a high level of security, constantly undergoing assessments to ensure it is of the highest quality

The UK government should follow Australia’s example while reinforcing its potential ID system with a robust, reliable framework. 

 

It is important to note that the government has begun to make inroads in this manner, releasing its digital identity and trust framework earlier this year. However, this framework lacks the necessary standards to ensure users’ data is secure and under their control. 

 

 

Don’t forget the benefits

While trust is the most crucial aspect, it will be critical to show how beneficial a passwordless digital identity system will be to win over the UK public and businesses. The aforementioned benefits include: 

• Revolutionary digital experiences: Accessing a range of services, from hospital appointments to picking up a parcel, will never be easier. 
• Superior privacy and security: Citizens will be afforded more control over their data, deciding what gets shared and when. Plus, with the addition of passwordless technology, the risk of account takeovers and attacks will be significantly reduced. 
• Hyper-efficient business operations: Businesses will benefit from the same digital experience, creating seamless operational environments.

 

Take away passwords, build trust

In 2022, of all the cyber-attacks identified by businesses in the UK, phishing accounted for 83%. It is the biggest issue facing digital infrastructure and must have the wind taken out of it to truly build trust in a digital system. 

 

With the addition of generative AI, attackers now have many tools at their disposal that have upped the ante significantly. Whether it is the ability to create documents from scratch or craft word-perfect emails in the exact dialogue of a company’s CEO, the pressure is on to help consumers and businesses mitigate AI’s fraudulent haze.

 

One of the most significant ways to do so is to eliminate the most targeted vector, password credentials. 

 

Using a passwordless system empowers users to gain access to whatever information they need without ever actually using a password. By eradicating this avenue, unauthorised access can only be made if threat actors could potentially fake the exact keystrokes, IP address, MAC, physical location, and facial biometrics of a user all at once. An almost impossible scenario. 

 

If the government has any hope of overcoming its digital ID hurdle, it needs to double down on developing deep-founded trust by creating secure systems for the public while highlighting the overwhelming benefits of that system.

 

The question then turns to whether these services need to be connected into a singular digital ID, but until trust is established, there is no need to give this thought the time of day. 

 

---

 

Paul Inglis is SVP EMEA at ForgeRock

 

Main image courtesy of iStockPhoto.com