Ministerial foreword
Matt Warman MP,
Minister for Digital Infrastructure
It has become increasingly important in this digital age
to be able to establish trust, particularly online. This is the foundation thriving markets are built on. Having an agreed digital identity that you can use easily and universally
will be the cornerstone of future economies.
There are times in day-to-day life when you may be asked to prove something about yourself to access a service or product. When buying alcohol you may need to prove you are over 18. When opening a bank account you need to certify who you are and where you live. When starting a new job you need to clear pre-employment screening.
This might be easy if you have a passport or driving licence and you are able to offer these face to face. At other times it can be difficult. You may not have recognised physical documents or may not be able to travel to prove you are who you say you are. Physical documents can also be stolen, falsified or misplaced. They can be expensive to replace and their loss can lead to identity theft and fraud.
This government is
committed to solving these problems digitally and without the need for a national identity card.
In response to last year’s
Digital Identity Call for Evidence, we committed to:
- creating a clear framework of rules which show what ‘good’ digital identities look like — this will enable business to innovate, and help you to access products and services with ease, confident that there are standards in place to protect you from fraud and safeguard your privacy
- establishing a governance and oversight function to own these rules, keep them up to date, and make sure they are followed
- developing proposals to remove legislative and regulatory blockers to the use of secure digital identities and establish safeguards for citizens
This document,
the first ‘working’ version of the UK digital identity and attributes trust framework, is an important step to meeting these commitments.
I want the trust framework to help facilitate a clear understanding between people using identity products, the organisations relying on the service and the service providers, letting each party know data is being used appropriately and kept safe.
Successfully combating fraud and cyber crime can only be achieved by government working with the private sector. This framework, which will need to be underpinned by further new robust legislative and regulatory mechanisms before it can be finalised, can help to strengthen how we work together to restrict opportunities for criminals and protect people.
The trust framework is being published now as a first stage industry prototype (or ‘alpha’) so that we can test it with services, industries, organisations and potential users. My department is taking this collaborative approach
to make sure that when the final version is published it meets the needs of those who will rely on it.
Publishing an ‘alpha’ version allows these key stakeholders to continue to provide feedback as the document is iterated. It also gives service providers and relying parties early insight into the rules of the road and gives you, the user, confidence your digital identity and attributes will only be shared in a controlled and protected way. My department will actively seek feedback from across industry, civil society, other government departments, and the public sector over the coming months to develop the document further. All the trust framework joining requirements in the ‘alpha’ are subject to change in line with the feedback we receive.
The trust framework approach is gaining traction globally - Canada, Australia, Sweden and New Zealand are taking this route. We will continue to work with our international partners to make sure our standards are interoperable with those adopted abroad, so in the future
you can use your digital identity around the world and UK businesses can trust digital identities created elsewhere.
It is not my department’s intention to provide any new or ready made solutions for actual products — we will be relying on the creative and innovative drive of industry to build these and the services that meet the needs of consumers from all walks of life. The trust framework is intended to set out the rules for these services, to provide the playing field on which business can operate. More detailed rules which are specific to their sector — what we call schemes — can develop within this framework.
The trust framework is also central to the Government Digital Service’s work
with other government departments to develop a new cross-government single sign-on and identity assurance solution. This will ensure interoperability of identities and associated attributes between sectors in the longer term.
This document is just the beginning of building
a trusted digital identity system for the UK. As detailed in the trust framework itself, we have further work to do on the governance structure to protect consumers and make sure the trust framework delivers on its intended benefits. We also need to clarify
how liability is managed throughout the process. My department will underpin this structure in legislation and will consult privacy groups, industry and stakeholders in due course.
Our next steps on the trust framework are to incorporate feedback and publish a second iteration in short order. This updated version will contain the details for the certification process explaining how organisations can be assessed as meeting the requirements of the trust framework. These will allow us to begin ‘sandbox style’ testing of the trust framework in partnership with sectors and organisations to ensure it meets their needs, while meeting our robust standards. Further details on plans for testing will be published alongside the next version.
We are excited to work together with industry, with civil society, and with you - the public - to iterate and improve the trust framework to make sure it works for everyone.
a journey asking good questions - which are valid - without being intimidating aggressive.
Systematic killing
