2

Are you who you say you

are?

2005100% online

Authentication

2002e-government usageat 11% of online users

1995: UK has 2% using

Internet

2003Still at 11%

2003: UK has 62% using

Internet(51% regularly)

2004Something has to

change …

2003: 16% of UK

What’s the Internet?

3

Mechanics of AuthenticationMechanics of Authentication(registration and enrolment)(registration and enrolment)

Need to establish who someone isNeed to establish who someone is What they want to doWhat they want to do Whether they have the right to do itWhether they have the right to do it

Goes from simple to hardGoes from simple to hard One time tax return …One time tax return … Application for benefit (long term payments out)Application for benefit (long term payments out) Nurse in hospital accessing patient recordsNurse in hospital accessing patient records

4

Do you need authentication?Do you need authentication?

Send a tax returnSend a tax return Probably doesn’t need authenticationProbably doesn’t need authentication But what if there’s a questionBut what if there’s a question

And you want to ask it by email? Who do you ask?And you want to ask it by email? Who do you ask? What if there’s a dispute, or an outright fraud?What if there’s a dispute, or an outright fraud? What about next year when we want to send the form online What about next year when we want to send the form online

to the citizen pre-populated?to the citizen pre-populated? Very hard to see many transactional scenarios where Very hard to see many transactional scenarios where

we’d not use at least some level of authenticationwe’d not use at least some level of authentication Booking a squash court, renewing a library book, paying a Booking a squash court, renewing a library book, paying a

bill?bill?

5

Private Sector ProofPrivate Sector Proof

VerifiableVerifiable PassportPassport Driving LicenceDriving Licence Utility billUtility bill Tax demandTax demand Address / Prior addressesAddress / Prior addresses

ChallengeChallenge Mother’s maiden nameMother’s maiden name Favourite colourFavourite colour Favourite placeFavourite place Date of birthDate of birth

Usually verified byUsually verified by ExperianExperian EquifaxEquifax Dun and BradstreetDun and Bradstreet etc.etc. And. for challenges, the initial And. for challenges, the initial

registration profileregistration profile

6

Public Sector ProofPublic Sector Proof

VerifiableVerifiable UTR (?!)UTR (?!) NINO (?!)NINO (?!) PAYE referencePAYE reference VAT numberVAT number Etc.Etc.

ChallengeChallenge Digital certificateDigital certificate

Usually verified by Checking the back end

system Or, for a certificate, the

certificate provider’s revocation list

7

Public Sector ComplexityPublic Sector Complexity

Me

My Accountant

My Mother

My Employer

My Colleagues

Citizen’sAdviceBureau?

Doe

s my s

elf as

sessm

ent

Do her self assessmentDo his V

AT and PAYE

Stand in for me when

I’m away

LocalAuthority?

PostOffice?

PayrollProvider

Does Payroll

Their mothers

Their accountants

8

Rules Web services

Portals Gateway

Tra

diti

onal

Bac

kend

Sys

tem

s

Who?Where?How?What?

When?What?

What’s a Gateway?What’s a Gateway?

9

Where do we stand today?Where do we stand today?

99% of transactions via userid and password99% of transactions via userid and password Simple, government focused, verifiable informationSimple, government focused, verifiable information

Vast range of potential identifiers, but much overlapVast range of potential identifiers, but much overlap

Userid is specified, password is chosenUserid is specified, password is chosen Some component (userid) sent via postSome component (userid) sent via post

No cross trustNo cross trust Each separate transaction must be separately verifiedEach separate transaction must be separately verified No joined up servicesNo joined up services

10

Network of Cross TrustNetwork of Cross Trust

BankBank

Insurance companyInsurance company

AccountantAccountant

Other intermediaryOther intermediary Citizen’s Advice BureauCitizen’s Advice Bureau

Central government Passport office DVLA Inland Revenue

Local government

NHS

Trust is all one way today

11

Network of Cross TrustNetwork of Cross Trust

Egg trusts me Egg trusts me (they let me spend money)(they let me spend money)

DWP trusts Egg DWP trusts Egg (up to a point?)(up to a point?)

DWP trusts Egg to trust me DWP trusts Egg to trust me (for benefit payments)(for benefit payments)

IR trusts DWP IR trusts DWP (for tax credits)(for tax credits)

IR trusts DWP to trust Egg to trust me IR trusts DWP to trust Egg to trust me (and pays me)(and pays me)

Southwark trusts IR …Southwark trusts IR …

The green shield stamps version of authentication?The green shield stamps version of authentication?

12

What issues do we have?What issues do we have?

Userid/password has real limitsUserid/password has real limits Simple to use, but no legal validitySimple to use, but no legal validity Works fine for banks so farWorks fine for banks so far

Banks have back end controls (funds transfer limits, monthly Banks have back end controls (funds transfer limits, monthly statements etc)statements etc)

Government userid standards horribleGovernment userid standards horrible But what are the alternatives?But what are the alternatives? Email address (not stable, easy to guess and many people Email address (not stable, easy to guess and many people

don’t like government to have it)?don’t like government to have it)? Strangely, when people fail to login, 50% get password wrongStrangely, when people fail to login, 50% get password wrong

13

More issuesMore issues

No online assurance that someone really is who No online assurance that someone really is who they say they arethey say they are Tied into the postal loopTied into the postal loop 20% of addresses are out of date20% of addresses are out of date

No “instant on” for first time usersNo “instant on” for first time users Cannot setup to e.g. send VAT returns onlineCannot setup to e.g. send VAT returns online Puts pressure on citizen when deadlines loomPuts pressure on citizen when deadlines loom

E.g. must register for self assessment 5-7 days before 31E.g. must register for self assessment 5-7 days before 31stst JanuaryJanuary

14

More issuesMore issues

Digital certificates on life supportDigital certificates on life support Technology solution hunting a problemTechnology solution hunting a problem For some departments even these aren’t enoughFor some departments even these aren’t enough

Smart cards proliferatingSmart cards proliferating But not being tied into government servicesBut not being tied into government services Limited readers, no national standardsLimited readers, no national standards Probably the only truly portable solution thoughProbably the only truly portable solution though

Mobile phone as a portable solution?Mobile phone as a portable solution? 70% of phones are pre-pay … no owner information70% of phones are pre-pay … no owner information

15

The future?The future?

Entitlement cardsEntitlement cards Biometrics?Biometrics?

Common Information DatabaseCommon Information Database One citizen identifier?One citizen identifier?

The NHS spineThe NHS spine Health record aggregation as the common link?Health record aggregation as the common link?

BT URUBT URU Part of the network of trustPart of the network of trust

All of them probably 3-5 years away?All of them probably 3-5 years away?

16

What Should We Do?What Should We Do?

Address the real issuesAddress the real issues Too easy to look to blame someone elseToo easy to look to blame someone else Authentication process is simple …Authentication process is simple …

Government forms are far, far harder to complete!Government forms are far, far harder to complete!

Focus on identifiersFocus on identifiers Which ones for which services … national standardWhich ones for which services … national standard

Construct a “one time” registration process?Construct a “one time” registration process? All key identifiers supplied, even if services are not yet onlineAll key identifiers supplied, even if services are not yet online

Help construct the network of trustHelp construct the network of trust

And just a bit about And just a bit about contentcontent

18

Six things to think aboutSix things to think about

1.1. There is no blueprint for joining up governmentThere is no blueprint for joining up government

2.2. Replicating what we already have is not e-governmentReplicating what we already have is not e-government

3.3. There is no silo in “citizen focus”There is no silo in “citizen focus”

4.4. Technology is not a differentiatorTechnology is not a differentiator

5.5. No-one wins when others loseNo-one wins when others lose

6.6. Having a policy is not the same as delivering itHaving a policy is not the same as delivering it

19

e-Government evolution?e-Government evolution?We’re in the trough for sureWe’re in the trough for sure

Gov

ernm

ent

web

site

s

% T

rans

acti

ons

Onl

ine

95%+

Stage 1

Stage 2

Stage 3

Maturity

2,800 websites …. £270-583 millionAM rough figure

Supplier Gain,Supplier Gain,.gov Pain.gov Pain

CitizenCitizenValueValue

5-7%, less than 3 million per year

20

What’s wrong with our websites?What’s wrong with our websites?

More than 2,800 More than 2,800 sitessites

More than 5 More than 5 million pagesmillion pages

Up to 70,000pages

Nine levelsdeep

More than 200URLs More than 300

authors

Some parts of thesite not linked to others

‘orphan content’

100s of brokenlinks

Download timemore than one minute

Poor uptime

Five different look and feels

More than threenavigation designs

The product of unplanned growthThe product of unplanned growth

21

Audience penetration (Active reach among total UK Internet users %)

Loya

lty

(Vis

its

per

per

son p

er m

onth

)

= Audience size ( ‘000 unique visitors per month)

Commercial Public sector

IndividualGovernment

sites

Usage (or lack of it)Usage (or lack of it)

Source: NNR, UK

windowsupdate.microsoft.com5,378

google.com6,281

microsoft.com6,477

bbc.co.uk4,994

ask.co.uk3,997

amazon.co.uk4,281[hidden]

loginnet.passport.com4,972

google.co.uk4,060

msn.co.uk3,674

freeserve.com3,613

dfes.gov.uk566

0

1

2

3

4

5

6

7

8

9

0 5 10 15 20 25 30 35

All govt.5,565

Central govt.4,325

Local govt.2,427

22

Do we have enough yet?Do we have enough yet?

5 million pages of content

5.5 million visitors per monthLow repeat visits per visitor£5-£10 per visitor, per year

0

20000

40000

60000

80000

100000

120000

1 21 41 61 81 10112

114

116

118

120

122

124

126

128

130

132

134

136

138

140

142

144

146

148

150

152

154

156

158

160

162

164

166

168

170

172

174

176

178

1

0.0%

10.0%

20.0%

30.0%

40.0%

50.0%

60.0%

70.0%

80.0%

90.0%

100.0%

% of all government content

Pages per site

Hants

Medical Devices

Scotland

HMSODH

IR

Dorset CCCastle MorpethLondon Online

23

Countering the “rules” Countering the “rules” Customer-centric content aggregation Customer-centric content aggregation

Life events Life events life styles life styles “franchises” “franchises”

Consistent look and feel Consistent look and feel Across all government websitesAcross all government websites

Economies of scaleEconomies of scale Do it once, do it right, do it all overDo it once, do it right, do it all over

Take spend away from technologyTake spend away from technology Focus it on information and services (use the source, Luke)Focus it on information and services (use the source, Luke) Central infrastructure – local, regional and nationalCentral infrastructure – local, regional and national

Drive customer take-upDrive customer take-up Partnerships with intermediariesPartnerships with intermediaries

24

Things to Think AboutThings to Think AboutIt’s not technology for technology’s sakeIt’s not technology for technology’s sake

Opportunity to failOpportunity to fail 54% projects suffer (HMT Green Book, 2002)54% projects suffer (HMT Green Book, 2002) 15% cancelled (Chaos Chronicles, 2002)15% cancelled (Chaos Chronicles, 2002)

Over-specificationOver-specification 45% of product features 45% of product features nevernever used, 19% rarely used used, 19% rarely used The more you build, the less they useThe more you build, the less they use

No benefit likelyNo benefit likely Your return on investment begins the day you switch it onYour return on investment begins the day you switch it on

Start small, add rapidly, make it great a bit at a timeStart small, add rapidly, make it great a bit at a time High yield, low risk.High yield, low risk.

Source: Jim Johnson, The Standish Group

25

And finallyAnd finally

It’s not just about websitesIt’s not just about websites Kiosks, DTV, offline/online consistency, intermediaries etc.Kiosks, DTV, offline/online consistency, intermediaries etc. Cross-channel capabilityCross-channel capability Cohesive brand … focused marketing £Cohesive brand … focused marketing £

Integrated content and transactionsIntegrated content and transactions The more people can do, the more they’ll want to doThe more people can do, the more they’ll want to do Today’s one time “tax”, “benefit” transactions not enoughToday’s one time “tax”, “benefit” transactions not enough

The UK is far behind its peers in online government The UK is far behind its peers in online government usageusage Yet we bank and buy books online more than anyoneYet we bank and buy books online more than anyone Fragmentation, competition, squabbling make us sufferFragmentation, competition, squabbling make us suffer Too expensive to go solo (silo)Too expensive to go solo (silo)