Gov denies Verify could be used to spy on you

GDS issues rebuttal to paper claiming identity assurance scheme degrades your privacy

Government

The government has denied its new identity assurance service, Gov.uk Verify, could lead to mass surveillance of citizens, following claims made by a group of academics.

Verify reduces the privacy of citizens due to technical flaws in the system's architecture, wrote the three authors of a paper titled Toward Mending Two Nation-Scale Brokered Identification Systems.

The Government Digital Service (GDS) designed Verify as a way for people to prove they are who they say they are when using government services online, and HMRC is already using it with allegedly mixed success.

Verify relies on a central hub to mediate interactions between the departments providing a service, companies performing the identity checks and the citizens using Verify.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Users of Verify are passed to identity authentication providers, who ask questions and use official documentation to confirm citizens' IDs, the idea being to limit the amount of information the government or the providers have on people.

But the authors of the research, Lus Brando, Nicolas Christin, and George Danezis warned too much trust has been placed in the hub, through which all the information travels, as it has the power to read encrypted information coming from identity checks and users themselves.

"The excessive trust placed on the hub could be notably used to support undetected mass surveillance," the report read.

"Leaving the hub outside of the scope of privacy and security goals triggers serious problems. As currently inferred, [Gov.uk Verify] may actually degrade the privacy of citizens."

However, the GDS published a blog post this morning denying Verify could be used to spy on people.

It read: "Gov.uk Verify does not allow for mass surveillance. It does not have any other connection with or ability to monitor people or their data.

Advertisement - Article continues below

"Only minimal data passes through the Gov.uk Verify hub. The person's name, address and date of birth [and gender] is sent through the hub to a government department the person is trying to access.

"No data about the person's interactions or activities within certified companies or government departments passes through the hub."

But the GDS did say the report's findings added to the pool of knowledge around digital identity assurance issues, and has welcomed Danezis as a member of the government's privacy and consumer advisory group.

Verify's use by HMRC came under scrutiny this month after thousands were understood to have missed out on a marriage tax break because they were asked to provide documents many people did not actually have.

In response, HMRC is introducing an alternative process for those who have been unable to use Verify to apply for the tax break.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/government/354549/amazon-will-pass-on-2-digital-tax-to-sellers
government

Amazon will pass on 2% digital tax to sellers

16 Jan 2020
Visit/government-it-strategy/28305/ir35-news
Policy & legislation

Government announces review of IR35 off-payroll changes

8 Jan 2020
Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/server-storage/network-attached-storage-nas/354221/synology-dva3219-review-an-ideal-cctv-system
network attached storage (NAS)

Synology DVA3219 review: An ideal CCTV system

28 Nov 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020