As Government launches 'Verify' scheme, our digital identities are becoming more important than we realise

In Matthew Blakstad's debut novel Sockpuppet, the Government sets up a digital identity system that suffers a catastrophic failure of trust. Now a real-life version of the system, Verify, has been launched – and those behind it will be hoping that truth is a little more straightforward than fiction

Matthew Blakstad
Tuesday 03 May 2016 12:33 EDT
Comments
Britain's Prime Minister David Cameron sits on the floor as he joins students for "An Hour of Coding" at Number 10 Downing Street
Britain's Prime Minister David Cameron sits on the floor as he joins students for "An Hour of Coding" at Number 10 Downing Street (REUTERS/Stefan Rousseau/pool)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

I recently stopped hanging up on cold callers. Instead I started engaging them in conversation. This sometimes takes me in delightful directions. Like the Bangalorean man I spoke to recently who, while agreeing his call was indeed a scam, assured me it was a very high quality scam. Who could be angry at a young man with such pride in his work? Usually, though, I end up in a flaming row with the caller, over where and how they got my data.

Just this morning I had a call. Against my protestations, the contact centre agent gamely asserted that I’d recently had an accident in my (non-existent) car. In return I pushed her to tell me where she’d got my name and number. She must have used the phrase ‘Sir, you provided your data through an online form’ as often as Jeremy Paxman said ‘Did you threaten to overrule him?’ that one time on Newsnight.

I was a fool to even try. The idea I can chase down my stray data like some online sheep-dog, and corral them back into the security of my hard drive, is a pipe dream. Fragments of my identity are scattered across the internet like a billion traces of my DNA. Every cold caller knows something about me, though none has the whole picture. Today’s was aware of me as a car-owning, accident-prone individual who bore only a passing resemblance to the real Matthew Blakstad – though the accident-prone bit is to be honest pretty accurate. This situation is unsatisfactory in all kinds of ways. If we want to be engaged with the contemporary world, we’re forced to give up the same set of information over and over again – post code, mother’s maiden name, credit card details, favourite subject at school. We’re sowing our data far and wide, bringing ever closer the inevitable theft of our identity, and the ensuing frenzy of password changing and card-chopping.

Something needs to change. Everyone involved in providing online services knows this, but the thousands of separate actors have never managed to get together and solve the problem. Even the most libertarian entrepreneur agrees that this is one of those problems needing a kick-start from government. Hence last week’s launch of gov.uk’s Verify service – ‘the new way to prove who you are online’. At first this flexible token of identity will be used to give us access to government services like tax returns, car registration and Universal Credit. At some point, though, it’s bound to be taken up by the private sector, too. Our Verify identity will become a central part of who we are online.

I have a special interest here. My debut novel Sockpuppet follows the tribulations of Bethany Lehrer, a government minister who tries to launch an ‘online ID card’ called the Digital Citizen. Any resemblance between Digital Citizen and the real-life Verify service is of course entirely coincidental. Still, I’m delighted the government has chosen to mark the publication of my book by launching its service. Sockpuppet demonstrates, through the medium of a noisy thriller, what happens when the Internet turns on a public figure in a wave of trigger-happy scorn. The hapless Ms Lehrer and her digital identity system suffer a catastrophic failure of trust, with deadly consequences.

A loss of trust spells disaster for this kind of service. We need to have faith in Verify, if we’re to give up our personal details to it. On the other side of the picture the government, too, needs to trust we’re who we say we are. What everyone in this picture needs is someone – or something – to step in and verify that everyone's who they say they are. This is why the Verify system leans so heavily on the notion of a ‘trusted third party’. Let’s say I want to claim a benefit online. To avoid being scammed, the DWP needs to know I’m entitled to what I’m claiming. As far as they’re concerned, though, I’m just a Gmail address and an internet location. Like a young buck in a Fielding novel, up in London for the first time, what I need to be admitted to their house is a letter of introduction. A nod from a person of quality who can speak for me. A third party that DWP and I both trust, and who already knows who I am. They vouch for me, the DWP web service lets me in; and from then on, they trust me, too.

All well and good, but why should I trust this third party? To make the system work, at some point I need to entrust someone with enough personal information to establish my identity. Which is why the government has handed out this vital role to a slew of private contractors. They’re saying, look, don’t trust the unreliable old public sector. You can choose who to trust, from a list of accredited organisations like Barclays and the Royal Mail. You know, organisations who never, ever lose people’s data. This approach, says gov.uk, ‘gives people more choice and control over their personal data than if we were using a single supplier or if government were doing all the verification work.’

See what they did there? In comes the inevitable mantra of choice. The true subtext, though, is that if the government held all our data in a single location, there’d be too great a risk of the whole lot getting hacked in a single criminal exploit. Far better to divide and conquer, by portioning our data out to multiple private firms. It remains to be seen, though, which of these models – if either – the public prefers to trust.

At the start of my novel, the Digital Citizen service does indeed appear to have been hacked; and the online hoo-hah that boils up as a result could all too easily come to pass in the real world. Still, even though I’ve chosen in my book to dramatise a major collapse of public trust, I sincerely hope the same does not occur to Verify. I’d like to see a time soon when I can stop giving up my data to a million separate websites, creating ever more prey for cold-calling boiler-room operations. I can only wish the good folk at gov.uk a far smoother go-live process than I’ve allowed their fictional counterparts.

Sockpuppet is published by Hodder & Stoughton on 19 May.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in