Towards a digital ID – part 15

Posted on Categories eGov, Tags ,
Towards a digital ID – part 15

Recently we announced that our three-year project towards a digital ID system to work with Jersey government online services had led us to Yoti.

Readers of this blog series will be aware that we had also evaluated digital ID systems in use in other countries. Now that the sourcing process has completed, we thought it would be interesting to look – in broad terms – at some of the factors we considered when selecting which approach to adopt.

Cultural fit

The number one recommendation of the OECD in its report “Embracing Innovation in Government 2018” was as follows:

Develop identity solutions that fit with the culture of the country. Countries are looking at identity programmes through a variety of lenses. What works for one country may not work for another. Governments must appreciate the cultural realities of their countries to determine the best approach for the creation and use of identity programmes. For example, the United Kingdom created a biometric national identity programme in 2008 and issued identity cards to thousands of people, but the programme was scrapped in 2010 as constituting a “substantial erosion of civil liberties” (Kirk, 2010). Through its GOV.UK Verify programme, discussed earlier, the country is now building identity solutions more suitable for a country that conceptualises and values privacy in this way. All countries can and should build digital identity programmes that unlock digital services from government and the private sector. However, there is no single best approach to creating a digital identity programme. Each country will need to identify an approach that best reflects their national values.”

National identity cards are used in 25 of the 28 EU member states. In more than half of those countries, cards are compulsory by law. Being able to use an ID for purposes beyond government is an important factor in achieving a high level of usage. This is easier to achieve in countries where banks accept the national identity card as a way to log on to online banking. EU citizens are also able to use their national ID as a travel document within Europe.

Readers of this blog series will know that we have been careful to approach this not just as a technology project but with consideration of what will be welcomed and considered acceptable to Islanders. Culturally, Jersey has a great deal in common with the UK, where the general population hold some reservations about the use of national identity cards.

Additionally, we’ve been conscious that the UK retail banks with branches on Jersey’s high street might be more comfortable with a system they already know; they might not have been comfortable with a Jersey-specific identity scheme as a way to access their online banking systems.

GOV.UK Verify style systems

We also looked in detail at the UK system, GOV.UK Verify, with the hope that one or more of the companies that participate in that scheme could adapt it for use in Jersey. The work we did in 2015-16 led us to believe that it was technically possible and would be acceptable to Islanders. However we were unable to establish the likely cost of such a system until we went to tender. We now know that the cost of a system like this would far exceed our budget. Taking something highly complex and trying to make it work economically on a small scale is a tough challenge.

Yoti

Fundamentally, what we need is a form of identification that is as trusted as a passport, but can be used online. Yoti provides this.

It has many uses, rather than just being for government services. This is key to achieving high levels of adoption. We expect it to help people in their everyday lives, for example proving you are over 18 when paying for a bottle of wine at a self-service supermarket checkout. We also expect that local businesses will take advantage of the easy-to-use tools to integrate Yoti with their websites.

Yoti will be in the Island soon to talk more about their system and how it can be used outside government.

Due diligence

From last October until March, a States of Jersey team carried out increasingly detailed due diligence on the Yoti system, reflecting that it is a startup company and the product is new. We were granted access to their people, technical documentation, financial information and business plans under a non-disclosure agreement. This gave us the confidence we needed to select the Yoti solution.

Cost model

Yoti works on a consumption-based pricing model – so we will pay for what we use. This is the dominant pricing model for cloud computing, and means that there is little or no up-front cost. We have projected the cost of government’s use of Yoti. We added the other costs that we are likely to incur, such as integration and marketing, to arrive at a five-year total cost of ownership. This total cost was substantially lower than the same calculation for the other tenders.

Yoti is motivated to continually improve its system, taking advantage of ever evolving technology. They will do this at their own expense, rather than the Jersey taxpayer’s, but Jersey will be able to take advantage of those enhancements.

Yoti has received some £35m of private investment, enabling them to launch in the UK, India and the USA. They are not dependent on revenue from the States of Jersey for the viability of their product. Jersey is a tiny market for them in terms of income, but makes a great testbed for their software – aligning with Digital Jersey objectives.

Security

Yoti’s approach to privacy and security was also a significant factor in the selection. Its innovative and revolutionary design puts individuals in control of their personal data. People choose which verified details they want to share. They get a digital receipt to confirm who they’ve shared details with. Individuals can share specific identity attributes, for example just their age and name, rather than disclosing their full identity with a paper ID document.

 

In the next edition I will expand on how the system will work in practice.

Our moderation policy