Supplementary written evidence submitted
by the Home Office (Malware 00a)
LETTER TO THE CHAIR OF THE COMMITTEE FROM
JAMES BROKENSHIRE MP, PARLIAMENTARY UNDER-SECRETARY OF STATE FOR
CRIME AND SECURITY, HOME OFFICE, 28 NOVEMBER 2011
Thank you for the opportunity to give evidence to
the Science and Technology Committee's enquiry on malware and
cyber crime. I welcome the Committee's engagement in considering
ways of tackling this increasingly important issue and look forward
to your report.
I undertook to write regarding the question of progress
on the Identity Assurance programme. The programme, which sits
within the Government Digital Service and is led by the Minister
for the Cabinet Office, Rt Hon Francis Maude MP, is working with
departments to develop a federated identity assurance model. Ms
Nash raised the question of whether the programme was on schedule,
as she believed a prototype was to have been tested in October.
I am happy to confirm that, in line with the stated
schedule, a prototype was made available in October, in the form
of a Beta solution developed by the DWP Universal Credit programme.
This sought to prove various technical aspects of the proposed
architecture, and was successfully tested with a number of potential
private sector Identity Service Providers. The wider cross-governmental
solution is now being reviewed and further developed following
feedback from the commercial sector.
It might be helpful for me to provide some further
information about the purposes of the scheme. The Identity Assurance
programme deals with the way a service provider can be assured
that the customer or user is who they say they are as they access
Government services. The user will be able to choose an identity
assurance service from a range of certified providers; the user
may choose to register for one or many of these services. The
model will place the user in control. The user will determine
how his or her personal data is disclosed when registering to
create a digital identity and subsequently when the digital identity
is used.
A principal difference with the now defunct National
Identity Scheme is that it discards the reliance on a central
identity register in favour of a decentralised, federated structure.
Public service providers will determine the level of identity
assurance they require; the user will then meet those requirements
using an identity provider.
The Identity Assurance Programme is working with
Industry, the National Fraud Authority, National Fraud Intelligence
Bureau, Serious Organised Crime Agency, CESG (the UK's National
Technical Authority for Information Assurance) and other interested
stakeholders to ensure the design has appropriate capabilities
to combat fraud, protect the user's privacy and enhance the customer
experience of digital transactions.
The programme supports the "digital by default"
policy. Digital transactions offer both convenience for customers
and cost saving opportunities for public service providers. For
the model to be successful there must also be benefits for commercial
identity service providers. The programme's commercial workstream
is working with industry to develop suitable commercial models.
Mike Bracken (Executive Director of Government Digital
Service) took over as SRO for the Identity Assurance Programme
at the beginning of October. Funding for this programme has now
been agreed and a review of the existing programme and associated
resources will be undertaken and completed by the end of the year.
Our ambition is for this programme to create new
private sector enterprise, new investment, more jobs and ultimately
produce trusted solutions, which will be key to ensuring citizens
have greater confidence to engage with public (and private) sector
services online.
I hope this will reassure the Committee about the
progress of the programme and the importance of this work to improving
the security and accessibility of Government services.
James Brokenshire MP
Parliamentary Under-Secretary of State
for Crime and Security
Home Office
November 2011
|