Malware and cyber crime - Science and Technology Committee Contents

Supplementary written evidence submitted by the Home Office (Malware 00a)


Thank you for the opportunity to give evidence to the Science and Technology Committee's enquiry on malware and cyber crime. I welcome the Committee's engagement in considering ways of tackling this increasingly important issue and look forward to your report.

I undertook to write regarding the question of progress on the Identity Assurance programme. The programme, which sits within the Government Digital Service and is led by the Minister for the Cabinet Office, Rt Hon Francis Maude MP, is working with departments to develop a federated identity assurance model. Ms Nash raised the question of whether the programme was on schedule, as she believed a prototype was to have been tested in October.

I am happy to confirm that, in line with the stated schedule, a prototype was made available in October, in the form of a Beta solution developed by the DWP Universal Credit programme. This sought to prove various technical aspects of the proposed architecture, and was successfully tested with a number of potential private sector Identity Service Providers. The wider cross-governmental solution is now being reviewed and further developed following feedback from the commercial sector.

It might be helpful for me to provide some further information about the purposes of the scheme. The Identity Assurance programme deals with the way a service provider can be assured that the customer or user is who they say they are as they access Government services. The user will be able to choose an identity assurance service from a range of certified providers; the user may choose to register for one or many of these services. The model will place the user in control. The user will determine how his or her personal data is disclosed when registering to create a digital identity and subsequently when the digital identity is used.

A principal difference with the now defunct National Identity Scheme is that it discards the reliance on a central identity register in favour of a decentralised, federated structure. Public service providers will determine the level of identity assurance they require; the user will then meet those requirements using an identity provider.

The Identity Assurance Programme is working with Industry, the National Fraud Authority, National Fraud Intelligence Bureau, Serious Organised Crime Agency, CESG (the UK's National Technical Authority for Information Assurance) and other interested stakeholders to ensure the design has appropriate capabilities to combat fraud, protect the user's privacy and enhance the customer experience of digital transactions.

The programme supports the "digital by default" policy. Digital transactions offer both convenience for customers and cost saving opportunities for public service providers. For the model to be successful there must also be benefits for commercial identity service providers. The programme's commercial workstream is working with industry to develop suitable commercial models.

Mike Bracken (Executive Director of Government Digital Service) took over as SRO for the Identity Assurance Programme at the beginning of October. Funding for this programme has now been agreed and a review of the existing programme and associated resources will be undertaken and completed by the end of the year.

Our ambition is for this programme to create new private sector enterprise, new investment, more jobs and ultimately produce trusted solutions, which will be key to ensuring citizens have greater confidence to engage with public (and private) sector services online.

I hope this will reassure the Committee about the progress of the programme and the importance of this work to improving the security and accessibility of Government services.

James Brokenshire MP
Parliamentary Under-Secretary of State for Crime and Security
Home Office

November 2011

previous page contents next page

© Parliamentary copyright 2012
Prepared 2 February 2012