My Lords, it is good to see the Minister move seamlessly from intellectual property to digital and data, but both can sometimes create their own questions. Since this is the first time
we have debated One Login in the Lords, I hope that the Minister will not mind if she gets a large number of questions about the scheme. As I understand it, the goal of the One Login programme is to create a log-in database owned by the Government and containing the verified names, addresses, dates of birth, phone numbers and email addresses of everyone who uses—eventually—all Government-owned digital services, which is likely to be everyone in the country.
Perhaps unfairly, I have always thought of One Login with some scepticism, as the son or daughter of Verify, and not in a good way. The cost of the failed Verify scheme was over £200 million. It would be very useful as part of this debate to hear the cost of OneLogin so far and how much more is budgeted to be spent on its rollout. It does seem strange that the Government are having another crack at a single verification system, given the many other trustworthy existing systems that could be adopted.
First, I think it worth mentioning what the Secondary Legislation Scrutiny Committee said in its 55th report in October. I think it was rather baffled and scathing at the same time:
“This is a classic example of an Explanatory Memorandum … with too narrow a focus”.
I think it felt it was being bounced to some extent, without the context in which One Login was going to be designed to work. It said:
“We therefore request that the Cabinet Office revises its”
Explanatory Memorandum
“to include sufficient background information to enable any reader to understand the legislation’s practical effects”.
I suppose I am lucky in that I followed the gory progress of Verify through to One Login and the current date. I have some idea of the purpose behind One Login. As I understand it, the principal effect of these regulations is to allow the Government to share data for the purposes of identification. The SI does not restrict those flows of data; data can flow into the Cabinet Office as envisaged but identity data can also flow from the Cabinet Office to any other listed department. I hope that the Minister will be able to confirm that.
Will the Government allow population databases to be copied, whether openly or not? The revised Explanatory Memorandum is silent on this, and it is unclear if this assurance from the Government’s consultation response will be delivered. The response said:
“In particular, information will set out which departmental services are using identity verification services to support delivery and which will provide data to help departments establish who a person is”.
Will that actually happen? Will there be that level of transparency? There are apparently no safeguards on sharing bulk data if the Government want to share for this purpose across government. What transparency will there be if and when this takes place?
There is then the question of for whose benefit One Login really is. Is this a “better login to government” project, which many people might applaud, or is it a “one identity to government” project? The answer at the moment appears to be the latter. I say this because medConfidential, which I thank for its briefing, reports that a
“meeting held during the consultation was told that the Government’s intent is to actively prevent individuals from having multiple login accounts. A person may be able to have multiple email addresses— indeed, they may already do—but Government would attach them to a single ‘identity’. This regulation allows that database to be shared in bulk”.
Not to put too fine a point on it, that turns One Login into a tool of a centralising state—with implications for the privacy of the citizen—which the Government have previously assured us many times they were not building. I would therefore be extremely grateful if the Minister described the reality of One Login, as well as its purpose and operation.
At a roundtable on the consultation, the Government Digital Service apparently said that the regulation’s “first use is One Login”, which suggests there will be a second use. It is unclear to us to what extent the DWP will embrace One Login for government, for universal credit, for HMRC’s services, or indeed for the MoJ’s digital courts. What commitment from government departments and agencies is there? I can see that they are all listed, but Verify fell down precisely because of the lack of commitment from many government departments. What about the identities, too, of public servants? Will they be able to have multiple identities as both citizen and employee? What is the reality of that?
6 pm
The SI allows any identity information to be shared from and to almost anywhere across those government departments, and any restrictions appear to depend entirely on current departmental policy, not on legislation or regulation. There is, it seems, no explicit assessment of compliance with the identity assurance principles set out by the Privacy and Consumer Advisory Group in 2015. Do those principles remain government policy, despite that group currently being reconstituted? To summarise, these are an important set of principles, covering user control, transparency, multiplicity, data minimisation, data quality, service user access and portability, certification, dispute resolution and exceptional circumstances. Will all those principles be observed, and do the Government commit to them again? If so, what independent scrutiny will check that they are being observed in the course of the operation of One Login?
I do not really understand why the Government are proposing that this much identity data should be shareable in bulk to this many government departments with this little oversight. There must be explicit limits so that data may be shared only to the Cabinet Office, with explicit limits on what it may share to others. What is sauce for the goose is sauce for the gander. Not that long ago, the Government set out a framework for identity verification for the private sector, with clear forms of authentication and certification—indeed, many people thought that it was over-elaborate—but I see nothing in the scheme of One Login that means that there is that equivalent form of authentication and certification.
This is an exceptionally broad power with almost no oversight. It is far broader than is remotely acceptable or than those other powers under the DEA. Where do biometrics and genomic data fit? Can they be shared
in the same way as the other data? Again, what standards will the system conform to? We need to know about that. One Login will have a great deal of information on users and the government services they use. As drafted, it looks as if that will all be within scope of the sharing powers. Is that correct?
Will the GDS be the accountable agency in providing all the details of a verified identity document to any department? For instance, if it is disclosing that somebody is a former prisoner or the nationality of the passport that they used to validate their identity, to whom are complaints made and where is there redress if that is not done properly?
In summary, there are many questions but three key ones for the Minister to answer. First, what is the real answer to this: has the Government’s One Login moved from a convenient “better log-in to government” project to a “one identity to government” project? Secondly, can the entire database be shared, in bulk, to almost anywhere in government for any purpose? Thirdly, what independent oversight of the One Login system will there be and what standards will it conform to? I heard what the Minister said about the public service delivery board and wonder whether it has something to do with oversight, but maybe not.