Digital

Public service identity

Assistant Secretary General in the Department of Social Protection Tim Duggan outlines the improvements to access to public services including Ireland’s Public Services Card and MyGovID.

In dealing with identity management in the public service in the provision of the public service transactions, the Department has always aimed to find a mechanism that would allow people to identify themselves or be identified regardless of which channel they are using.

Duggan explains that there are four key elements to how this is currently being done:

1. Public Service Identity (PSI);

2. Standard Authentication Framework Environment (SAFE);

3. Public Services Card (PSC); and

4. MyGovID.

The first is PSI, a data set made up of around a dozen elements that when combined uniquely identify people. As well as the unique Personal Public Services Number (PPSN) needed to create a public service transaction, the data set is compiled of general known information including among others: name, address, date of birth and nationality.

The PSI data set became key to Ireland’s move towards tackling identity in a public service context over a decade ago in the face of a switch towards a more cosmopolitan and heterogeneous society. SAFE, the inter-departmental initiative, geared at finding a common standard way of identification, regardless of what channel they presented themselves to public services, was endorsed by the Government, meaning that in Ireland there now exists only one government-approved set of rules, standards and protocols to be used by public bodies when authenticating a person’s identity.

Duggan says: “The aim here was to ensure the data verification was sufficient but not over the top.” Within SAFE there exists four levels of assurance of identity, ranging from safe level zero, which is no assurance at all, through to safe level three, which is explained as beyond reasonable doubt. Duggan continues: “beyond reasonable doubt, if ever possible, would likely require more extreme measures such as DNA verification. Safe level two, which we use, provides substantial assurance. The framework we have built allows for the extension of gathered data but I have yet to hear of a public body who has voiced a business need for such a level of assurance around identity.”

What makes Ireland distinct from the UK system, and an element which Duggan stresses is key to the success of identity verification, is the requirement for face-to-face registration. As well as capturing a person’s picture and signature digitally, the Department are also able to undergo an intensive verification of identity, either through utilising their ownership of the public sector identity data set to cross-check existing public sector databases or through substantial documentary evidence supplied by the person.

 

“We finally have a means by which we can identify people digitally to provide them with really high value online services.”

Only when a person has satisfied these criteria is a facial image match carried out between the image taken on the day and against other facial image repositories in the public service, such as the passport office. A person’s mobile phone number is also captured for potential digital use at a later stage and a person’s public sector record is then elevated to safe level two, prompting the release of the physical Public Services Card (PSC).

Discussing the practicalities of the card, Duggan explains that it has two chip components, one visible contact chip which holds the person’s identity data and a second contactless chip with the capability to store applications. To date, only one application has been utilised on the card, an integrated ticketed system application for free travel customers but the success of the application has prompted other public bodies to explore potential for use and plans are ongoing to make it available for commercial discounting promotions.

The latest advancement in public service identification is that the Department have now extended it to provide online identity authentication. Duggan explains: “This for me has always been the goal because the single biggest challenge I have witnessed in the years I spent working in IT was how to authentically verify people sufficiently well, in a digital environment, so that we could offer them really high value, long-term and personalised services.”

Duggan references digital access to sensitive information such as medical or financial records, areas where Google verification or other similar services are not sufficient. The key to being able to offer digital authentication lies in the process of the previous steps taken by the Department, most importantly identification to safe level two.

“Because we have physically, face-to-face registered people, we are now able to give them a set of credentials based on that registration which gives us the level of assurance that we are dealing with that person. The whole idea of MyGovID is that it can be used by every single public service body, eradicating the need for people to multi-register identities and making the digital transition between public body services seamless for the user.”

A two-layered account approach allows the user to access basic services through the usual email, password and contact information input, however, for high level or personal services, further verification is required using the data for registration to safe level two, and importantly, utilising the mobile phone capture done at this stage, to easily transact a verification pin.

“We finally have a means by which we can identify people digitally to provide them with really high value online services. The whole idea here is that we build a trust framework, a way that the hundreds of public bodies can rely totally on this set of credentials to give services of high value or of a personal nature to people without having engaged with them physically.

“It’s great for the citizen in the sense that they have only one way of engaging with all of public service bodies, it’s great for the bodies themselves because they are given trust reassurance based on the detailed process which supports digital registration and it’s great for central government because it represents one investment accommodating all public bodies availing of the service.

“It’s also expandable in the sense that even if all of that isn’t substantial enough for a public body, then it can still form a detailed base from which extra layers of security can be built on top. We have built it in a way that it can be layered to facilitate people with very different needs.”

Show More
Back to top button