Report suggests Facebook activity could be used for online identity verification
The public has become more amenable to allowing the government access to online accounts like Facebook and PayPal in order to help it verify who they are, according to research by the Open Identity Exchange.
Facebook could be used to prove you are who you say you are - Photo credit: Flickr, Sarah Marshall
The work was carried out with six partners, including the Government Digital Service and Veridu, and assessed whether social networks and online accounts would be suitable evidence when creating a digital identity, such as the government’s GOV.UK Verify.
It found that there had been a “significant change” in users’ willingness to allow access to online accounts in order to verify their identities, when compared with a similar study in 2013 – which identified a general lack of understanding of the process and concerns about privacy.
In addition, an alpha test to see whether such a verification system would work was deemed successful and the OIX report recommended that it be developed into a commercial beta service.
The idea behind the research is to increase the number of people who are able to register for such services – the government wants to see 90% of people who need to use GOV.UK Verify being able to by the end of the year.
At the moment, the certified companies that carry out identity checks often rely on credit history to measure activity history, but this can prevent some people – particularly young people or immigrants – from using the service.
Social networks and online accounts offer a solution to this, with research commissioned by the GDS found that 52% of UK adults have a social media account they use at least once a month. It estimates that GOV.UK Verify coverage could increase by 9% overall and by 38% for people aged between 16 and 25 if it used social media activity.
The OIX research involved 12 face-to-face interviews with users followed by a round of internal testing by 86 participants of a gateway that was developed by Veridu specifically for the project.
PayPal most trusted
The user testing found that all participants understood the concept of identity verification – a big increase on the 2013 work, which the report said could be due an increased use of e-commerce transactions – and two-thirds said they would use the service.
Most people – 36% – in the first round of testing chose PayPal as their first option to verify their online activity, which the report suggests could be due to its association with banking and the fact it doesn’t contain social data.
The report said that Facebook elicited the most emotive response, with many saying they would not want the government or the third part company carrying out the tests having access to the information in their Facebook accounts.
Despite this, 18% of testers chose Facebook as their first choice, which the report said could be because people are often continuously logged-in to the site as well as the use of Facebook Connect to log in to other services.
LinkedIn was the most popular second choice – 30% of all second choices – which the report said might be because it has limited personal data and is seen as storing work information. Meanwhile, Twitter and Dropbox were not chosen by any users.
The report added that by offering participants a range of options – rather than only Facebook – it allayed concerns about companies or the government wanting access to personal information.
In the second phase of the research, 86 volunteers – most of whom were aged between 25 and 44 – used a test system developed by Veridu to see whether such online accounts could be used to verify identities.
The pass rate for the 180-day activity threshold - which is the standard required by GOV.UK Verify - was 82%, while the 360-day pass-rate was 60%. There was little difference between men and women in the shorter period, but for the longer time period it was 55% for men and 70% for women.
The OIX report recommended that Veridu work with certified companies to develop the test so that it satisfies government verification standards and can be scaled up.
Meanwhile, the GDS said in a blogpost that uit was taking forward a number of projects with private sector bodies to see how they can improve GOV.UK Verify’s coverage.
It added that it was interested in hearing from others who are developing similar identity services from new data sources.
The publication of the research follows calls from the representative bodies for tech companies, TechUK, for GDS to increase the data sources it uses for verification as it expands the system to local government.
It said that the current standards for authentication are “likely to be too high for most local government services” and needed to be revised.
Home Office issues tender for £2m project
Institution invites suppliers to help manage process of warehousing, archiving, and deleting data
Metro mayor Andy Street seeks leader to front 'digital revolution'
Mapping agency seeks input for three-month project to define long-term data strategy, including necessary skills and technology infrastructure
BT's Malcolm Stokes explains how organisations can attribute accurate figures to cyber risks in order to make a viable business case.
BT's Ben Azvine argues that the frequency and impact of breaches is increasing and we need to continuously adapt and innovate to stay ahead of the threat environment
BT has a team of over 2,500 security experts working to maintain the highest standards. Here we meet some of them and find out what they do.
BT's Amy Lemberger argues that having the right security in place to protect your organisation is no longer just an option. It is a necessity.