Bad security engineering kills project

William Heath wmheath at
Thu Sep 5 14:03:00 BST 2013

The suppliers on cross-government ID assurance were announced Monday

As I understand it DWP decided some months ago to focus on UC just for new
claimants first. New claimants have a f2f interview at Job Centres anyway,
so online ID Assurance took something of a back seat among many pressing
priorities for them, but remained urgent across HMG. That's why GDS is now
the lead on it (ie GDS took over the contracts and the process from DWP).

In terms of function it might be relevant to look at the  draft privacy
principles for ID assurance. These are still open to consultation; the
deadline is a couple of weeks away -


On 5 September 2013 12:59, Ian Batten <igb at> wrote:

> NAO report on the Universal Credit car-crash.
> Entertainment, in a rather bleak sense, is available from Figure 2, in
> Appendix 5 on page 50.  It sets out the security objectives, most of which
> have not been met.
> The one that jumps off the page is ID Assurance, which you'd have thought
> would be the most critical and challenging part of a programme that pays
> out more than a billion pounds per week.  Because anything that's rolled
> out is going to be the de-facto ID scheme for citizen-to-government
> transactions over the next ten years, and once started, any programme is
> very hard to change.  They don't have anything ready to take to Pathfinder,
> which means that the Pathfinder project can't implement more than a small
> subset of the overall requirement.
> Does anyone know what the candidate technologies are?  I've seen all sorts
> of proposals, but nothing beyond the "yeah, we might look at" stage.
> ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ukcrypto mailing list