Gov.UK responds to academics' claims that its e-identity system is insecure

Gov.UK Verify head Janet Hughes invites researchers to work with them on privacy and security

Gov.UK has responded to claims in a research paper by University College London academics that its Gov.UK Verify e-identity system is insecure.

"Gov.UK Verify protects users' privacy. It has been designed to meet the principles developed by our privacy and consumer advisory group. GOV.UK Verify does not allow for mass surveillance," wrote Janet Hughes, head of policy & engagement, Identity Assurance Programme, in a blog post.

"Only minimal data passes through the Gov.UK Verify hub. The person's name, address and date of birth (and gender, if the user has chosen to state it) is sent through the hub to a government department the person is trying to access.

"This only happens when the person accesses a service through Gov.UK Verify - the data is sent through the hub for the purposes of matching the person to the record that is already held about them in that department. No data about the person's interactions or activities within certified companies or government departments passes through the hub.

"We are working with the author of the paper to clarify this aspect and provide assurance on the issues raised. We have invited one of the authors, Dr Danezis, to join our privacy and consumer advisory group (and we are pleased he has accepted the invitation), so that we can continue to consult a range of experts and privacy and consumer groups on our approach to these important issues."

Hughes was writing after the three UCL researchers published a paper criticising the security of both the Gov.UK Verify scheme, as well as the US Federal Cloud Credential Exchange (FCCX). Both schemes are similar in terms of both intent and approach, as well as in architectural terms.

"We have evidenced severe privacy and security problems in FCCX and Gov.UK Verify and have shown feasible solutions to address them. Passively, the hub is able to profile all users in respect to their interactions across different service providers. If compromised, the hub can even actively impersonate users to gain access to their accounts (and the associated private data) at service providers. This represents a serious danger to citizen privacy and, more generally, to civil liberties," they say.

They continue: "The described vulnerabilities are exploitable and could lead to undetected mass surveillance, completely at odds with the views of the research community whose scientific advances enable feasible solutions that are more private and secure.

"Based on the findings presented in this paper, we believe that a security review should lead to fundamental structural adjustments in the interest of privacy and security. It is clear that the FCCX and Gov.UK Verify do not adequately consider the need for resilience against a compromised hub and fail to address plausible threats."

See earlier: Gov.UK Verify identity management system riddled with 'severe privacy and security problems', warn UCL academics