Social media activity could be used to assist identity authentication in the GOV.UK Verify service, after a project by the Open Identity Exchange (OIX) was completed.
The project, which was carried out on behalf of the Government Digital Service (GDS), is part of a move to increase GOV.UK Verify’s demographic coverage.
In a blog post, the GDS said that it has been looking at projects that consider the use of different sources of activity history when proving an individual is who they say they are. This is because adding more data sources and a choice of methods will open up GOV.UK Verify to more people.
The post explained that there five different elements involved in identity verification, and a chosen certified company has to achieve specific thresholds in each one before they can verify an identity. Although the creation of many online accounts does not require details of a real identity at the point the account is set up, the accounts themselves are potentially a useful source of evidence that an identity has been active over time. This means the accounts can provide evidence of activity history, as described in the Good Practice Guide 45, under Element E.
Testing a hypothesis with the OIX
“Because of this,” the post said, “we recently took part in an Open Identity Exchange (OIX) Alpha project, together with Post Office, Experian, Verizon, LexisNexis and Veridu. The project looked at the online activity (social network data) of users and explored how an individual might release this in order to prove activity related to their identity over time. The project tested the following hypothesis: ‘A service providing online activity verification data allows for assertion of activity history of an individual and contributes to establishing a trustworthy digital identity for access to online services’.”
The project took place between March and June 2016 and consisted of user research where the concept was tested with the user and testing of a service developed specifically for this project. This was a follow on to an OIX project conducted in 2013 that looked at the use of social login data for digital identities.
The user research involved 12 one-to-one sessions with users who were taken through the prototype of the user journey where a page allowed them to choose from a number of online accounts to prove their activity history.
The overall reaction to using online accounts such as Facebook, PayPal, LinkedIn and others as part of the process of proving identity was positive.
The younger the participant, the more likely they were to complete the task with ease. Users from the older demographic, while still completing the task, were more likely to raise privacy concerns or to be worried that their data would be used for purposes other than identity verification.
The post added: “Compared to the findings from 2013-2014, our recent research suggests that people appear to be becoming more amenable to using online activity verification and allowing certified companies access to their personal online accounts to acquire a verified identity that gives safer, faster access to government services. Since 2013, there have also been developments in technology that allows for detection of whether the user is a real person or not. With these advancements the activity history of online accounts is much more valuable in an identity verification context.”
Figures show 3.6 million fraud cases and two million computer misuse offences were committed last year
New report sets agenda for change and notes wider, structural issues that require further attention
Old school antivirus security software fails to protect patient records
HMRC is making it faster and simpler for customers to confirm their identity to access its services through the introduction of voice recognition technology