1.1 The Government Digital Service (GDS/the Authority) is a new organisation that has been created through a merger of the Cabinet Office Digital Delivery and Digital Engagement teams with Directgov, the "one-stop shop" for online government. It is the aim of GDS to be the centre for digital government in the UK, building and championing a 'digital culture' that puts the user first and delivers the best, low-cost public services possible.
1.2 GDS is responsible for implementing the recommendations set out in the 2010 review of Directgov, undertaken by Martha Lane Fox. These recommendations called for the overhaul of 750 separate government websites, to be replaced by a single Internet "front-door" to public services on the web.
2.1 When members of the public transact with government online – for example when applying for a provisional driving licence or completing their tax self assessment - they need to prove their identity for the transaction to be successful. This relies on accurate and up-to-date back end systems (which verify an individual’s personal details) and an easy to use interface that supports the user task at hand.
2.2 Registration and authentication with government currently deters customers from accessing services online. This has been attributed to factors such as:
2.2.1 The effort required of the user to go through the initial registration and subsequent login procedure, which are known to be complex and counter-intuitive;
2.2.2 The fact that this process might have to be repeated at an individual service level – even though the customer might perceive all government services as being provided by the “one government”; and
2.2.3 The burden of responsibility placed on the user to remember complex user IDs, passwords and activation codes.
2.3 From an internal perspective, citizens tend to update their personal details with government as and when they need to. It is not a priority for citizens and as a result it is common for government records to be out of date. This presents an issue for digital verification as the input from the user (e.g. new home address) does not match the record held by government (e.g. old home address) and therefore the system returns a data mis-match. From a user’s perspective this means that they cannot move forward with their online task as the back end system doesn’t recognise their details.
2.4 As a result GDS is leading on a project to investigate a new model for online authentication, which is intended to improve the overall user experience. The core focus of this research project is to understand the current landscape e.g. how people authenticate themselves online, explore how the new model might work in the future, how well the concept is received by citizens and in particular to investigate how the customer experience can be optimised.
3.1.1 In the proposed new model government will not own an individual’s data. Instead government will work with trusted identity assurance providers that have current data sets and greater expertise in data management. This is explained by the illustration below:
Figure 1 – Illustration of new identity assurance concept
3.1.2 In this model citizens navigate through GOV.UK to access a particular government service/transaction. The user will arrive at a page on GOV.UK and will be asked to log-in to an identity provider”. The user will then be asked to select a trusted provider, such as their bank, to verify their identity. It is the identity provider’s role to check and verify the individual’s identity on behalf of government. The user has a choice of identity provider. Once a user’s identity has been confirmed, the user is able to move through the process and complete the transaction. The “identity provider” acts as the doorway into the transaction.
3.1.3 It is accepted that this is a new concept for most mainstream users of Government services. To date several high profile private sector companies have agreed to work with major Government Departments to develop the scheme. It is important to note that this is not a government only solution. The concept of ‘open identity’ is already being used in the market place and this project reflects current industry thinking and future advancements.
3.1.4 However it is not a concept that will be familiar to the average UK citizen. Most people will not have experienced this type of mechanism before and it is therefore essential to test the concept and its execution to understand how it can best be optimised.
3.2 Benefits of the new model
3.2.1 Internally it is believed that there are several key benefits to adopting this approach. It is not however known whether these benefits will resonate with members of the public. The key benefits are described below:
188.8.131.52 Only one digital identity
Citizens will be able to use and re-use registration details that they have set up elsewhere (e.g. with their bank) to transact with government. This means that they will have fewer log-in details to recall. It also means that they won’t have to keep re-registering with different Government Departments;
184.108.40.206 Higher success rates
The identity providers will have more up to date records than those held by government. This means that a higher proportion of people’s details will be recognised and verified online. In addition, the quality of authentication given by the identity provider will remove the need for government to verify citizens in a face-to-face context. This will enable the end-to-end transactions to take place digitally;
220.127.116.11 Control & choice
Citizens will be in control of their own data. They will get to decide which identity providers vouch for their identity; and
18.104.22.168 Personal data stores
Data is a valuable commodity. Traditionally data is held by large organisations and these organisations are constantly under threat from hackers who want to steal people’s identities. To increase security the industry is moving towards a concept of distributed personal data stores. This means that everyone will have their own personal data store, which is held separately from everyone else’s data. It is believed that a structure of this nature will deter criminals from committing identity theft. For example, if a hacker manages to access a large database then they will have access to thousands of people’s identities. In a world of personal data stores the hacker would have to use the same amount of energy to hack into one personal data store, but if successful, they would only acquire one identity. The incentive to commit identity fraud is therefore greatly reduced.
3.3 Business Objectives
3.3.1 This project aims to address the points discussed in section 2 and thus define a customer experience for accessing public services that will overcome (or at least aim to address) the current deterrents. The proposed solution will:
22.214.171.124 Empower the customer by allowing them the choice to use the accredited identity provider service of their choice, as appropriate for the transaction;
126.96.36.199 Be simple and intuitive for ALL users: such as negating the need to register with each digital service; negating the need for a customer to remember login details for each and every digital service;
188.8.131.52 Build trust with the customer by providing a suitably secure mechanism for accessing public services; and
184.108.40.206 Encourage the customer to conduct further transactions online.
The Authority is looking to commission two pieces of research.
4.1 Phase 1
4.1.1 The key objectives of the first phase of research are to provide evidence based research answering the following questions:
220.127.116.11 Overall reaction to the concept
(a) What language / models enable people to understand the concept?
(b) What are their first impressions?
(c) Which services do they feel more/less comfortable using it on?
(d) What are the perceived benefits?
(i) listen out for any financial benefits for government and tax payers
(e) How motivating are the perceived benefits?
(f) Would the idea encourage people to do more transactions online?
(g) What are the potential barriers to use?
(h) What are people’s key concerns?
18.104.22.168 What identity verification mechanisms do they use are the moment? E.G Verify by Visa, Post Office, Paypal, Facebook, Twitter etc.
(a) How do they feel about these types of identity providers?
(b) Do they trust some more than others? Why etc
(c) Which ones would they use to verify themselves with government?
(d) Would some services be more suitable than others?
(e) What do they understand about where their data is stored? Does this matter?
(f) Understand general feelings towards security?
22.214.171.124 Communicating/educating the user
(a) How do we educate people about the potential change in authentication for online government services?
(b) How can they be encouraged to use the service?
(c) What messages should be used?
(d) What methods should be used to communicate the messages (vox pops, avitars, leaflets, mail shots, point of sale etc).
(e) At what point should methods be employed e.g. avatars, vox pops on screen, leaflets at Post Offices etc.
(f) Is it appropriate for partners to help educate on the change?
(g) Which partners would be suitable/which would not?
126.96.36.199 Please note that in addition to this research the Authority will also conduct usability testing, to be carried out in parallel with this piece of work.
4.2 Methodology Phase 1
188.8.131.52 Given the nature of this research, the Authority would anticipate a qualitative approach.
184.108.40.206 The Authority is keen to hear the Potential Provider’s thinking on the most suitable methodology or combination of methodologies for confidently answering the research questions outlined above.
220.127.116.11 The overall approach will need to be agreed with the project team.
4.2.2 Test Stimulus Phase 1
18.104.22.168 The Authority would like the Potential Provider to support them with the production of test stimulus for this project. This is likely to be a difficult concept for respondents to grasp, particularly as they won’t have had much/any exposure to this type of mechanisms in real life.
22.214.171.124 The Authority will lead on the production of a clickable prototype to test reactions to the customer experience, but will look to the Potential Provider to support and advise on the best way to structure any other test material.
126.96.36.199 The Potential Provider shall recommend how any test materials can be most usefully employed to help us achieve our objectives.
188.8.131.52 The project team believes that the success of this project will partly hinge on the use of creative and compelling stimulus, which will help to convey the idea to the public. The project team is open-minded about the type and nature of test stimulus and will look to the competing agencies to recommend suggestions.
4.2.3 Recruitment Phase 1
184.108.40.206 The Potential Provider should recommend an approach to recruitment and sourcing of a sample with characteristics they feel would be appropriate to include in the study given the research questions outlined in Section 6. Initial thinking suggests the following characteristics would be of interest in this study:
(a) Representative spread of the population >16 in the UK to enable testing on a number government services.
(b) Spread on exposure/awareness to verification providers.
(c) Spread of attitudes to online data security, and confidence in data sharing online.
(d) They do not reject the idea of authenticating/transacting online.
(e) Customers that have a footprint with the government now and will do so in the future e.g. benefit claiming customers and customers applying for car tax.
(f) Those people who may find it difficult to use online services, for whatever reason.
220.127.116.11 Potential Providers Capability Profile / Skills and experience Phase 1
(a) The Potential Provider must have research expertise and experience in:
(i) Eliciting people’s needs, motivations and goals
(ii) Knowledge of authentication processes
(iii) Concept development expertise, particularly navigational concepts and early designs
(iv) Ability to apply this insight to the design of successful online user journeys
4.3 Phase 2
4.3.1 Secondly, a quantitative survey is required to measure the outputs of the qualitative work and to get a picture of the UK’s usage of identity verification and their attitudes towards it.
4.3.2 It is proposed that this second phase will be carried out by an omnibus survey, covering a representative sample of the UK.
5.1 Upon Contract Award, the successful Supplier shall ensure that the Contract is signed and returned to the Government Procurement Service (working on behalf of the Authority) by Tuesday, 20 November 2012.
5.2 It is the intention of the Authority that the deliverables of the Contract will be completed over a 6 month period, with Phase 1 being completed by 31 December 2012.
6.1 The Authority will measure the quality of the delivery by:
6.1.1 Authority satisfaction – the successful completion of the key deliverables to the satisfaction of the Authority; and
6.1.2 Timeliness – i.e. the degree of the success or otherwise of meeting the deadlines for the key deliverable and any other agreed thereafter.
6.2 All deadlines and deliverables will be finalised and agreed with the successful Supplier on Commencement of the Contract.
7.1 Occasional working at Aviation House, WC2A, London will be necessary.
7.2 No travel expenses will be paid.
8.1 The maximum budget for this Contract for both phases is £80,000 excluding VAT.
8.2 Potential Providers should ensure that their Tender Response reflects all the requirements of the Contract and that value is added at each stage.
8.3 Any Tenders received with prices exceeding this budget will be deemed non-compliant and will not be evaluated.