Gov.UK Verify, the Cabinet Office's in-house identity scheme intended to govern access to public services, has finally been launched, years late and to intense criticism.
Verify's purpose is for citizens to register to use government services quickly and easily by matching their identity to other systems.
"When you use Gov.UK Verify to access a government service you choose from a list of companies certified to verify your identity," the government said.
"It’s safe because information is not stored centrally, and there’s no unnecessary sharing of information. The company you choose doesn’t know which service you’re trying to access, and the government department doesn’t know which company you choose."
However, campaigners have argued that Verify is unnecessary and limited, potentially insecure and will encourage users effectively to cede control of valuable personal information to the eight private contractors picked to oversee the scheme: Barclays, CitizenSafe, Digidentity, Experian, Post Office, Royal Mail, SecureIdentity and Verizon.
Critics have also pointed out that businesses cannot use the system, negating its purpose somewhat.
"With Gov.UK Verify you can only register individuals. You can't register companies, partnerships, trusts, sports associations and all the other types of legal 'person' that the Government Gateway can handle," said campaigner David Moss.
As a result, HMRC is building its own identity scheme before the Government Gateway is closed down at the end of March 2018, rather than relying on Gov.UK Verify to finally include such functionality into its systems in time, if it can overcome performance problems that still dog the system even after launch.
Campaigners have a number of other objections too. They warned that the level of information users will have to hand over to the third-party organisations handling the scheme, some based overseas, means that they risk losing control of their personal information.
In addition to name, gender, date of birth and address, "you have to hand over your passport details in minute detail - number, date of issue, date of expiry - and even more details about your driving licence", said Moss.
Users also need to answer a range of largely financial questions drawn from files kept by credit reference agencies, bearing in mind, of course, that those agencies have now started collecting information on bill and rent payments, as well as current and savings account status, and credit card and mortgage payments.
"They've asked the question: 'What is a person?' and their answer is: 'A person is a credit history,'" said Moss. "So you have to answer a lot of questions about the balance of your current account or when you took out a mortgage or anything that the likes of Experian or Equifax are likely to know about your core credit."
Moss took out seven identities to test the system. "After a while it started to feel rather intrusive. I was giving very detailed information about myself to Digidentity, a Dutch company," he explained.
"I was giving it to Safran Morpho, a French company trading as SecureIdentity for Gov.UK Verify. Why was I giving them line six on my driving licence details?"
Moss added that all these details were from documents issued by the government in the first place.
And, added Moss, having handed over this information to various third parties, who's to say where the data could end up in the future?
Campaigners also argue that the whole project is unnecessary. The Government Gateway has been running since 2001, not just supporting access to public services for individuals, but enabling companies to pay taxes and other legal entities to interact with the government. It works, they say, and does not need to be retired.
They suggest that Gov.UK.Verify will provide a false sense of reassurance, as ultimately only a user name and password stand between the honeypot of personal information and any miscreant who wants to use it.
Furthermore, said Moss, if users want to cancel their Gov.UK.Verify accounts the private companies holding the information will keep it for seven years - just in case. "You can't delete it yourself. You have to wait for them to delete it," he said.
Independent studies have also suggested that the architecture of Gov.UK Verify (as well as its US equivalent) may well be fundamentally flawed.
"Both systems propose a brokered identification architecture, where an online central hub mediates user authentications between identity providers and service providers," said researchers from University College London.
"We show that the US Federal Cloud Credential Exchange and Gov.UK Verify suffer from serious privacy and security shortcomings, fail to comply with privacy-preserving guidelines they are meant to follow, and may actually degrade user privacy."
Of course, fundamental security or conception flaws have rarely been considered a good enough reason for a government to abandon a policy. So Gov.UK Verify will go on, but it will be some time before it achieves what was originally promised, if it ever does.
Claims to have "the most competitive logic density" in the industry
Dell's high-end mobile workstations upgraded with Intel Coffee Lake CPUs
Webstresser admins were also arrested in the UK, Croatia, Canada and Serbia
Security firm claims that 117,638 sites out of 135,035 analysed contain serious security flaws