Rewiring the State
With the launch of their election manifesto earlier today, Labour announced plans for a new expanded fraud strategy to tackle public sector fraud by working with technology companies.
Fraud in the UK has reached epidemic proportions. Across government, fraud and error costs between £29.3 and £51.8 billion per year and criminal gangs can syphon hundreds of millions of pounds out of the UK’s welfare system without ever stepping foot in the country.
If the next government wants to cut the cost of fraud and improve the delivery of public services, they will need to make some fundamental changes to the way government issues, collects and processes personal data.
Consider the Department for Work and Pensions (DWP), which administers benefits for millions of UK citizens. To determine eligibility and process payments, the DWP needs numerous bits of personal information and documents from applicants, many of which were issued by other parts of the state.
It takes time for citizens to gather and submit this information and even longer for departments to process it. An estimated 75-80% of the DWP’s 85,000 staff are directly involved in processing claims, at an annual cost to the taxpayer of approximately £3 billion.
It’s incredibly easy for criminals to commit fraud by simply entering false information, purchased on the dark web for as little as £10. As a result, fraud now accounts for 40% of all crime and in 2022, 13% of claims for Universal Credit were found to be fraudulent.
These figures illustrate the scale of the problem and highlight the urgent need for reform.
In 2023, with experts from Demos and the Oxford Internet Institute, I looked at how this could work in practice.
The approach we proposed would allow departments like the DWP to ask for the information they need from citizens in the form of standardised “requests”. These requests would be routed securely by the citizen’s smartphone or computer, with their consent, to the government department or company that held the necessary information.
In other words, all of the things that the DWP needs to know could be gathered with one click from all of the right places.
We call this a General Data Exchange Layer (GDEL).
Across government, the processing of everything from child benefits to asylum claims could be radically sped up. Instead of waiting months for various departments to collect and check information manually, the necessary data could be gathered almost instantly.
For citizens, this would create a one-click experience with applications processed in minutes, not months. In the private sector, companies would be able to request the information they need for things like credit checks, mortgage applications, and identity verification with a high degree of assurance and very low friction.
To prove our identity, we wouldn’t need to carry a physical or digital ID as requests for identity could simply be routed to the parts of government that already hold this information. The nature and number of connections that each person builds up in the course of their daily lives would then offer a far more reliable measure of their existence than any conventional form of identity.
In most cases, sensitive personal information could be substituted for more secure alternatives like anonymous identifiers that are only used in specific contexts, claims that confirm something about an individual, and tokens that represent something but can’t be stolen or reused. This would also make it harder for criminals to enter false information thereby significantly reducing the opportunity to commit fraud. If our device was stolen, the strong biometric security that protects all modern smartphones would stop someone else from acting on our behalf.
So what would it take to realise this system?
The next government would first need to work with technology companies to establish the role that our devices have to play in supporting the general exchange of data.
The question of who can access what would be handled by a regulator, likely the ICO, which already requires companies in the UK to register as data controllers. The standards that define each request would then be set by the various existing standards bodies and trade organisations, and this could then be adopted by all for the companies and government departments that either need to ask for or can provide data.
This would be supported by our device so we wouldn’t need to set up an account or download an app for it to work. Instead, with the click of a button, we could move our information from one place to another, between certified organisations, with our consent, making our lives immeasurably easier and ending the online fraud epidemic.
With 92% of 16 to 64 year olds in the UK owning a smartphone, it’s time to recognise the vital role these devices could play in saving taxpayer’s money, modernising public services and strengthening the digital economy.
The next government will have to make significant savings to fund their priorities. If they’re serious about cutting the cost of fraud and improving the delivery of public services, enabling the general exchange of data would be a great place to start.