[csthrowathrow]

A friend applied for a job in the UK civil service - you were required to verify your identity by giving data to a third party, for profit company (and paying for the privilege). All of the companies had recently had significant data breaches. One of them - right there on the government provided guidance - lied about the company (Post Office) to imply a historied bastion of trust. It was blatant.

Verification could have been done using government data, but Tories have to also make a profit off of everything so they instead chose to give every civil service applicants data away to companies with a track record of data leaks.

[alias_neo]

Exactly this. Even non-civil servants are required to sign up with one of these services for certain government ID accounts.

I don't recall which it was now, but I had to choose from a bunch of providers (I selected Post Office) when I registered for something Gov related a few years back. I don't remember what now since I haven't used it since, but PO still has the details and provides auth for a government service for me. Insanity.

[m11a]

I do honestly think the real reason for this outsourcing is because the Passport Office and DVLA don't provide their databases for identity verification purposes, even to other government agencies, aside from say the security services and police.

Even in banking, where the government mandate thorough KYC/ID vetting, no APIs are made available by the government to actually verify a copy of ID is legitimate. So you're left looking at whether it "looks" correct.

For better or worse, of course, but there's an argument to be made that the refusal of the govt to provide "ID verification as a service" is pro-privacy.