May I just say...
May I just say - what an omnishambles...
One arm of Government afraid to talk to another, so both spending money on the same thing. Great.
HMRC is pushing ahead with its own plans to build an online authentication portal following the decommissioning of the current Gateway portal in 2018, according to multiple sources. One source said the department is building its own authentication capability that will deal with businesses – something the Government Digital …
Err, not the same thing.
Para 2 of article "One source said the department is building its own authentication capability that will deal with businesses – something the Government Digital Service's online authentication system Verify cannot do."
As I read it, Verify is for individuals (eg you or me), HRMC's tool is for businesses (partnerships, trusts, small companies, large multi national conglomerates with multiple subsidiaries, panamanian trustee companies administering the affairs of a dutch stichting that owns a unit trust that owns a City office block, ...)
That's just the hand waving to get it through CabO. Rest assured it'll end up doing individuals too. HMRC have a long, long history of doing identity verification and authentication for important reasons. Something like five hundred billion of them at last count. Verify was first supposed to be live in late 2013, then early 2014, then 2015 and so on and so forth. The fundamental problem is GDS have no idea what they're doing. Even stripping the solution back from its all-singing, all-dancing original design to the current simple API over Experian that it is now, they've consistently failed to deliver anything even remotely functional.
I've personally delivered products for HMRC with 9 figure yield business cases that have had to sit on a shelf waiting for Verify to come about, and then long since moved on. This should have happened years ago.
Interesting how HMRC refuses most responses for FOI requests on the grounds that such requests would cost more than the stipulated £600 to the taxpayer to fulfil. An example can be viewed here.
On a positive note, £1.3Bn overhead to raise £1Bn - HMRC are starting to get better. Soon they will be down to just £1.05Bn costs to raise £1Bn.
It would be interesting to do a FOI request asking how many requests were not performed because they would cost more than £600
I expect they would respond:
Researching and analysing this large volume of data would exceed the appropriate cost limit of £600. Consequently under s12 (1) FOIA, the Department is not obliged to comply with your request and we will not be processing it further.
"Researching and analysing this large volume of data would exceed the appropriate cost limit of £600. Consequently under s12 (1) FOIA, the Department is not obliged to comply with your request and we will not be processing it further."
I'd imagine thats now their stock reponse - probly now automated.
"On a positive note, £1.3Bn overhead to raise £1Bn - HMRC are starting to get better. Soon they will be down to just £1.05Bn costs to raise £1Bn."
To be fair, the claim is that a one-off dev cost of £1.3B will then annually generate an extra £1B of tax revenue.
Of course, we all are aware of the accuracy of Govt. estimates and time scales. It'll probably cost at least double and only raise £250M annually. if it works at all. Assuming it does, that an ROI period of more like 5 years instead of the estimated 14 or so months.
"Last year HMRC was awarded £1.3bn to "build one of the most digitally advanced tax administrations in the world", which the department reckons will yield £1bn in extra tax revenue after 2020."
No, no, not at all. The HMRC was given a first installment of £1.3bn to waste on a project that will endure until 2020, burn billions more every year and amount to nothing much before it is scrapped and swept under the rug.
Does nobody at HMRC know the difference between AUTHENTICATION and AUTHORISATION?
* AUTHENTICATION proves you are who you say you are
* AUTHORISATION says you are allowed to perform a particular action - for example, you can look at the tax records of company XYZ Ltd
HRMC needs to record, along with each taxable entity, a list of authorised individuals who can access it.
Authorisation is not (or need not be) a function of the authentication system.
How difficult is this to understand?
Use Verify to Authenticate an individual, and it's own internal system to Authorise that individual to do something.
That's a potential minefield when you have firms of accountants; you need to authenticate someone as a member of that firm, and that means having the firm's owner/controller maintain a list of people who are authorised for each potential client.
It gets messy real quick...
Except that sitting in an accountant's office, it is a computer that logs onto the gateway, not an individual. We use the permissions facilities supplied by Sage to control who can use it to file returns. The Sage programs, Payroll, VAT, Corporation Tax, Self Assessment and so on each have their own logins and email addresses.
but on the few occasions I've had to call them up it's been sorted quickly and efficiently. Granted for what I assume were minor queries, but still not as arduous as I expected.
My missues has had lots of dealings through her work and found pretty much the smae thing, but I'm not sure if they have a desiganted SPOC or two.
But then Bernie and co wouldn't dip into their wallets* and donate some trifling sum** to swell the coffers of whichever bland and obsequious party happens to be in power this decade.
* Which are kept in an offshore jacket pocket, for obvious reasons
** Trifling in their minds, not those of anyone else
"I'm often amazed at the low sums involved in corruption. I mean, I'm sure it all adds up and everything, but the amounts are peanuts for corporations."
And in most cases, so are the fines, if caught. The risk analysis is probably a no brainer.
The two factor add on to the Government Gateway is up and running.
I assume their note about "those who have difficulty using Verify" includes all the current Gateway clients.
Had reason to access my account yesterday and went through the extra steps.
Thankfully so far I haven't had to try and use Verify.
I actually have good experiences with the existing gateway.
Where I have a problem is in their insistence on using PDF Forms for some types of submission. I can't get this to work on any Linux computers, Adobe stopped supporting pdf Forms on Linux a long time ago; and HMRC support's response is always, 'perhaps you can find a windows computer and try it on that.'
I hope in that 1.3bn for a modern digitally advanced tax administration, they could find time to buy a trusted certificate as well, instead of expecting people to add trust chains for an issuer that no-one has heard of.