Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what steps they are taking to address security issues in the One Login digital identification system.
Answered by Baroness Jones of Whitchurch - Baroness in Waiting (HM Household) (Whip)
GOV.UK One Login follows the highest security standards for government and private sector services. As the public rightly expects, protecting the security of government services and the data and privacy of users to keep pace with the changing cyber threat landscape is paramount.
Security best practice is followed with a number of layered security controls which include: Security clearances for staff with ‘Security Check’ clearance required for all developers with production access; Identity and access management controls that block staff from viewing or altering personal information; A secure by design and compartmentalised system architecture; Technical controls around building and deployments; Logging and monitoring to alert on access to environments that contain personally identifiable information; and robust procedures for addressing any unauthorised or unaccounted for access.
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what assessment they have made of the impact of the launch of (1) the Gov.uk digital wallet, and (2) the certification of the One Login digital identification system, on (a) investment, and (b) existing private sector digital identity systems.
Answered by Baroness Jones of Whitchurch - Baroness in Waiting (HM Household) (Whip)
GOV.UK Wallet
The GOV.UK Wallet is in the early stages of its development, and its announcement in January was the beginning of the design and build of the product. The GOV.UK Wallet is subject to the rigorous and well-established process designed to ensure value for money and alignment with government priorities. As we progress, the value and impact (including on businesses) will be further evaluated, including during the forthcoming Spending Review.
GOV.UK One Login
GOV.UK One Login enables the public to interact with government services online with a single account and identity-checking system. GOV.UK One Login can only be used to access government services. Its certification against the trust framework demonstrates it is meeting best practice and high standards, but does not change where or how it can be used.
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what independent verification they sought to assess the security of the One Login digital identification system.
Answered by Baroness Jones of Whitchurch - Baroness in Waiting (HM Household) (Whip)
The GOV.UK One Login works closely with the National Cyber Security Centre (NCSC) to identify and mitigate risks and align to the Cyber Assessment Framework (CAF) which the Government Cyber Security Strategy 2022-2030 outlines as the assurance framework that should be adopted by the government. Findings from the recent CAF GovAssure process identified areas of good practice including governance, risk management, assurance, monitoring, incident management and lessons learned. The programme has conducted multiple independent risk and threat assessments, such as regular IT Health Checks (ITHC), and these will continue to be part of the programme’s operating approach.
In addition GOV.UK One Login works closely with the Information Commissioners’ Office (ICO) on programme developments, including iterations of the Data Protection Impact Assessment (DPIA).
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government, following the remarks in November 2023 by the Government Digital Service Chief Information Security Officer that the One Login digital identification system was "indeed carrying a high level of risk", what progress they have made to address any security and technical issues.
Answered by Baroness Jones of Whitchurch - Baroness in Waiting (HM Household) (Whip)
These comments are outdated and reflect a view from when the programme was in its infancy in 2023. We have worked to address all these concerns as evidenced by multiple external independent assessments such as the recent Cyber Assessment Framework (CAF) GovAssure process which identified areas of good practice including governance, risk management, assurance, monitoring, incident management and lessons learned. Risk mitigation will continue to be central to our approach to ensure we keep pace with the constantly changing cyber threat landscape.
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what steps they are taking to ensure that only individuals with the appropriate security clearance have privileged access to the One Login digital identification system live service.
Answered by Baroness Jones of Whitchurch - Baroness in Waiting (HM Household) (Whip)
GOV.UK One Login takes the security clearance and audit of personnel very seriously. All individuals with production access to Government Digital Service (GDS) systems must undergo a Security Check (SC). There are some individuals working within the GOV.UK One Login programme who are not SC-cleared, however they will not have production access to the service.
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what assessment they have made of the impact of BT's Digital Voice rollout on households without reliable electricity supply or mobile coverage; and what measures they are requiring BT to implement to ensure that such households maintain a reliable telephone service.
Answered by Baroness Jones of Whitchurch - Baroness in Waiting (HM Household) (Whip)
The Government is determined to ensure any risks arising from the industry-led migration of the Public Switched Telephone Network (PSTN) to Voice over Internet Protocol (VoIP) are mitigated for all customers.
Major communication providers, including BT, signed a voluntary charter in December 2023 to protect vulnerable customers. In November 2024, providers agreed additional safeguards in the Non-Voluntary Migrations Checklist. This includes requirements to provide increased resilience for vulnerable customers, including those who depend on a landline, to enable access to emergency organisations for at least one hour during a power cut. In addition, several networks are bringing in batteries that can provide longer backup during a power cut.
The Government wants all areas of the UK to benefit from good quality mobile coverage. We have delivered our commitment for 95% of the UK to have access to a 4G signal through the Shared Rural Network, but our ambition is to go further, with all populated areas having higher-quality standalone 5G by 2030.
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what steps they are taking to promote the adoption of provenance tools, such as those made available by the Coalition for Content Provenance and Authenticity, to combat online disinformation in the UK.
Answered by Baroness Jones of Whitchurch - Baroness in Waiting (HM Household) (Whip)
Government recognises the potential for online mis- and dis-information to undermine public trust in the information environment. Mis and disinformation should be tackled through a multi-faceted, whole of society approach. Solutions that enable users and institutions to critically evaluate information online, including discerning whether a piece of content is AI-generated, are a key part of this approach.
We recognise the interest in the use of provenance tools and metadata to identify AI-generated and modified content. The Department for Science, Innovation and Technology is working with other government departments and agencies to explore these technologies, alongside other technical measures.
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Digital, Culture, Media & Sport:
To ask His Majesty's Government what plans they have to tackle fraudulent advertising that falls outside the scope of the Online Safety Act 2023 provisions to combat paid-for fraudulent advertising on major platforms.
Answered by Baroness Twycross - Baroness in Waiting (HM Household) (Whip)
In 2022, DCMS consulted on the effectiveness of the self-regulatory framework for paid-for online advertising, with responses providing insight on a range of online advertising harms, including fraud. Alongside the consultation, research commissioned from independent digital media consultancy, Spark Ninety, analysed online advertising harms, the online advertising market and regulatory landscape. This included an overview of the open display advertising market and its associated supply chain and harms, including fraudulent advertising.
In addition to the fraudulent advertising duty in the Online Safety Act, the Online Advertising Taskforce, which brings together government and industry, was set up to help address these issues. The Taskforce aims to ensure the UK online advertising industry can grow sustainably while providing the necessary protections for consumers. It is working towards improving transparency, accountability and trust in the online advertising supply chain, continuing to build the evidence base and delivering a programme of work to help address fraudulent and other illegal advertising. It is also working to increase protections against children being served advertising for products and services that may not lawfully be sold to them.
In our manifesto the Government also committed to introducing an expanded Fraud Strategy, covering the continued and modern-day threats our society faces. Development of the strategy has begun and we are considering all harms, including fraudulent online advertising.
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Digital, Culture, Media & Sport:
To ask His Majesty's Government what assessment they have made of fraud on the open display advertising market, and what action they plan to take to address it.
Answered by Baroness Twycross - Baroness in Waiting (HM Household) (Whip)
In 2022, DCMS consulted on the effectiveness of the self-regulatory framework for paid-for online advertising, with responses providing insight on a range of online advertising harms, including fraud. Alongside the consultation, research commissioned from independent digital media consultancy, Spark Ninety, analysed online advertising harms, the online advertising market and regulatory landscape. This included an overview of the open display advertising market and its associated supply chain and harms, including fraudulent advertising.
In addition to the fraudulent advertising duty in the Online Safety Act, the Online Advertising Taskforce, which brings together government and industry, was set up to help address these issues. The Taskforce aims to ensure the UK online advertising industry can grow sustainably while providing the necessary protections for consumers. It is working towards improving transparency, accountability and trust in the online advertising supply chain, continuing to build the evidence base and delivering a programme of work to help address fraudulent and other illegal advertising. It is also working to increase protections against children being served advertising for products and services that may not lawfully be sold to them.
In our manifesto the Government also committed to introducing an expanded Fraud Strategy, covering the continued and modern-day threats our society faces. Development of the strategy has begun and we are considering all harms, including fraudulent online advertising.
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what assessment they have made of the timeline for introducing the codes of practice under the Online Safety Act 2023 to combat fraudulent advertising.
Answered by Baroness Jones of Whitchurch - Baroness in Waiting (HM Household) (Whip)
DSIT regularly engages with Ofcom on the implementation of the Online Safety Act. The Act will help tackle online fraud, including fraudulent advertising. Since 17 March 2025, all services are required to take measures to tackle illegal fraud.
Further fraudulent advertising duties on Category 1 and 2A services will come into effect once the register of categorised services and the relevant codes are in place. Ofcom plans to publish the register this summer and then consult on the draft codes of practice for the remaining duties by early 2026. We anticipate the duties will come into force around a year later.