Would you trust a digital identity? Here’s why you should care.


When it comes to making digital identity something people use everyday, public trust and confidence in participating institutions is an essential element.

Everyday millions of smartphone users unlock their devices using a digitised version of their fingerprint to access personal information or execute a transaction.

It’s an almost effortless interface, so simple that it’s easy to forget you’re volunteering part of yourself just to enable access to your email or make a discretionary purchase.

Just 10 years ago the very idea of supplying a biometric for anything other than the most demanding of identity security requirements would have widely been regarded as intrusive and a reach too far.

“A crucial piece of the puzzle is still missing when it comes to orchestrating digital services that travel end-to-end across consumers, business and government.”

Today, debates over privacy and identity verification still run hot. Yet mainstream acceptance of technologies like automatic facial recognition in photos posted to social media and voice verification is established and growing fast rather than abating.

It’s a paradox those who work at the coalface of user and customer experience — whether in government or the private sector — now need to grapple with every day.

Get it right and adoption and customer satisfaction soars; push the boundary too far or get it wrong and you can start “trending” for all the wrong reasons.

So just how do you strike the balance between intuitive convenience and intrusion?

The economy of consent

In the private sector, a primary justification for pushing digital identity requirements onto customers (think any digital platform) is that no one is ever compelled to participate.

Don’t like Facebook? Just don’t sign-up. It’s ‘opt-in’ from the outset.

But it’s a very different story for customers of government agencies who, depending on the service, can repeatedly be required to present identity credentials to verify who they are.

Applying for a passport, government benefit, driver’s licence or registering a pet? Social media won’t get you very far, even if it knows where you and your friends had lunch.

The requirement to front photo ID — or what used to be known as the 100 points check — extends well beyond the door of government too.

A myriad of real life ‘know your customer’ ID requirements for services like bank accounts, phone services, mortgage applications and property transfers all come into play.

“A person, based on our research, has to remember up to 40 user names and passwords.”

And although we can automate and link payment details for relatively common transactions there’s still a yawning gap.

Before you can automate those services, you still have to verify who you are to activate an account before necessary permissions can be put into place — especially when dealing with government: federal, state and local.

Whichever way you look at it, a crucial piece of the puzzle is still missing when it comes to orchestrating digital services that travel end-to-end across consumers, business and government.

That disconnect can only increasingly rub customers the wrong way as contemporary user experience becomes more seamless in the digital world.

This rising phenomenon of frustration is what executive general manager of Australia Post’s Trusted eCommerce Solutions division, Andrew Walduck calls “identity friction” — and he insists that it can be overcome with coordination and collaboration.

“A person, based on our research, has to remember up to 40 user names and passwords,” Walduck says.

A simple to use digital identity credential that works across business and government would fix that once and for all.

“There is a great opportunity to provide an ecosystem that can both support the public and the private sectors,” Walduck says.

wallaroo-dual-gauge-railway-0855_opt

The Australian challenge

Establishing truly national systems that successfully span jurisdictions has never been an easy or simple experience in the Australian context.

By virtue of Federation, everything from unified rail gauges to education standards have historically proved an exercise in frustration, negotiation, compromise and then ultimately collaboration.

Making progress on digital identity has run true to this well trodden path.

At the federal level, key customer-facing agencies like Centrelink, Medicare and the Australian Taxation Office have all made substantial headway through the evolving myGov credential (which interoperates with Australia Post’s Digital Mailbox).

Similarly most states, and prominently New South Wales, are vigorously pursuing ‘one key, many services’ or ‘one stop shop’ approaches as they instigate digital reforms to spare customers the hassle of creating individual accounts and passwords for necessities ranging from vehicle registration to school enrolments.

Local governments and councils (Australia has more than 500 of them) also want to be part of the emerging digital identity arrangements, given they handle rates, development and planning consents, not to mention a myriad of permits from parking and pets.

Also in the mix are strong regulatory requirements for proof of identity incumbent on many businesses that range from banks to anyone selling pre-paid SIM cards for phones.

The imperative for digital identity credentials to reduce frustration and unnecessary cost for all participants in transactions is as clear as it is pressing.

But there’s another dynamic adding pressure and it’s a big one.

While a decade ago it was routine to produce physical documents to authenticate a person’s identity, the instruments we once routinely kept in our pocket are increasingly being virtualised.

So what happens next?

Digital Pressures Mount

In NSW, soon most licenses will largely reside on smartphones — as too will transit tickets.

Paper bills, a well established form of secondary identity validation, now largely default to electronic statements. Some banks even allow cash withdrawals from ATMs via an SMS without presenting a plastic card.

“Identity friction is increasing in the race to digitise,” Walduck says before observing there are inherent “failings in digitising the physical system.”

“The 100-point check is a whole lot of physical documents and if they all add-up we assume it must be you,” Walduck says.

“As that check is being digitised, the barriers to identity theft that exist in the physical world change,” he notes.

A big change is ensuring protection of identity credentials when they become virtualised.

“We share that information online, it gets stored in different places. Insufficiently secured, it becomes harvestable by people who want to come and take it.”

ap_senior_man_hardware_worker_00001_thumb_630

Trust is earned not won

For digital identity credentials to take root in modern society with effect, they need to be as useable as they are secure.

Innovations like ‘Touch ID’ (fingerprinting), voice verification and facial recognition may have evolved from high security and forensic biometric applications, but they all carry with them a distinctly personal attribute derived from daily life.

We all recognise a face or a voice, even if we can’t remember the name. Just go to any trivia night. And the thumb and index finger? Today they’re literally the two most used instruments in the digital economy.

Just who is entrusted to record, keep and verify those credentials is no small ask. It often requires adherence to data sovereignty mandates to ensure sensitive personal information is kept securely onshore and within strict legal boundaries.

For many public and private sector organisations, such tasks are increasingly sent to highly-trusted commercial providers like Australia Post which can leverage a strong heritage in secure government and corporate communication services.

That capability is bolstered by a local retail footprint that enables the vast majority of Australians to literally just walk into a local Post Office to record and verify both their documents and biometric attributes to the advantage of both customers and service providers alike.

“Verification can be used for a number of things: it could be applying for a passport, a Tax File Number, a driver’s licence in some states or they might be applying for a police check or a working with children check,” Walduck says.

Put more simply, it spares both government and business the cost of running their own verification services while giving customers access to a simple and convenient entry point.

At an efficiency level, all sides win.

A digital federation?

Plenty has been made of what an Australian digital identity credential may look like, what its utility will be and who will control it.

At a federal and state level, consensus is still evolving as different stakeholders develop their ambitions and requirements. The Prime Minister’s Digital Transformation Minister, Angus Taylor, has signalled he wants to settle the new arrangements as soon as possible, noting this will speed up the deployment and adoption of intelligent digital services by all government agencies.

The corporate sector is also rapidly pursuing innovations with a keen eye to government developments, including apps that enable consumers to control which identity they want to share for a particular government or commercial service.

A clear theme emerging among all stakeholders is that while consumers might relish a ‘one-stop-shop’, a single solution won’t ever fit all requirements.

The bottom line for digital identity is it can’t be foisted upon people, and the lesson from other jurisdictions like New Zealand and the UK, is it has to be of value for the user first to become a reality.

That will mean an exercise in orchestration, rather than conversion as everyday people come along for the ride and provide their consent along the way.

Andrew Walduck puts it this way.

“Our point of view is for [an Australian digital identity framework] to be an open model that enables something to be federated to then provide for an environment where organisations can focus on building a trusted solution that delivers on the right level of usability and utility can then thrive.

He also frankly acknowledges different and large organisations in Australia “can contribute in meaningful ways to help improve the quality and security that can then exist for a platform like this.”

Australia Post is keeping a distinctly open and interoperable mind.

“Shared investment can exist between the government and the private sector,” Walduck says.

“What could be created then for people within the wider economy could then certainly help to provide an approach and a foundation on which you could build the next generation of digitised transactions moving forward.”

For Australia Post it is all about trust.

Find out more at auspostenterprise.com.au