Text size: A A A

Learning from Australia’s past efforts in digital identity

Did we not see the digital era coming — and the role that identity would play?

Headlines such as these …

“The economic impact of identity crime in Australia has been estimated to exceed $1.6 billion every year” and

“ … data integrity problems undermine the operation of the Australian Business Register as the single source of truth for whole-of-government business registrations”

… send serious warning signals.

Australia used to be well known as an innovator, at the forefront of online and digital service delivery by government, but in recent years has fallen well behind the progress made by many other economies. At great economic cost.

And the clues as to this appalling situation can be found hiding in plain sight — the Australian government’s own reports.

There were three significant reports released by the Government in the second half of 2014, all of which made significant findings in relation to identity. These reports were: the Report of the National Identity Crime and Misuse Measurement Framework (the Identity Crime Report); the Report of the Murray Inquiry into the Financial System (FSI Report); and the report by the Australian National Audit Office into the Administration of the Australian Business Register.

There are several concerning aspects of these reports when read together. The first is that their findings could ever be seen as surprising or novel, as though the issues had not been identified or considered previously by government. The second is that it does not appear other commentators have linked the common threads across these reports.

More profoundly, these reports taken together paint a picture of systemic weakness driven by fractured processes and fragmented, siloed approaches across the “individual” and “business” domains in the digital identity ecosystem in Australia.

Digital identity is about far more than the identity of the individual. Whilst the topic of digital identity of the individual in Australia has been contentious, the ANAO ABR report highlights systemic problems with the integrity of business identity data. Across the board, there are major deficiencies throughout the identity ecosystem regarding validation, notification and assurance processes.

Furthermore, there is no policy framework around reciprocity and digital credentials — and the looming challenge of digital identity and the Internet of Things has not yet entered the policy context and narrative of service delivery, at least in Australia.

The submission from the Centre for Digital Business (No Welfare Reform without Digital Payments Transformation and Digital Identity Strategy) to the Murray Financial System Inquiry gained traction with a call to action for a digital identity strategy for Australia. The issues identified are resonating in digitally progressive economies such as Singapore and the Netherlands, where I recently delivered a keynote address at the European Digital Identity Conference — IDNext Conference — and was a judge in the 2015 European Digital Identity Awards.

This paper, Adaptation and The Digital Disruption of Identity not only draws the link between the reports and the issues, but does so against the historical context of digital identity in Australia — and in full view of the increasingly profound and pervasive role of identity in the digital era. This paper further highlights some inconvenient truths, drawn from the government’s own reports, regarding digital identity imperatives across the individual and business domains.

Clearly, truisms at the time of the Access Card no longer apply. The “single identity, single card, single issuing authority” model of just nine years ago is not necessarily the best model for today, and certainly not for the future. Many commentators still confuse the various concepts related to identity, as if a card would resolve all issues.

Furthermore, commentators who viewed the Access Card program as not having delivered a “card”, have no understanding of the extent to which the architecture and knowledge survived the cessation of the program.

If the debate does not include reciprocity, interoperability and customer choice, then we are stuck, and will remain stuck, in the last century. Therefore the development of a framework for digital identity must without compromise include a view of the future and adaptation.

As with digital disruptions in other domains, the digital disruption of identity is being defined by the rise of the platforms which challenge and change the economics of the fragmented, siloed and legacy bespoke solutions and processes.

There are inconvenient truths in these reports which can be summarised as follows:

That clearly, the 19th and 20th century identity structures and processes in Australia are ill-equipped to sustain the digital demands of the 21st century.

In essence, what is offered is a perspective on the underlying fractures described in these government reports. The Centre for Digital Business has been undertaking research and development into a possible solution to Australia’s digital identity dilemma. What is proposed is a set of principles to guide the development of a digital identity strategy for Australia: the Adaptive Digital Identity Framework.

This is not from an academic or theoretical perspective, but from a practitioner who has carried the responsibility of design and implementation of digital identity capabilities in the business and individual domains across sectors of government in Australia.

Read more at The Mandarin: Digital ID doesn’t have be a card, and can reduce privacy risk

Author Bio

Marie Johnson

Marie Johnson is managing director and chief digital officer for the Centre for Digital Business. Previously, Marie has held senior executive roles in the public and private sectors in technology and innovation, and previously the Microsoft World Wide Executive Director Public Services and eGovernment.