The Digital Transformation Office will release details of how it plans to build a national proof-of-identity system that doesn’t require an exchange of much personal information at the end of this month.
The DTO’s digital identity team, led by Rachel Dixon, will publish details of its alpha prototype on August 29, and take it on the road to explain the plan for a “double-blind” system to communities around Australia. The roadshow program will no doubt involve explaining over and over that this is not another example of the government collecting, linking up and storing information on its citizens.
As part of the August 29 alpha launch, the DTO will publish draft open standards to replace the existing national identity proofing guidelines. The beta version, which the public will be able to use, is expected to emerge about halfway through 2017, Dixon told the Technology in Government conference last week.[Update, August 26: the alpha release will not happen on August 29.]
Fun for the whole federation
She said the aim was to create a “genuinely whole-of-government” digital identity solution that could link together with existing identity credentials from business and agencies of federal or state governments.
“It means a platform that all the governments can use,” said Dixon, “and that means the approach we take to building the thing also needs to be slightly different, because the cost of on-boarding becomes a really big thing for small agencies.”
“Quite often, government initiatives are built by large agencies and the smaller agencies are not really part of the design process, so we’re trying to be as consultative as we possibly can.”
Dixon’s team is “very keen” to make it as easy as possible for smaller agencies in all tiers of government to get on board with the new federated national platform, which responds to a recommendation from the Murray inquiry into financial systems.
— Alice Markie (@alicemarkie) August 9, 2016
However, the DTO team “really struggled to find a situation in which local government absolutely has to know who you are,” she added later.
“By and large, you pay your rates and local government is happy to get your money,” Dixon said. “There’s not many other pieces where they absolutely have to know who you are — childcare might be one, so we’re investigating that. But at state level there’s certainly quite a few.”
There will only be one Commonwealth identity provider, which is “the most contentious decision” the team has made so far, according to Dixon. “It’s certainly got a lot of agencies very agitated,” she said.
“So it won’t be the [Australian Taxation Office] being an identity provider and the Department of Human Services being an identity provider and the Department of Foreign Affairs and Trade being an identity provider — a lot of those agencies have credentials that we will be working with, but they themselves will not be identity providers.”
She said the new “series of products and a framework” will be designed for two realities of the federation: that “the states either have or are mostly building their own identity platforms” already and most citizens aren’t entirely sure or don’t really care which tiers of government do what.
“The point of the DTO is supposed to be about making things easier for people,” said Dixon.
“If you’ve already got your identity proved to the New South Wales government to a certain level of assurance, then is it really fair to ask you to go through the process all over again for a federal government credential?
“Isn’t there a way we can take the couple of hundred thousand people that have got one of those things and make some federal services available to them? Likewise, if you’ve got a Commonwealth credential, should you be able to use that? If you move from state to state, should you be able to use your old credential to work in your new state? Why not?”
The system will be built around an “identity hub” that will verify a person’s identity using “a link to an account that has an identifier” while protecting their privacy.
“In the case of the ATO [the identifier is] actually your tax file number, but we don’t want to know about your tax file number, because there’s legislative reasons we can’t know about your tax file number and share that.”
The “federation hub” will be linked to the single Commonwealth ID provider and other ID providers on one side and the “relying parties” on the other, allowing interoperability between them through open-standard application programming interfaces (APIs).
Double-blind means “the credential that you have … will never be shared” with the entity making the verification request, Dixon reiterated.
“So your identity provider will have some [personal] data — you have to do that because you can’t verify people without that — but the hub itself contains no data,” she explained.
What will be exchanged through the hub will be the verified attributes the user is trying to prove, like name and date of birth, and contact details like an email address, residential address or phone number.
“No information on entitlements, no things to do with your health records, or any of that sort of stuff, just … the minimum that is necessary for you to be able to prove that you are you, to the agency that’s requesting it.”
Speaking in a small breakout session at the conference, Dixon said others in government were pushing for “a bigger service” that would share more extensive personal data but was very clear that is not her project.
“We are not about that kind of data,” she said. “If we were, it would be a privacy nightmare. So we’ve taken a very deliberately restrictive scope to make this just about identity.”
Her team has been running a series of focus groups, workshops and forums for various stakeholder groups including federal and state agencies, and around important topics like privacy. The roadshows will be a key opportunity to collect further public opinion on the proposal.
As she explained a few months ago, Dixon said the user-centred design process would be based around how people really behave, not what they say.
She said people would be “prepared to wear a certain amount of pain” to prove their identity, to get something practical done. Most of us are also “prepared to compromise privacy and security” for certain conveniences, she believes.
“One of the things we have explicitly have ruled out in identity is we’re not going to give you a USB stick or a dongle or whatever,” said Dixon. “That’s just not going to fly. Consumers would rather poke their eye out with a stick than use something like that.”
Linking to banks and existing government systems
The team has been working on the project for about five months, looking exclusively at individual citizen-users. Work will soon begin on a way for organisations to prove their identities as well, and for people who already have “existing accounts in government” like the ATO’s AUSKey or a myGov account.
By the way, she believes AUSKey is set to “go the way of the dinosaur” because it is not user-friendly enough.
Take-up is a key issue, she said, pointing out that attempts to build international identity verification platforms “have pretty tragic rates of enrolment, primarily because nobody wakes up in the morning and says ‘I want a digital identity'”.
“They only go and get one when they’re told to go and get one,” Dixon said, explaining that the system would be open to new identity providers in the future, including banks, which are required by law to do 100-point identity checks.
She said “the banks have indicated they see some utility for their customers … in being able to access government systems using their banking [credentials]” and explained this would help make the system a success.
If people aren’t comfortable using their bank as a digital identity provider, they won’t have to. “But,” said Dixon, “you can see from a vision of trying to get a sustainable ecosystem of identity, if we could bring eight million [bank] account holders into an identity ecosystem, then all of a sudden it’s a useful thing.”
The beta version will arrive next year well before the banks are able to get involved, however, due to the long lead time they would require. Existing private sector digital identity providers probably wouldn’t get involved, she predicted, although they would be “totally welcome if they can work inside the standards of a federation”.
The prototype will be “literally just a bunch of stuff to demonstrate” the planned system and won’t be used to build the actual products, Dixon added. Standards documentation and code — except for third-party proprietary technology including “facial biometrics”– will go onto the online open-source software repository Github.
Dixon said that when she first took up the job eight months ago, she questioned whether a federated national identity system run by the government was even a good idea, as it would be “expensive to maintain and it’s complicated to engineer” and there’s other options like a syndicated framework.
But she learned quickly not to question Murray’s wisdom: “As a public servant you should never question an official government inquiry; that’s a bad thing to do.”