The Digital Transition Office has been working on the design of a national identifier and Trusted Digital Identity Framework since January. However, it’s more difficult to say whether Australians are interested or ready for this concept.
Australia has a long history of controversy around national identification. Over the past 30 years the notion of a single government-issued ID number that could be used to identify them for most government interactions has been opposed at different times by the privacy lobby, the public, both major political parties and most other political parties.“The DTO’s next set of decisions will highlight whether the young agency is able to take on large public challenges, or is best kept to niche projects…”
Previous efforts to establish this type of ID process were focused around a physical medium. The Australia Card was proposed by the Hawke government in 1985 as a replacement for a smattering of government identification numbers, but was opposed by large sections of the public, media commentators and privacy advocates. The proposal was defeated in the Senate two years later when the Coalition voted against it.
Following the London bombings in 2005 the Coalition took up the cause of a national identification card, led by then prime minister John Howard, as a tool for combatting terrorism and managing immigration.
Initial efforts to introduce a reworked Australia Card were led by then Human Services minister Joe Hockey. The approach taken was to expand the use of Medicare numbers into a national identification approach over time, hoping to leverage the universal use and goodwill towards Medicare to offset privacy concerns.
Recognising the potential for a public and privacy backlash due to memories of the Australia Card, the department established a cross-government taskforce to work on the proposal.
Access to information was carefully controlled in order to avoid early proposals or partial information potentially sabotaging the process by raising privacy fears. For example, staff were not allowed to bring mobile phones into the areas where the taskforce was working.
Once the Access Card process became public, there was a backlash from the community, privacy advocates and the Labor opposition. Work on the card was then abandoned when the Howard government lost power in 2007.
Speculation festers fears in the vacuum
Australians have continued to be sensitive towards government access to data, the most recent example being the ABS’s shaky Census process, which first angered privacy advocates by extending the retention period for personal data and has since seen disastrous technical issues and communication confusion.
With the Census actively in peoples’ minds, with up to two million households to be threatened with fines for not responding, technical issues being reported with both the National Disability Insurance Scheme and the My Health Record system, which suffered a major data breach shortly after launch and has struggled to get traction, the timing of the DTO’s efforts are curious, to say the least.
The DTO had previously committed to release details for how it planned to build a national proof-of-identity system by the end of August this year.
However at the end of August the DTO announced it was postponing the release of its digital identity prototype in favour of launching the beta of its Digital Marketplace. The Office did not provide a revised release date.
With no sight of the prototype, and very little engagement by the DTO with the media, privacy groups or the public, concern and speculation has already begun. The Australian Privacy Foundation expressed concerns about the DTO’s approach in a publicly published letter and InnovationAus speculated on the implications of including biometrics in the framework.
Other privacy organisations and elements of the media are interested in what the DTO will release. Private conversations are already underway between several groups to coordinate a response in case the DTO’s framework contains measures which they see as significant privacy concerns.
Let’s look at the concept of a national identifier and explore some of the challenges that the DTO and government are likely to face as the process continues.
Single number or patchwork identifier?
Currently about 80 countries around the world have a national identification number for their citizens which adults must carry at all times. This includes nations with very different governance approaches, from Argentina, Belgium, Spain and Venezuela to China, Russia and Vietnam.
Some other countries have de facto national identification systems, where a given identifier is used almost universally, but doesn’t have to be carried at all times. This particularly includes the USA, via social security numbers.
Many other countries have multiple identification approaches. This includes Brazil with two systems, New Zealand, the UK and Portugal, which has specific legislation prohibiting a single national identification number.
Australia also falls into this group, currently having multiple systems for identifying individuals to government including Medicare and Tax File Numbers, Passport numbers and (state-issued) drivers’ licenses.
Putting privacy and governance concerns aside, it makes significant practical sense for there to be a single system whereby individuals can identify themselves to their governments.
A single identification approach — whether a number or another form of absolute personal identity — would allow governments to use a consolidated single approach to identify who they were engaging with and make many transactions with government faster and more streamlined.
A single approach would particularly streamline phone and digital engagement. People would only need to remember one identification approach, rather than multiple approaches and governments could use a standard system for identification, rather than different systems for each different transaction type.
There’s also the potential to build up information on an individual over time, from birth or migration onwards, allowing governments to identify when individual citizens are likely to need certain services or to access certain benefits. For example, this would allow governments to provide information on school and child care options to the parents of a child approaching school age, to automatically register people to vote when they are of legal age, or to send a seniors’ card and information on relevant services when people reach the appropriate age.
There’s many challenges in this approach, but dealing with the technical ones first, how possible is it to develop a digital identity framework that can stand the test of time?
Challenge #1: the pace of change
Any digital identity framework must support regular changes in technology, with the average lifespan of a system being in many cases only 3-5 years. There’s added complexity when this is whole-of-government, as different agencies regularly update their technology platforms rather than doing so in concert. Equally there’s legacy systems which may need to connect to the framework, requiring expensive reengineering or replacement.
While there’s a number of approaches that can be taken to reduce the impact of trying to provide a framework across disparate technology stacks, it still poses a challenge in any whole-of-government initiative. Some systems may only partially support the framework, or may be able to do much more, leaving the framework to support the lowest common denominator for compliance and potentially missing out on many of the potential benefits to clients or savings to agencies.
If the framework is aspirational instead, requiring agencies to ‘lift their games’ to be fully compliant and gain the most benefits from it, this can impose significant IT costs on agencies which would otherwise prioritise other IT activities with greater benefits to their ongoing operations.
This compatibility challenge isn’t insurmountable — but it can limit the framework’s value into the foreseeable future, or even force it to be a transitory standard, to be regularly replaced (with all the contingent recurring issues) in the not-too-distant future.
Challenge #2: trust and security
Also challenging on the technical side are the security and privacy implications around the framework’s design. Different agencies hold different information about individuals, with varying security requirements based on the type of information and who the individual happens to be. For example, Child Support treats celebrities and staff information with a higher security level than members of the general population due to the privacy implications if information is divulged.
This can add complexity to any form of unified identification system as greater identification information is required to confirm identity before exposure or modification of more secure data is allowed.
However the larger challenges for the approach are outside the technical realm.
Challenge #3: public buy-in
The benefits of a whole-of-government digital identification framework approach supposes two things — that privacy is not a concern and that security is close to perfect. Individual citizens would have to be confident that their identity could not be stolen or subverted in some way, and that government agencies will use data about them only in the ways that the citizen permits.
Here lies the rub for the DTO. Australian governments have regularly failed in the privacy and security stakes and Australian citizens have historically not trusted governments to share most data about them, even where this would provide benefits for the citizens.
This concern has led to the present complex privacy framework in Australia, where individuals often must use Freedom of Information requests to access information specific agencies hold about them, where specific MOUs must be signed between agencies to share data even for research purposes, and where most sharing of data is effectively prohibited.
This has, in turn, led to many of the difficulties in government systems like MyGov — which had to use a clumsy federated approach to identity that pleased no one and creates significant delivery issues.
It also has led to a situation where Centrelink have had to create a “death reversal procedure”, for when they inaccurately mark the wrong ‘John Smith’ as dead based on public death notices or inaccurate information from other parts of government, rather than having a smooth exchange of information from the health system.
Ghosts of failed engagement
The DTO’s goal to develop a “genuinely whole-of-government” digital identity approach would resolve a lot of challenges from a government IT perspective, saving money and time while reducing identification errors and, hopefully, identity theft cases.
However even though the approach could also generate significant benefits to citizens engaging with government, due to faster identification and better ‘hand-overs’ between agencies for services, it risks raising the spectre of the Australia Card.
Regardless of the technical merits of a Trusted Digital Identity Framework, the Australian public will judge any national identification approach based on its experience from the Australian Card onwards.
Recent challenges with Census, regular media reports of private and public sector data breaches around the world and the continuing distrust of government’s ability to protect individual identities mean that the DTO will need to invest in far more than a good technical solution to win Australians over.
We’ve seen how quickly the ABS lost public trust over confused engagement following a service issue. This is an example the DTO, and all government agencies should take to heart.
It’s no longer a matter of simply saying ‘we’re government, you can trust us’, which the ABS has attempted. Engagement needs to be proactive, inclusive, open and sincere – bringing on board advocates, media and community groups and addressing every concern, repeatedly, to bring people along on the journey.
Without this level of engagement trust will be hard to win and the DTO will be forced into fighting a continuous series of fires, with every misstep scrutinised and challenged.
Needs analysis is no substitute for public debate
Thus far the DTO has not demonstrated a tremendous capability to engage beyond small sections of the community — principally technologists within and close to government.
The agency recently saw the exit of key members of its communications team, leaving the DTO to rebuild its internal capability at a time when the organisation is beginning to roll out a number of significant projects into public beta.
The Coalition government hasn’t demonstrated a great ability to support and promote its agencies when controversial events occur. Particularly, the ABS’s new minister, Michael McCormack, simply added to the confusion surrounding the events of Census night, while the Prime Minister did not actively support the ABS in a meaningful public way.
Government Ministers across other significant IT projects have also been very reticent in defending their agencies when projects go awry, leaving agencies both aware that the government will abandon them should slightest thing go wrong, and exposed to public scrutiny without a strong capability to reply.
Combined with the range of projects the DTO is undertaking, with comparatively few staff, it’s currently hard to see how the organisation can manage a national engagement that would effectively dispel public and privacy advocate concerns over a unified government digital identity framework.
Thus far the DTO has been very restrained in its engagement around digital identity. The DTO’s website contains little information and the team leader, Rachel Dixon, has provided a few public comments in presentations at technology conferences.
While the DTO has been conducting research “across Australia” on the topic, this isn’t a public engagement process, but rather a user needs analysis — ideal for an agile digital development approach (the DTO’s forte), but insufficient to address the broad public concerns that have developed around a national identity approach, privacy issues or government security over the last thirty years.
DTO’s defining play
Right now the ball is nominally in the DTO’s court to decide when to release their prototype digital identity framework. However privacy advocates are now alert and circling and the public is sensitised to government IT security issues.
The approach the DTO takes next to engagement will be crucial as to whether the Trusted Digital Identity Framework prototype is embraced for how it benefits citizens and agencies, or is dead in the water, pushing back any similar initiatives in government for the next five years.
Any delay in engagement will see tension begin to mount, with the information vacuum filled by speculation that is more likely to be damaging than not to the process.
The DTO’s next set of decisions will also clearly highlight whether the agency, now over 12 months old, is able to take on large public challenges, or is best kept to niche projects, facilitating larger agencies with the resources and expertise to effectively manage public expectations.
While it’s still unclear when the prototype digital identity framework will be publicly released, this is likely to be a defining event for the DTO, when they will achieve their biggest public win of their brief existence, or find themselves embattled in a national public discussion that questions their entire reason for existence.
Craig Thomler also blogs at eGov AU.