The Govpass digital identity platform has moved into a “private beta” phase and is being tested by the Tax Office, while a related draft framework of national standards for similar online verification systems is being shown to an exclusive group of companies.
The ATO is trying out the Govpass platform, which is being developed by the Digital Transformation Agency, with a new online application system for tax file numbers that is also quietly undergoing beta testing before being rolled out.
Applications for tax file numbers require certified copies of identity documents to be sent through the mail and take about 40 days, according to Taylor’s office, and he expects Govpass will reduce this to a matter of minutes.
A more refined public beta version of the system will be tested with “a broader number of users and services” over the first half of next year, said the assistant minister.
Govpass incorporates “privacy by design” by being opt-in, limiting the “collection, disclosures and retention of personal information” to the minimum, and through transparency about how it all works, the DTA’s privacy adviser Jacob Suidgeest wrote in May.
“Govpass has been designed as a federation of identity providers and an exchange using ‘double-blind’ architecture,” Suidgeest explained.
“Having the exchange means the service doesn’t see your identity documents, and, the identity provider doesn’t know what service you are accessing. Having the exchange means your identity attributes are not stored centrally. The exchange merely passes those attributes on to the service. It does not retain the attributes, only some logs to record what occurred.”
According to Taylor, “industry [is] being asked for final feedback” on the draft set of “best practice” standards for digital identity verification systems like Govpass in both the public and private sectors. He said the framework had been drafted in consultation with an unspecified group of “key stakeholders, including government, industry and privacy advocates” over the past year.
“The framework … sets out the policies and requirements for a nationally-consistent approach to online identity in Australia,” according to a statement from Malcolm Turnbull’s Assistant Minister for Digital Transformation Angus Taylor, who chose a Thursday morning press conference at the University of Wollongong to make the announcement.
“It includes robust rules for accrediting identity providers and standards to prove an identity,” he said. “It lays out privacy, security, risk and fraud management requirements, as well as standards for usability and accessibility.”
Taylor said the new set of national standards was being drafted to “sit alongside” the secure technology platform being built by the DTA.
“Govpass will solve one of the biggest barriers for the public in terms of doing business online
with government — the ability for a user to easily prove who they are,” he added.