The great digital identity framework has dropped. Both Australia Post and the Reserve Bank of Australia have walked away winners.
It’s been a glacial journey, but the many pieces of Australia’s grand federated digital identity puzzle finally appear to be falling in place after the Digital Transformation Agency on Wednesday released the final version of its roadmap for the technology.
Known as the Trusted Digital Identity Framework, the scheme cements into place the federal government’s role in minting and exchanging online credentials used to access government transactions and online services, essentially based on a hub-and-spoke model similar to those used in financial services.
The lack of a cogent digital identity framework and operating model has for the past decade acted as a stubborn inhibitor to more convenient and efficient online service delivery for government because of the large number of logins users need to muddle through.
Canberra and state governments are hoping that reaching a final agreement on the operating framework will provide much-needed consistency and better security rather than each provider going alone to replicate the “rail gauges” regulatory scenario.
Identity rules set
On Wednesday Michael Keenan — who is now both Minister for Human Services and Minister Assisting the Prime Minister for Digital Transformation — was talking-up the release of the new document after months of robust industry consultation.
And while both DTA and DHS have largely retained control over how agencies may issue and exchange identity credentials, what’s become clear is that any idea of consumer a lock-in based on controlling issuance is well and truly off the table.
“Research commissioned by Australia Post estimates a digital identity solution could save up to $11 billion each year from reduced administration, fraud and a better customer experience,” Keenan said.
“For example, there are currently around 750,000 applications for tax file numbers every year that can only be completed by visiting an Australia Post or Centrelink service centres or sending certified copies of identity documents to the Australian Taxation Office. This can take up to 40 days.”
Keenan said that for people who have a digital identity, this process could be reduced to just minutes.
The mention of Australia Post’s research is significant because it signals an acute awareness that there is more than one player within government with the active ability to deliver on the promise immediately.
Australia Post, which is a government-owned enterprise, launched its own Digital iD™ service in mid-2017, with its credentials being increasingly accepted by agencies and trust-centric online services like AirTasker.
At the same time, Australia Post has been marketing “white label” digital identity services into financial services and other sectors where identity assurance has become increasingly tightly regulated.
Reserve Bank warning
While Australia’s banks have an inglorious record of collaborative innovation on new technology — usually at the behest of a regulatory cattle prod — the recent launch of the New Payments Platform is certain to increase pressure on retail institutions to nail down vulnerabilities for online fraud.
In December Reserve Bank of Australia Governor Philip Lowe put the banking industry firmly industry on notice that its Payment Systems Board was increasingly unhappy about ballooning online frauds. It has been an ongoing concern.
Pointedly, Lowe referenced “the need to address rising rates of fraud in card-not-present transactions and the need to develop a strong system of digital identity that can be used in the financial sector, and perhaps elsewhere” adding that it was in the public interest for progress to be made by “industry participants”.
“In the event that this did not occur, the Board would need to consider what steps it might take to promote the public interest,” Lowe concluded.
The strong interest about what role a digital identity framework could play in safeguarding the integrity of the Australia’s financial services system has clearly piqued the interest of the DTA.
Section 4.1 of the now fully released Trusted Digital Identity Framework spells out how banks will get to play and is headed “Meeting the Government’s Financial System Inquiry commitment”.
“The TDIF responds directly to the [Financial System] Inquiry and provides the rules for a federated digital identity system by which providers of identity services need to be accredited.
With transactions under the New Payments Platform effectively settling in close to real time and fraud increasing, it seems consensus on the digital identity cloud not come too soon.