Federal and State governments should not ignore the lessons of the MyHealth record debate if they wish to win traction with the public for plans regarding a secure national identity system.
The Digital Transformation Agency’s Trusted Digital Identity Framework (TDIF), which provides the underpinnings for the Govpass federated identity system were unveiled last year and pilot projects are slated to begin in October.
Digital identity was also discussed at the first Australian Digital Council meeting held in September.
However participants at a National Identity and Cyber Security roundtable held as part of InnovationAus.com’s Civic Nation event, cautioned that what is still missing is a compelling narrative that might convince Australian citizens about the value to them of having a national identity system.
Without that the national identity scheme risks being cast as the Australia Card redux and potentially suffering similar public relations challenges to the MyHealth record.
Loretta Joseph, who has a senior advisory role to the OECD and is a director of Paradym Global, said that Australia was a very forward-looking nation and that was reflected in the work it was doing around digital identity.
But she did acknowledge the challenge that had to be overcome in telegraphing to the community the benefit of sharing data with the Government.
“People on Facebook are very pleased to go online and give all their data to find that they were Cleopatra in a past life, but ask them to give any data to the government and they go ‘oh no it’s big brother’. We live in this bizarre world now.”
If however a clear message about the real benefit of digital identities can be clearly communicated, roundtable participants felt the government would have an easier sell regarding what it is trying to achieve.
Mark Perry, chief technology officer for Ping Identity, which sponsored the roundtable event, said that the intent of the TDIF was to have a “framework that is agreed and well understood. We have those building blocks in place. We understand how to do identity at scale.”
“Twenty-five million Australians – this is not an issue around scale, the issue is around how we work with citizens to give them trust and make it an easy process for them and with our own cultural requirements around identity,” he said.
According to Joseph Weinberg, cofounder and CEO, Paycase Financial, some of that trust could come from the technical underpinnnings of the system.
He said that a blockchain base made sense for a national identity system, along with a federated rather than centralised approach to information management which lessened the risk of breach and potential identity compromise.
In an address to the roundtable, South Australian Premier Steven Marshall made clear his Government’s appetite for a streamlined national identity system. South Australia has adopted a “digital by default’ approach, and rolled out a digital drivers licence.
“We are working with the Commonwealth Digital Transformation Agency to develop the trusted digital identity framework and this is something we are absolutely committed to. It is not something we are being dragged kicking and screaming to,” said Mr Marshall.
“We all love being parochial…but the reality in an emerging area like this, it just makes no sense for every State to go their own way,” he said.
“In an area which is essentially setting standards and frameworks for interaction it makes no sense for individual States to go it alone. There is a real need for a national protocol and that is why we are supporting it.”
In terms of the benefits for citizens Mr Marshall acknowledged; “A lot of them haven’t been particularly well articulated yet. Get the framework in place and those benefits will self-identify – simple issues like how we trace individuals across borders for simple services.”
Dr Maria Milosavljevic, government chief information security officer for the NSW Government warned though that; “People often forget that in government we operate under administrative law and because we do that when we make decisions they have to be ethical and based on solid evidence and there has to be recourse.
“What we are talking about here is potentially decisions made by machines that say ‘yes you are who you say you are and trustworthy’. What if the machine gets it wrong?”
Clearly these are issues that need to be addressed by the TDIF and with the general public before Govpass is rolled out.
Scott Farrell, partner at King & Wood Mallesons who led the review into open banking last year also explored in that report the issue of digital identity.
“The reason I thought it was particularly important was because the customer focus that came out so clearly during the 100 or so meetings I had to write the review, was that it had to have an echo in relation to how people give evidence as to who they are,” Mr Farrell said.
“It is part of the fundamental framework of making technology human. For example, one of the issues I have is that we have to make sure that identity is not a technology issue – if it doesn’t relate to people it’s a video game,” he said.
“The people have to have a non-technological way of disproving someone that has stolen their identity because the very means that has created their problem won’t be the means they turn to solve it.
“It’s going to produce incredible convenience, but it has to have the real confidence of real people and that won’t just come through clever technology it comes through education and engagement and that is going to be a big task.”