The federal government’s long-running, $450 million digital identity scheme is “over-engineered” and has cost too much for what has been delivered so far, according to former government chief information officer Glenn Archer.
Mr Archer, who was closely involved with the early days of the digital identity program as chair of the government authentication governance committee, said there is little to show for the scheme more than six years since it officially launched.
The digital identity scheme was launched more than six years ago as a whole-of-government initiative aiming to provide identity verification across a range of government services and private sector offerings.
The Coalition handed a further $250 million to the program in the 2020 budget, more than doubling its overall funding.
The government plans to expand the program to state and territory governments and the private sector, but missed its own deadline to introduce legislation facilitating this to Parliament in its last term.
Speaking to InnovationAus.com, Mr Archer said a digital identity program is crucial, but he has been left disappointed by the lack of progress on it over the last six years.
“The program itself was possibly too ambitious. The initiative and the need for a common digital identity framework is absolutely necessary,” Mr Archer told InnovationAus.com.
“We don’t have a lot to show for it. Where’s the legislation? Without that it’s less than effective. I think it has taken way too long. It’s over-engineered for what it needs to be and it has cost too much, and it doesn’t actually deliver any benefits yet.”
As part of the broader program, the Australian Taxation Office (ATO) has launched its own digital identity service, known as myGovID. This service replaced the AUSKey for businesses in early 2020.
“In terms of replacing AUSKey, the Tax Office has done an excellent job on that front. That contrasts with the failure to make any progress on the citizen-facing aspects of digital identity,” Mr Archer said.
“The idea that in Australia as a citizen you need to have multiple identities to deal with different governments I think is just so confusing and inefficient. Again, it’s something I am disappointed about.”
Mr Archer led the Australian Government Information Management Office as government CIO from late 2012 to early 2014 and was previously CIO at the Department of Education. He also was National Manager for E-Business at Centrelink in the early 2000s.
The government began consulting on the digital identity legislation in late 2020 and had planned to introduce it to Parliament in the Spring sittings last year. This did not happen though, and the legislation was not released before the election campaign.
Late last year the Digital Transformation Agency called for expressions of interest from private sector companies looking to obtain accreditation and participate in the scheme, but they cannot fully do so until that legislation is passed into law.
Mr Archer was also a key architect of myGov, and said that he “despairs” at the lack of progress on the platform since it was launched, and that the decision to outsource much of the work on it in recent years to private companies was a “huge mistake”.
A number of private companies have also been closely involved with the digital identity program, with Accenture landing a number of contracts with the ATO, while London-based firm iProov won an $11 million contract to provide its liveliness technology.
Lockstep Consulting and Technologies’ Stephen Wilson last year criticised the design of the scheme, saying it is a “house of cards” that will be on the “wrong side of history” due to its reliance on a centralised framework.
Do you know more? Contact James Riley via Email.
The project was doomed by government in-fighting, largely because ATO wanted full control of the data for ‘revenue protection’ purposes, and undermined other players who were privacy/security focussed. Commercial options were available four years ago from providers such as Aus Post, but “not invented here” reasons drove government to try to do their own thing.
Governments the Courts the Media and Business are at risk of attacks because they are using overly complex device dependent high risk centralised authentication that is open to phishing attacks. Until such time as they implement decentralised device independent authentication that prevents phishing attacks these risks will continue to increase and proliferate. It is the height of hypocrisy for regulators to hold Business to standards that they themselves are dismally failing. Until Government starts to effectively engage with independent Developers to implement the technical solutions that are available for the benefit of the Community we will all continue to suffer the consequences of defective network authentication security.
I just renewed my identity with the NZ RealMe authentication and it works well. When I decided to get a NZ passport as well as my Australian passport I found the RealMe system to be easy, quck and getting a NZ passport application processed was far easier than getting my Australian passport renewed. I didn’t even have to go to the post office to get a passport photo done. It was uploaded online to the NZ passort application system.
It looks like NZ has worked it out well.
I detect no citizen demand for this. I have only heard statements from our great leaders that we want this. Who says we want this? I think a unique code, from birth to death, linking everything you ever did in your life, that will never be deleted, that is given for free to private-profit companies, that can’t be controlled – sounds like a really bad idea and I don’t want one. Who says loads of people want this? I was never asked. Were you asked?