The Digital Transformation Office (DTO) has applied the brakes to its national identity framework plans.
In a letter sent to the 70-odd organisations that replied to its Request for Information earlier this year, the DTO’s procurement team has indicated that it no longer plans to go to the next stage and actually buy a solution – not yet at least.
The delay contrasts with what the DTO’s head of identity Rachel Dixon told delegates at an Identity Summit in Sydney last month, when she indicated that the DTO would soon issue an RFP to selected companies that had responded to the RFI.
While slowed from its original timetable, the project is far from mothballed. Assistant Minister for Digital Transformation, Angus Taylor, is understood to be planning an industry roundtable with key stakeholders for October.
It will be an important step in the Government’s plan to convince Australians that they would benefit from an opt-in national identity system that would use biometrics to confirm their bona fides.
The Australian Privacy Foundation, however, has questioned whether the roundtable itself might be a delaying tactic. It has called for much greater levels of consultation on the project from Government, writing again to Ms Dixon and calling for a “robust, multi-phase Privacy Impact Assessment” to be undertaken before the project progresses.
There is likely to be little real progress in the immediate future. The DTO’s letter thanks respondents to the RFI for their input and notes that the organisation now “has an increased understanding of the capabilities of the Australian industry in relation to identity and access management solutions. At this time there is no expectation of a further approach to market however, should this occur it will be through AusTender.”
Instead of a limited RFP to a subset of organisations that responded to the RFI, that suggests a broader array of companies could become involved at some stage in the future.
A spokesperson from Mr Taylor’s office said: “RFIs are an important part of the procurement process. Any future procurement opportunities through the DTO will be advertised appropriately.”
While some quarters are disappointed at the slowdown, others say they are not surprised.
The RFI called for information that would help ascertain the skills in the market to help DTO design and implement a trusted digital identity framework and solution. According to industry sources the very wide terms of reference of that RFI resulted in around 70 responses and thousands of pages of detailed reports being delivered to the DTO by the end of June, which are still being reviewed.
An argument can be made that the challenge ahead lies less in the technology than the politics of persuasion. The first challenge is to persuade the general public (and the Australian Privacy Foundation, which was founded expressly to campaign against the Australia Card) that there is a need for a biometrically underpinned digital identity framework in the first place. And if there is a need, that such a framework can be created securely and with proper regard for privacy.
The second challenge the Government faces is to convince the major banks and states – which are being invited also to use the framework – that they should consider replacing their existing identity management schemes, some of which have been in operation for decades, with the DTO’s yet-to-be revealed alternative.
Similar challenges are being faced in Singapore, where the Government’s plans to introduce a tightened digital identity system are being hampered by the banks, which are still to be convinced of the benefit to them and their customers. Singapore did however this month launch its Corporate Access digital identity system for enterprises, which will need to use it to access most government services by the end of the year.
With regard to citizen identity, in a speech earlier this year Singapore’s minister in charge of the Smart Nation Initiative, Dr Vivian Balakrishnan, indicated that the nation wanted to bolster its Singpass digital ID system beyond the current two factor authentication process with some form of public key infrastructure to ensure “non-repudiation, security and end-to-end encryption.”
The DTO also has been seeking to construct a digital identity solution that will deliver security and certainty, underpinned by what Ms Dixon has previously described as “well anchored biometrics.”
While the DTO has provided no details on what those biometrics could be, a voice print seems the most likely and benign fit, allowing people to use existing phones or computers to identify themselves. This would also allow the DTO identity framework to leverage the biometric voice print systems already deployed at the ATO and for Centrelink at the Department of Human Services.