The federal government has begun the process of opening up its digital identity project to the private sector, with hopes the big banks will buy into the controversial scheme.
The Digital Transformation Agency, which is guiding the government’s set of interconnecting identity initiatives known as GovPass, has begun consulting for the fourth time on its Trusted Digital Identity Framework (TDIF).
The TDIF is the set of rules and standards that government uses to accredit digital identity providers before they are allowed into its broader ecosystem.
The standard has been in the works since early 2015 and has undergone several rounds of consultations.
The latest consultation will focus on adapting the 19 policies in the TDIF for private sector organisations that want to be assessed as accredited digital identity providers, a “foundational step to developing true whole-of-economy solutions”, the government says.
Two government-funded organisations have already been accredited under the TDIF for their digital identity offerings – Australia Post and the ATO. The targets of the government’s latest expansion of the TDIF are likely the big banks, which are pursuing their own digital identity services.
The new TDIF, which the government said would be released early next year, will set the guidelines and expectations of commercial sector providers looking to be a part of the government’s identity ecosystem.
“Australians rightly expect government services to be simple, seamless and safe. The standards established through this framework will enable government to meet this expectation, ensuring Australians have secure and reliable access to digital government services,” government services minister Stuart Robert said in a statement.
“Digital identity, underpinned by this framework, will enable faster, simpler services for government and the digital economy.”
The TDIF defines the requirements for participation in the GovPass project, setting out the roles and responsibilities for participants and providing assurances for usability, privacy, security and interoperability of its processes and data.
Government agencies and private sector organisations looking to gain accreditation also have to undergo a “series of rigorous evaluations” of their services and demonstrate they meet these “strict requirements”.
They also need to have completed an independent privacy impact assessment and privacy audit, and undertake annual assessments.
The government has now thrown nearly $150 million into the troubled GovPass project. There are widespread concerns surrounding the initiative, centred on spiraling costs, continual delays and a lack of legislation underpinning it.
Earlier this year, Australian Strategic Policy Institute’s International Cyber Policy Centre head Fergus Hanson called for a full-scale review into GovPass, criticising the government’s pursuit of two separate government-funded initiatives and a lack of transparency over the project.
“There’s no regulation around it and no desire to put regulation around it. That is basically prioritising the interests of the government departments and niche interests above the people. We’ve seen that trick before and it always ends badly,” Mr Hanson told InnovationAus.com in August.
“They need legislation to make sure there’s really strong citizen protections in place. The reason why this will work is if people have trust in the system, in the scheme and they trust government, and right now there’s a real dirth of trust.”
Other sources have also taken issue with the government’s decision to build much of the digital identity infrastructure itself, rather than buy off-the-shelf offerings from the private sector, with this leading to budget blowouts and delays.
The latest round of consultation “shows that people and businesses continue to be firmly at the centre of improving service delivery”, but Mr Hanson said that most Australians have never heard of the digital ID project, and the government hasn’t made an effort to explain it.
“They’ve tried to sneak this in without having discussions with the Australian people. The idea here is that if they just keep really quiet about it and keep it on the low-down then the Australian public won’t notice,” he said.
“That isn’t necessarily the strongest argument to make. There needs to be a big public discussion about it.”