The government needs to conduct a full-scale review to get its digital identity project back under control in the wake of spiralling costs, delays and a lack of transparency, according to the head of the Australian Strategic Policy Institute’s International Cyber Policy Centre Fergus Hanson.
The Coalition has thrown nearly $150 million into its digital identity project GovPass. But a number of industry insiders have told InnovationAus.com of concerns about the government’s approach, including its decision to build its own services and excessive spending and delays.
The government is bungling what should be a hugely significant initiative, Mr Hanson said.
“If it was done properly, then it would be one of the biggest micro-economic reforms we’ve had for a very long time,” Mr Hanson told InnovationAus.com.
“That’s what’s so frustrating about it. This is inevitable, we need it for a 21st century economy and it will enable heaps of add-on, spin-off products that could sit on top of it
“It’s a really useful reform if done really well, but unfortunately we’re doing the opposite.”
The government was wasting money by pursuing two taxpayer-funded digital identity solutions and isn’t putting the interests of the public at the centre of the project, Mr Hanson said.
He says a “root and branch” review of how the government pursues digital projects needed to steer the ship.
A number of industry insiders have shared these concerns, saying that the government’s decision to build its own services rather than utilise already existing solutions has led to cost-blowouts and delays and the scheme is now “out of control”.
GovPass is a set of interconnecting initiatives to assist Australians in accessing government services online without having to enter multiple passwords or complete a series of identity checks.
The project was handed a further $67.2 million in this year’s federal budget after receiving $92.4 million in 2018. The project was first launched in 2015, and will sit under the newly-created Services Australia department once it is established.
The aim is to build a whole-of-government way to verify identity across a range of government and private sector services.
GovPass consists of four interconnecting elements: the Trusted Digital Identity Framework (a set of rules and standards used to accredit digital identity providers), the digital identity providers, the identity exchange (a gateway between the digital identity provider and the service provider) and the actual service providers using digital identity as a proof-of-identity.
The Digital Transformation Agency is responsible for the overall project, while the Australian Taxation Office is developing the government’s digital identity offering – myGovID – and the Department of Human Services is working on the exchange gateway.
The first providers were accredited under the TDIF earlier this year, with Australia Post joining the ATO has “accredited identity service providers”.
But Mr Hanson said it is “absurd” that there are two government-funded entities competing against each other to provide digital identity services.
“It’s not bad to have more than one operator, but it’s crazy to have two taxpayer-funded operators. AusPost built a scheme which cost about $30 million, then the government went ahead and built another one that has so far cost $92 million,” he said.
“I can’t really see how you can justify why they build two taxpayer-funded schemes. Why wouldn’t you just use the AusPost scheme as the basis, given it’s taxpayer-funded already and build for it? That’s absurd, especially when AusPost did it at a much lower cost than the government. It’s a bit bonkers.”
A lack of legislation underpinning the digital identity project is also a huge problem, he said.
“There’s no regulation around it and no desire to put regulation around it. That is basically prioritising the interests of the government departments and niche interests above the people. We’ve seen that trick before and it always ends badly,” Mr Hanson said, referencing My Health Record and the metadata laws.
“They need legislation to make sure there’s really strong citizen protections in place. The reason why this will work is if people have trust in the system, in the scheme and they trust government, and right now there’s a real dirth of trust.”
Mr Hanson wrote a report for ASPI late last year that was highly critical of the GovPass program, claiming that “controls are needed to prevent a Western version of China’s social credit scheme emerging”.
While the DTA hit back at the report publicly, Mr Hanson said in private the agency agreed with many of the points in his report.
The government’s decision to build the exchange gateway and a digital identity in-house rather than sourcing pre-existing options in the private sector has been widely criticised by prominent members of the industry, with claims this has led to significant cost increases and delays to the rollout of the program.
“The issue is they’re trying to build something in isolation. They should be working closely with major industry players who have trust in the space. This is a growing waste of taxpayers’ dollars, when connecting in private sector solutions can support what agencies want,” one industry insider told InnovationAus.com.
“It’s taking a lot longer than comparable programs in the private sector. The general feeling is that things aren’t moving quickly enough.”
The DTA’s Digital Transformation Strategy lists a number of myGovId pilots that were meant to be completed by the end of the last financial year, including for Tax File Number applications, Unique Student Identifiers, Youth Allowance and My Health Record.
The Tax File Number trial is the only such pilot that has clearly gotten underway, with a much-publicised media event in October last year.
Sources InnovationAus.com spoke to labelled the project as out of control and a growing waste of taxpayer dollars, when the private sector was doing digital identity more efficiently and effectively.
“It’s right up there with programs that are generally described as being out of control. We really have to look at what’s been delivered,” one source said.
The government has tried to quietly roll out the digital identity scheme without drawing public attention to it, Mr Hanson said.
“The biggest problem is they’ve tried to sneak this in without having discussions with the Australian people about it. The rationale is, ‘oh we’ve failed twice before to convince the Australian public that the national ID schemes are a good idea’,” he said.
“The idea here is if they just keep really quiet about it and keep it on the low down then the Australian public won’t notice. That isn’t necessarily the strongest argument to make. There needs to be a big public discussion about it.”
The way forward for the government is to conduct a significant review of how it approaches digital projects, Mr Hanson said.
“We need a big review not just of digital ID, but on how the government goes about digitalisation schemes. We need a way to put the people at the centre of the systems rather than the individual government departments that have their own niche interests,” he said.
“These things are designed with department interests in mind rather than the interests of the people. And when they do think about people’s interests it’s in a narrow sense like user experience and making it quicker, but that is often worse for people if it means worse cybersecurity or entrenched disadvantage.”
In response to a series of questions from InnovationAus.com, the DTA said that “further trials will commence” this financial year, but could not confirm an official launch date.
“The DTA is on track to deliver on Australia’s digital identity program commitments. Australia’s digital identity program is opt-in and consent-based, providing more choice in how users access government services, with privacy and security at the core,” a DTA spokesperson told InnovationAus.com.