The federal government will pour a further $250 million into its digital identity program, more than doubling the amount spent on the troubled scheme since it was started more than five years ago.
Prime Minister Scott Morrison said on Tuesday that $256.6 million would go towards GovPass, the whole-of-government federal program that aims to eventually provide identity verification across a range of government and private sector services.
The new cash would “enable more secure and convenient engagement with government services and, in future, the private sector”.
The funding would accelerate plans such as integrating the government’s digital identity offering myGovID with the myGov platform and incorporating facial recognition technology, both of which had been promised by the middle of this year, but have been significantly delayed.
The government has already spent $204.3 million on the program, which is still in beta phase, since it was launched more than five years ago.
The new funding will expand myGovID to welfare payments and the new Director Identification Number and integration with myGov, which it had originally aimed to have in place by the end of the last financial year.
It brings the total amount spent on the digital identity program, which has been plagued by delays and cost blowouts, to more than $460 million.
GovPass is run by the Digital Transformation Agency (DTA) and is made up of four intersecting elements: the Trusted Digital Identity Framework (a set of documents outlining the standards and requirements needed to be a part of the program), the identity exchange (run by the Department of Home Affairs), digital identity providers (at the moment limited to myGovID and Australia Post) and service providers (currently a limited number of government services).
Some of the new funding is to integrate myGovID with myGov, which would let users log into the platform using the digital identity service. This had originally been promised to be delivered by the end of the 2019-20 financial year, but a limited trial identified a range of issues and this integration has been delayed.
The new funding will also be going towards the expansion of myGovID to include facial verification capabilities and liveliness testing, something which the government had also promised to deliver by “mid-2020” but is now not expected until September 2021.
The DTA went to the market in early 2018 for a ‘liveliness’ solution for myGovID, with Paris headquartered identity services provider IDEMIA eventually winning a one-year contract worth $260,000. But last week the ATO went to the market to find a different provider for the same solution, with a potentially seven-year contract on offer for a supplier to prove a liveliness solution for myGovID.
This software is used to prove that the person registering for myGov is a “live person” and is physically present when registering, and also allow the user to take a selfie to then be used to verify their identity against a stored identity document like a passport or drivers licence.
This is a key aspect of the GovPass scheme and would make the digital identity service more than just a digital version of the 100-point identity check. It would allow myGovID to be used for services requiring a higher level of security.
The ATO plans to spend the first half of next year building out the software and incorporating it with myGovID before embarking on a private beta in June. It plans to launch the new technology by September next year.
The ability to use myGovID with the Director Identification Number will make it easier to launch a business in Australia, with the government spruiking that this could be done in just 15 minutes. If all new businesses were to use myGovID, this would potentially save the economy $236 million over five years, according to the government.
Australians will also be able to use myGovID to apply for JobSeeker and Youth Allowance.
It’s important that the public is educated on the digital identity scheme and privacy protections are put front and centre, according to Australian Strategic Policy Institute International Cyber Policy Centre head Fergus Hanson.
“Business digital identity is a very useful idea to help reduce fraud and potetially improve efficiency. The challenge with digital identity for people is the same as it has always been – there hasn’t always been the approach of protecting citizens’ interests first,” Mr Hanson told InnovationAus.com.
“The public debate is really important and being upfront about the problems this will solve and most importantly how it’s designed to protect citizens’ interests and improve their interests. That’s an important conversation to have and there’s still some work to be done around that – we haven’t really had that discussion. The foundation stone of that confidence is ensuring that citizens are confident that they’re putting their interests first.”
The new funding comes soon after the government led Select Committee on Financial Technology and Regulatory Technology called on the government to “accelerate” its digital identity reforms and bring forward new legislation “as quickly as possible”.
In a dissenting report, the Labor senators rejected this, saying there had already been “considerable delays” to the program and a number of deliverables “remain outstanding”. The Opposition said the government should get the basic infrastructure right before rapidly expanding the scheme.
“While we support improvements to the government-owned and operated digital identity platform, and strongly support the extension of those learnings to the private sector where appropriate, we believe there is clearly a lot more work to be done to build the infrastructure, as well as educating the public on what these reforms look like. Prioritising expediency over care isn’t the best way to achieve this,” the Labor senators said.
The expansion of the myGovID offering comes just after security researchers warned Australians to not use the service until a flaw in its design is fixed, something which the ATO has said it will not do.
The researchers said it would be easy for an attacker to trick a user into handing over access to their account and control of their linked government services using its “counter-intuitive” design which doesn’t require the use of a password but rather the entering of a PIN on the smartphone app when attempting to log into a website.
The ATO has said this is no different to a typical phishing scam and is more of a matter of public awareness than something to be patched.