More privacy conscious and not Australia Card 2.0: DTA defends digital identity play

The agency spent its entire Senate Estimates appearance explaining what exactly is digital identity and why Australians don't really know about its existence.

The Digital Transformation Agency (DTA) was probed last week on its digital identity play during Estimates by senators who were confused mostly with what exactly the government agency was working on.

DTA CEO Randall Brugeaud and chief digital officer Peter Alexander faced questioning by Senator Carol Brown who said no one she has spoken to has ever mentioned myGovID. It forced the pair to explain what they had spent around AU$67 million on.

myGovID is the Australian government's digital identity provider -- handled by the Australian Taxation Office (ATO). It's like the 100 point ID check but on a smart device, and it allows citizens to have their identity verified so they can access government services using that verified identity, rather than being verified continually by each Commonwealth entity -- Alexander said there's currently around 30 that require such a task.

GovPass is the name of the program of work led by the DTA, including policy such as the Trusted Digital Identity Framework (TDIF). The TDIF is a set of standards for a digital identity.

The overarching GovPass system, Alexander said, will be operational at the end of this financial year.

See also: Why Australia is quickly developing a technology-based human rights problem (TechRepublic)

Pointing to myGov, which is the federal government's online service delivery portal and not an identity solution, Brown said she remembered there were lots of advertisements when the initiative was released. But on myGovID, Brown said not many people know about it.

"I've never heard anyone mention it ... my memory of myGov, there was lots of advertising and people knew about it; I'm just wondering why it is that GovPass is sort of more low-key," she asked Alexander.

In response, he said: "It's had a reasonable amount of press, we've had lots of downloads on the [Apple] App Store and on Google -- lots of organisations are using it to access tax services, we're replacing Auskey with it, people will be using it a lot over the next year. 

"myGov didn't have a lot of advertising and it's particularly accelerated its use over the last couple of years, from around 9 million users a couple of years ago to 16.7 [million] now without advertising."

No money to-date has been spent on branding or marketing, Alexander added, but said it will be communicated more broadly down the track.

Contesting that myGovID is relatively unknown and updating numbers released in the DTA's annual report, Brugeaud said its myGovID app has been downloaded 81,000 times, across iOS and Android, with around 46,000 digital identities created since the Apple store app was launched in June this year.

Not the Australia Card 2.0

The Australian government in the mid-80s attempted a national identity system, the Australia Card. It was essentially replaced with the idea of a Tax File Number, which gives individuals a unique number for taxation purposes.

Spending a decent amount of time explaining that what the DTA is doing currently differs to the Australia Card, Alexander said there is no number or token allocated to a citizen.

"The fundamental difference is the Australia Card was about giving each Australian a unique number and ... they would use that number for a whole range of services," he said.

"The real distinction in what we're talking about -- people would still have a tax file number, they'd still have a Medicare number, they'd still have a Centrelink number, still have a number for Service NSW ... we're building a federation."

Brugeaud later reiterated in response to further questioning that the difference is that it's not a number, and it is optional.

"It is also something that each individual owns -- you own your facial biometric, it's not owned by the government -- this is a very different paradigm," the CEO added.

Must read: Committee orders complete redrafting of Biometric Bills as privacy safeguards are deemed inadequate

A case for legislation

When asked if he thinks there is a need to introduce legislation to oversee a service like GovPass, Alendander said "absolutely".

"The main reason for that legislation requirement is as this system becomes national, for state and territory governments to operate within it, but more particularly the private sector, there is a requirement for some legislation to govern the TDIF," he explained.

"We can apply a policy framework to government agencies without legislation, which federal government agencies need to use, but for state and territories and the private sector, a policy isn't enough, we need legislation to mandate nationally the operation of that framework."

Alexander said the DTA is currently talking to state governments from around the country, with some having expressed interest in being identity providers.

"Outside banks we've got some interesting providers -- Mastercard is an interesting player in the identity space, and beyond that there hasn't been a lot of action but I'm sure there will be some identity providers who will come up," he said.

On privacy, Alexander said throughout the four iterations of the TDIF the DTA has identified privacy risks with providing a digital identity for a whole nation.

"We've had thousands and thousands of pieces of feedback, we've engaged with privacy lobby, privacy groups, we've had privacy impact assessments. We've been through a really thorough process and we've designed this system in such a way that it is not only privacy friendly but it would be more private than the current physical processes that exist today," he said.

GovPass has had around AU$67.14 million spent on it so-far, spread across the DTA, Human Services, the ATO, Foreign Affairs and Trade, and Home Affairs.

DFAT is responsible for biometric matching of an applicant's photo to the document on file, and Home Affairs operates the Face Verification Service.

RELATED COVERAGE