RBA wants banks involved in Australian government digital identity solution

Rather than including banks, the DTA has selected a pair of government departments, one responsible for the robo-debt debacle and the other dealing with consistent IT outages, and a postal service that wants voting to occur via the blockchain.
Written by Asha Barbaschow, Contributor

The Reserve Bank of Australia (RBA) has told the House of Representatives Standing Committee on Tax and Revenue that it wants to see Australia's banks involved with building out the federal government's digital identity solution, Govpass, as online banking is considered a better digital experience than the government's contentious myGov portal.

The Digital Transformation Agency (DTA) outlined the process for applying for a Govpass just last month, with the system expected to match a user's photograph, as well as Medicare, driver's licence, and birth certificate details, with information already held by various government entities such as the Attorney-General's Department.

"We go to our banks apps once a day; we all trust our banks to look after our funds, so we suspect that it will be very important for the financial sector to be involved in any digital identify solution," Dr Anthony Richards, Head of Payments Policy Department at the RBA, said.

"We probably go to myGov once a quarter and we find it a less easy experience, so as the government thinks about digital identity, I think it's very important to involve the private sector."

Following the RBA in facing the committee was DTA CDO Peter Alexander, who revealed there were three providers that would be charged with the responsibility of Govpass in the first instance: The Australian Taxation Office (ATO), the Department of Human Services (DHS), and Australia Post.

"They hold a lot of identity data already," Alexander said. "It could easily be extended to jurisdictional providers and commercial providers, who are talking to banks, the Australian payment network, and others who can provide identity."

The ATO has suffered a handful of outages over the past 10 months from "one-of-a-kind" SAN outages to mainframe reboots. DHS has also been dealing with its own 10 months in the spotlight, thanks to the Centrelink robo-debt debacle that stemmed from its data-matching system automatically comparing the income people declared to the ATO against income declared to Centrelink incorrectly, in some cases.

Meanwhile, Australia Post has been pushing its agenda to have blockchain used for voting.

"Generally speaking, the capability of the Australian government and the Australian Public Service to deliver good technology solutions has been pretty sound," Alexander said. "We have had some issues, of course, and very well publicised ones ... I would not describe them as systemic. I would say they are outliers."

"We have invested in technology and made technology choices which are less flexible than would be ideal, and have proven to be significantly complicated to change and adjust.

"The way we would describe it is that they are not agile systems when we need to make a change, particularly in our big service delivery agencies, the changes have been complicated."

Alexander explained that 10 years ago when myGov was conceived, having a central account was a "great idea".

"As we have moved on in time, the variability and choice we want to give people means that you should be able to use third party software using that identity and then transact directly with government or other providers or to use an application on a mobile phone, government provided or third party, to do a transaction or log on to a website," he added.

"So this is the identity ecosystem we are establishing, again, based on a set of policies and transaction levels. Level 1 gets you a fishing licence. Level 4 gets you your passport and the kind of transactions in between."

When a citizen is transacting with the government online for a "level 4" transaction, for example, they will be redirected to the provider -- in the first instance the government entity -- that holds their information to conduct the identity check.

"If you have already established an identity with one, you could log on using that. So the process is self-directed by the individual dealing with it. Every time it passes data from that identity provider -- and it stores the minimum data -- such as your name and your date of birth. In most cases, it would not even store your address. Some may ask for that. You consent to that being passed back," Alexander added.

Unlike the concept of the Australia Card from many years ago, Govpass federates the personal identitifiers, rather than removes or replaces them, the DTA CDO explained.

"You would go into a particular transaction and say, 'I want to do this transaction'. The transaction would say, 'I need to know who you are and I need to know who you are to a level 3 because you are asking for some particular data' -- level 3 is where you have to supply your face biometric. It would then say to the exchange, 'What identity providers do level 3 transactions?' We will say that these three do it."

David Emery, senior manager of Payments System Efficiency within the Payments Policy Department of the RBA, also suggested that citizens might end up with more than one digital identity, particularly if the private sector gets involved.

"You might have one for government interaction and one in relation to private sector interaction, or you might have some collaboration between the two -- I think that's something to think about in terms of an increasingly digital world," Emery said.

Alexander, however, was quick to shut that idea down, highlighting that a citizen can have multiple accounts, multiple logins, and multiple passwords, but never more than one identity.


Australian national security COAG says yes to facial biometric database

The group of Australian state and territory leaders has unanimously approved the prime minister's request for a country-wide database of citizens' driver's licence details.

Review asks for tighter Medicare card privacy controls from Human Services

Moving the authentication platform, educating citizens, and stricter privacy controls were among the steps recommended to the Department of Human Services by a review into heath providers' access to the Health Professional Online Services system.

Government blunders stall rollout of NDIS virtual assistant

The ABC has reported the rollout of Nadia has stalled due to concerns the ABS Census debacle and the Centrelink robo-debt dilemma have stifled the government's appetite for risk.

Australia's digital health strategy gets the nod without data interoperability controls

The Council of Australian Governments Health Council has given the federal government the green light to automatically sign citizens up to an electronic health record, with a public consultation on draft interoperability standards to come by the end of next year.

Audit Office calls myGov 'largely effective' despite tripling initial budget

The Department of Human Services' implementation of myGov as a platform to deliver whole-of-government online services has been largely effective, a report from the Audit Office has said.

Editorial standards