Australian e-government is a long way behind many other developed nations. Our national leadership has utterly failed to comprehend why e-government should have been a national priority decades ago, and continues to offer little in the way of policy direction.
Hence, our current solutions are a bizarre mish-mash of inconsistent approaches, making it confusing and frustrating for Australians. Every mis-step sets back public trust in online government services. Usability, reliability and security are the keys.
The Australian Tax Office (ATO), for example, provides online data entry, but inadequate explanatory guidance. Searching the ATO website is risky because it also contains obsolete material from previous years.
The ATO communicates by print-formatted electronic documents to a separate MyGov email inbox, making reference to non-existent additional information, yet two-way communication is not possible through this service.
If the Digital Transformation Office is appropriately funded, empowered and motivated, then a top-down review of government services may be able to address the usability and reliability issues over time. Of much greater concern and urgency is the challenge of digital identity.
Who are you?
According to the Department’s own website, it has no role in the development of government-wide online services. So it is perplexing that the ATO has adopted an identity solution from a non-specialist department, developed to address a particular application and its own list of security concerns.
Whether those particular security concerns are relevant to the ATO is not clear. It’s also not clear whether a top-down threat assessment was ever conducted for either the DHS or the ATO.
The security threat is not just that government agencies want to protect their own systems, it is also that the users of these services need to be able to trust that their private information is accurate, correctable, auditable and secure.
The key issue is establishing that the digital identity of an account truly belongs to the physical person. Unfortunately, personal health records, social security payments and tax details provide a strong incentive for identity theft, and MyGov’s identity verification process is weak.
So how else could you establish that you really are who you say you are?
The UK and New Zealand
The UK government rightly puts identity front and centre in the mission of the Government Digital Service. And the UK government has been at pains to consult and to explain publicly how the digital identity system will work.
In the UK model, identity is established by one of a small number of private service providers, using multiple identification sources. In most cases, this can be done entirely online. The UK government also believes that the private sector is the most efficient way to develop evolving solutions to minimise the risk of emerging identity fraud attacks.
There is a further requirement that identity verification for a particular government service is proportionate to the service. Passports need biometric verification, but other services have less stringent requirements.
We have similar familiar in-person processes in the form of a 100 point check for financial service providers such as banks, and multiple identity documents for passports.
New Zealand has followed the UK model with RealMe. However, the service is provided by the Department of Internal Affairs in collaboration with the New Zealand Post Office rather than private providers. Once identity has been established, details can be shared with service providers.
Of particular interest in New Zealand is that RealMe is sufficient to open a bank account and apply for a passport entirely online.
The Estonian approach
The mature and battle-hardened Estonian e-government approach includes digital signatures, electronic prescriptions, online voting, and opening and operating both bank accounts and online businesses. Estonia has also extended its digital services to so-called e-Residents.
Estonia’s identity solution requires a smart identity card to be issued in person, which is when they collect biometric information, including a photograph and fingerprints. A smartphone application also provides identity validation for lower risk services.
The underlying system architecture provides a very robust and secure platform for both government and private sector services, even enabling users to verify who has been accessing their private information, and why.
The Estonian approach works in no small part because of strong and effective leadership in the 1990s, which brought with it public support. Whether or not Estonians like their current government, there is an inherent sense of trust in the security of government services.
What is happening in Australia?
If you search hard enough in the Digital Transformation Office website, you’ll eventually find a glib reference to digital identity. Just A$254 million has been budgeted over four years to begin the transformation of Australia’s Commonwealth services to online delivery. That’s less than half the cost of the Adelaide Oval redevelopment, but with enormous and quantifiable long term benefits to Australia’s economy and society.
In 1985 the Hawke Labor government proposed a national identity card, the Australia Card, which was subsequently abandoned in 1987. Politics got in the way of our nation’s leaders to grapple with real policy substance, to Australia’s detriment.
Robust policy debate still might not have delivered the Australia Card, but whatever solution emerged might have set up Australia to be a world leader in the delivery of modern government services.
Policy needs to be driven by open public discussion and consultation. The UK and New Zealand models are compatible with Australian expectations, although the Estonian smart-card based solution is far more robust and versatile.
We have two clear choices: an eAustralia Card would offer flexibity, security and convenience, not to mention eliminating a half-dozen cards from a typical wallet; or we can continue to fail to innovate, swallow our pride and follow New Zealand’s lead.
In the absence of well-considered policy driving e-government services, Australians will continue to have no good reason to trust our government to keep our private information secure.
Matthew Sorell is Senior Lecturer, School of Electrical and Electronic Engineering at the University of Adelaide.