Australia's federal government is sticking with its plans for a federated identity service, but disruption minister Angus Taylor has moved to quell fears of a revived “Australia Card”*.
What first emerged last year looking like a “single identity” for all citizens across all Australian governments – before being dumped – isn't coming back.
Speaking at the Teach Leaders conference in the Blue Mountains on Sunday, Taylor – full title Assistant Minister for Cities and Digital Transformation – said the Digital Transformation Agency's (DTA's) identity project is now about setting standards rather than creating a single whole-of-government identity provider.
He also said the government considers it a citizen's right to have multiple digital identities for their interactions with government, if that's what they want.
Considering that last year, the then-DTA was trying to recruit state governments to its “federated identity” alpha (only getting the NSW government's support), the new direction looks like a considerable departure from the project's original ambitions.
Taylor said: “We don't see ourselves as creating a centralised solution that we'll roll out and everybody else has to come and play – that's not the answer. But we do need to agree on standards, and we do need to agree on principles as to how this will work.”
He also emphasised that the system had to be user-driven rather than top-down, and that citizens' consent is crucial to the model.
"If I want to have 45 identities ... it should be my choice"
“I must be user-driven. If I want to have 45 identities across the Internet and across my applications, it should be my choice. If I want to have one, that's my choice too.”
He added that the “user-driven approach” has to extend to the citizen having a “genuine consent” about how they interact with a digital identity.
“That, to me, is essential to any solution, and the federal government won't endorse or be part of any solution that doesn't do exactly that.”
A formal announcement about the future of the federated identity project is coming “in the very, very near future.”
As to rollout of the project, the first focus will be the federal government: recruitment of other levels of government won't be a concern at launch.
“The federal government has deep silos … getting authentication and verification streamlined across all those different silos is the first and crucial stage for us,” he said.
“The interesting thing we've learned is that the process of doing that is very similar to the process of onboarding other governments and agencies.
“What we're looking for is compatibility and standards across those … Australia Post is doing an enormous amount of work on this.
“We do believe strongly in a federated model … identity, verification and authentication will happen, in its own way, in quite a decentralised way. But it needs to conform to standards, and the federal government needs to play a crucial role.”
“The other point is that you need to be federated not just in terms of the authentication/verification process itself, but federated in terms of the data, the underlying the data.”
The other concern on Taylor's mind is that any “single identity” must not become a honeypot for black-hats.
“The notion that we should be creating honeypots for identity fraud – we cannot go down that path,” he said.
He said he believes as the identity project reaches a stage where other levels of government get involved, these are “crucial principles” that other agencies will “quickly endorse”.
Defending the DTA
The minister's speech also provided a spirited defence of the troubled DTA, after the agency told Senate estimates last week it had failed to engage with other agencies on the “not dead, sleeping” gov.au project.
The restructure of the Digital Transformation Office into the DTA represented an expansion of its role, but that it now understood it had to “work with agencies, not against them”.
Taylor also said in trying to recruit small/medium enterprises as federal government suppliers, the “panel” system has been “a big barrier”.
In “panel” contracts, suppliers bid to become part of a pre-approved group who can supply stipulated products or services below the threshold that requires a tender, with no further bidding or qualification.
It has, however, been criticised as putting burdensome requirements on anyone trying to bid to become part of a panel. By reworking supplier arrangements via the DTA's digital marketplace, he said the government hopes to make government contracting work better for the “SME sweet spot” of projects valued between AU$80,000 and $5 million.
The cloud, naturally, remains a focus, with Taylor pointing to last week's certification of local companies Sliced Tech and Vault Systems as “protected cloud” providers to the government.
Taylor also backed up DTA interim CEO Nerida O'Loughlin's endorsement of agile methodologies as a risk reduction strategy.
While some projects will always need to be dealt with under the old waterfall model, Taylor said the agile model means failures can be abandoned sooner. ®
*Comment: For readers unfamiliar with 1980s Australian politics – the “Australia Card” was proposed as a single ID for citizens in 1985.
Offered as an efficiency measure, it landed when “ID cards” in Nazi Germany and the Eastern Bloc were still fresh in many citizens' minds, especially for those who had arrived in Australia's first inrush of non-British immigration.
The uproar killed off the Australia Card after a two-year political battle, but not the concept: public service managers have never lost their love of tracking and identifying citizens.
From that point of view, Paul Shetler's DTO nearly achieved a huge social change by disguising it as “technological disruption”. ®