Published: Thursday June 23, 2016
Australia is on the brink of its very own GOV.UK Verify scheme, but it still has an important choice to make.
If you’re a UK citizen (or follow the nation’s news) you’re likely to be aware of the recent government initiative to increase online access to key government services. Digitising an entire country’s identities is no mean feat – it’s a process that provides as many challenges as it does opportunities. The UK’s approach was to enlist the services of third-party Identification Assurance (‘IDA’) providers; allowing them to benefit from a competitive model, drawing from private sector knowledge and expertise in order to drive innovation in the development and provision of the service.
It goes without saying that the UK isn’t alone in its strides toward digitisation – but there’s one country in particular that’s made impressive developments thus far. Regardless of the political party in power, the Australian Government appears committed to the path of enabling the nation to take full advantage of a digitised economy. It constantly progresses by investing in digital projects to foster a culture of innovation, and a workforce and society that recognises both the challenges and opportunities digitisation presents. Recent examples of this include the work done around the NBN roll-out, the mandate of the Digital Transformation Office (DTO), and the recent National Cyber Security Strategy Review.
As was the case for the UK however, the Australian Government now has some significant challenges ahead. As part of its digitisation plans, and because of the increased availability of government services online (Australian citizens are now able to pay most of their local government, tax, infringement notices, births, deaths and marriages registrations and other government expenses), a massive amount of data is now managed in the cloud.
Medical records are moving to an online space as well as Medicare rebates, with sensitive information now accessible to doctors and healthcare professionals across Australia. With access to so much private data online, it is imperative that identifying patient or client information is done with a very high level of precaution and privacy.
Many of these interactions with government agencies entail providing vital identifying information which would compromise data security if breached. With the expanded use of connected devices and wearable technology, the surface of potential attacks will probably increase in the coming years. The complexity of the cyber threat landscape means that the management of Australian citizens and resident’s digital identities is a top priority - both for efficiency and security.
In the modern world, the amount of identifying data available online is astounding. In the next five minutes, or the time it takes to read this blog post, globally more than one billion emails will be sent; over 20 million Google searches will be conducted; at least 10 million pieces of content will be shared and more than $12.5 million in online sales will be transacted. Added to which, over 1,200 babies will be born, creating 1,200 brand new identities that will need protection.
The data which we think builds our identity is typically associated with standard “name, address, passport, and banking” information. However in a connected world where we are increasingly leaving a digital footprint, our transaction history, mobile device usage and data such as IP addresses and social IDs mean the identity verification process has evolved and will continue to do so.
Understanding and appropriately utilising this myriad of identifying data is the key to building stronger identification assurance solutions, especially for government organisations who have access to much of their citizens’ most sensitive information.
Best practice identity assurance includes triangulating sources of identity data and verifying somebody is who they say they are through a multitude of checks, including address and financial history, personal knowledge, and document validation. Two-factor verification is an element of this – in other words being asked for something you know as well as proving something you own. For example, you know your username and password, but you need to own a mobile phone to which a security code is sent.
When you consider that you can unlock your phone with a fingerprint, access telephone-based services faster with the addition of voice recognition and that your passport is linked to a retina scan, it is apparent that biometric data will play an increasing role in the future of account login, working in conjunction with secure identity verification techniques at the point we register for services.
It’s vital that the Government is able to certify each citizen’s identity with a high level of security no matter where, when, and through which device or channel they access online services. Working with certified providers means there is no burden of a central Government-owned database containing all its citizens’ up to date information. Security can be ensured through a solution that can verify an individual is who they say they are by referencing on demand multiple datasets from a number of accredited sources.
As a result, the Digital Transformation Office is currently assessing the need for certified Identity Assurance providers, with Deloitte commissioned to undertake the initial market research and a Request for Information from local and international businesses already complete.
For the Government to fully succeed in its digital plans for the future, trust is key. It is imperative that people not only feel safe to migrate traditional services online, but that they actually are safe and that their most personal information remains private and the risk of breach is mitigated.
IDA is vital to the future of government services not only in Australia, but other countries, and selecting the right IDA providers is a very important task. Whatever outcomes are determined by the DTO in Australia, the next few months will be key to the successful expansion of online and mobile government services.
Want to know more about any of the topics covered here? Get in touch at firstname.lastname@example.org.