[Guest Opinion: John Lord, Managing Director, GBG – Global specialist in Identity Data Intelligence and certified Identity Assurance provider for the UK Government’s GOV.UK Verify program]
Regardless of the political party in power, the Australian Government appears committed to the path of enabling the nation to take full advantage of a digitised economy. It constantly continues to make strides by investing in digital projects to foster a culture of innovation, and a workforce and society that recognises both the challenges and opportunities presented by digitisation. Recent examples of this include the work done around the NBN roll-out, the mandate of the Digital Transformation Office (DTO), and the recent National Cyber Security Strategy Review.
The increased digitisation of government services, coupled with the complexity of the cyber threat landscape, is making the management of Australian citizens and resident’s digital identities a priority both for efficiency and security.
This is why the DTO has recently decided to follow the footsteps of other governments, the UK in particular, to find ways to address the online identification challenge. As part of this process, the DTO is currently looking at using the services of third-party certified Identification Assurance (IDA) providers.
The DTO’s concerns
As part of the Australian Government’s digitisation plans, and because of the increased availability of government services online, a massive amount of data is now managed in the cloud.
Medical records are moving to an online space as well as Medicare rebates, with sensitive information now accessible to doctors and healthcare professionals across Australia. With access to so much private data online, it is imperative that identifying patient or client information is done with a very high level of precaution and privacy.
Similarly, citizens are now able to pay most of their local government, tax, infringement notices, births, deaths and marriages registrations and other government expenses online.
Many of these interactions with government agencies provide access and information about vital identifying information which would compromise data security if breached. With the expanded use of connected devices and wearable technology, the surface of potential attacks will probably increase in the coming years.
In this context, it is vital that the Government is able to certify each citizen’s identity with a high level of security no matter where, when and through which device or channel they access online services.
What is our digital identity made of and how can we protect it?
The amount of identifying data available online is astounding. In the next five minutes, or the time it takes to read this article, globally more than one billion emails will be sent; over 20 million Google searches will be conducted; at least 10 million pieces of content will be shared and more than $12.5 million in online sales will be transacted. Added to which, over 1,200 babies will be born, creating 1,200 brand new identities that will need protection.
The data which we think builds our identity is typically associated with standard “name, address, passport, and banking” information. However in a connected world where we are increasingly leaving a digital footprint, our transaction history, mobile device usage and data such as IP addresses and social IDs mean the identity verification process has evolved and will continue to do so.
Understanding and appropriately utilising this myriad of identifying data is the key to building stronger identification assurance solutions, especially for government organisations who have access to much of their citizens’ most sensitive information.
Best practice identity assurance includes triangulating sources of identity data and verifying somebody is who they say they are through a multitude of checks, including address and financial history, personal knowledge, and document validation. Two-factor verification is an element of this – in other words being asked for something you know as well as proving something you own. For example, you know your username and password, but you need to own a mobile phone to which a security code is sent.
When you consider that you can unlock your phone with a fingerprint, access telephone-based services faster with the addition of voice recognition and that your passport is linked to a retina scan, it is apparent that biometric data will play an increasing role in the future of account login, working in conjunction with secure identity verification techniques at the point we register for services.
No matter the actual techniques and strategies used, if the Government wants to be efficient in securing millions of Australian citizens’ digital identities, it is key that it collaborates with third-party certified Identity Assurance (IDA) providers.
Working with certified providers means there is no burden of a central Government-owned database containing all its citizens’ up to date information. Security can be ensured through a solution that can verify an individual is who they say they are by referencing on demand multiple datasets from a number of accredited sources. In the UK, the ground-breaking GOV.UK Verify program has benefited from a competitive model, drawing from private sector knowledge and expertise in order to drive innovation in the development and provision of the service.
Next steps for the DTO
The Digital Transformation Office is currently assessing the need for certified Identity Assurance providers, with Deloitte commissioned to undertake the initial market research and a Request for Information from local and international businesses has recently been published.
For the Government to fully succeed in its digital plans for the future, trust is key. It is imperative that people not only feel safe to migrate traditional services online, but that they actually are safe and that their most personal information remains private and the risk of breach is mitigated.
IDA is vital to the future of government services in Australia, and selecting the right IDA providers is a very important task for the DTO. Whatever outcomes are determined, the next few months will be key to the successful expansion of online and mobile government services.
Comment below to have your say on this story.
If you have a news story or tip-off, get in touch at firstname.lastname@example.org.
Sign up to the Government News newsletter