Today’s citizens expect seamless, online access to public services. For this to happen, all agencies at all levels of government should be aligned, and data privacy and security assured.
Dean Grandy, KPMG in Australia
We all interact with government in various ways. It could be filling out a tax return, making a claim for welfare benefit, enrolling our child at school, or simply finding out what day the garbage collector calls.
We’re starting to do more and more of these transactions online and on our hand-held devices. This reflects a growing recognition that citizens are ‘customers’ who expect the same ease and speed of service from government that they currently enjoy from leading commercial providers.
To make service digitization a reality, many governments around the world are seeking to introduce digital identities (digital ID) for every citizen.
Digital ID involves more than simply storing personal details online. It’s an entire infrastructure for creating and maintaining citizens’ digital identities, and ensuring they can access government services efficiently and securely.
When it comes to digital ID models, one size doesn’t fit all. The approach must sit within national structural, legal and cultural parameters.
In my home country Australia, for instance, the recently established Digital Transformation Office (DTO) aims to move many government services online. With its ‘Tell Us Once’ solution, every Australian citizen will enter key personal information into the system one time only, creating a record for all future interactions.
Estonia has by some distance the world’s most highly-developed national ID card system, incorporating travel within the EU, health insurance, e-prescriptions, public transport, voting, proof of ID, and taxes.
For larger countries, a more applicable example could be the UK, whose ‘gov.uk’ system offers secure sign-in to a range of digital government services.
An intriguing alternative is New Zealand’s ‘RealMe,’ where a single ID can be used with both public and participating private sector organizations. Activities as diverse as opening a bank account, applying for a student loan, or enrolling to vote can all be done via the same ID.
Whichever approach a government chooses, the road to digital ID is paved with significant barriers:
Many of us are worried about our personal details being held centrally and accessible by multiple agencies. Well-publicized leaks by both private and public sector organizations have only added to this anxiety.
Governments are keen to reassure users that their details are safe and secure. The UK has addressed this issue with its ‘gov.uk’ secure authentication model, where citizens enter via a central hub and are directed to the relevant department, or ‘service provider.’ Although the actual ID is stored on the records of each service provider, crucially, the details of each individual session are not retained to ensure that security and privacy requirements are met.
With citizens frequently using smartphones and tablets to access services, authentication methods like biometrics could offer a relatively safe way into the system.
Many countries have multiple layers of central, regional and local government. If there’s a lack of legislative harmony, different tiers of government could opt out of digital ID, preventing comprehensive access. Significant variations in data quality between government agencies are widespread, making information sharing extremely difficult.
If citizen ID is to be truly government-wide, every agency will ultimately have to buy into the program and agree on appropriate legislation.
Common principles and standards for how government (and any third parties) use the ID, share data, and manage security and privacy are also required. This means reaching a sensible balance between accessibility on the one hand, and security/privacy on the other.
An example of this is the development by the DTO in Australia of a National Trusted Digital Identity Framework designed to ensure consistency of approach to identity, authentication and authorization across all Government services. This will also limit the requirement for multiple digital credentials.
Over the years, various parts of government have acquired disparate IT systems, some of which are 20-30 years’ old. In many cases, they have never interacted with each other. When a citizen wants to access a new service, they have to re-enter their personal details, and different departments may not be able to access important information held by other agencies.
While it may not be feasible to expect every agency to invest in exactly the same software, it should be possible for different systems to ‘talk’ to each other. An ‘application programming interface’ (API) offers this capability by enabling free flow of information between the different applications used by different agencies.
We can all benefit from digital ID. Individuals and businesses will be able to access services easier and faster, and feel they are in control. Government can drive efficiency through better coordination and slash costs by moving to self-service, reducing the need for manual entry and re-entry of data. A more secure, consistent access method could also help save money by reducing social security and tax fraud.
The Australian Prime Minister, Malcolm Turnbull, is so serious about digital ID that he made it part of his personal portfolio! That’s the kind of commitment necessary to implement this much-needed development. Governments with similar ambitions will have to be equally focused and resilient.
Dean Grandy (firstname.lastname@example.org) has a long and successful track record of working as an advisor to the Australian Federal Government on technology enabled business transformation engagements.
© 2018 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved.