Making online access simple and secure
At the DTA, we are building and testing new technology that will make it easier for everyone to prove who they are when using government services online. This is part of our GovPass project, which will allow more government services to be made available online and accessed in a safe and secure way.
The digital identity program is evolving. Read our recent information on this topic.
Everyone, at some stage in their lives, needs to deal with government to get things done. At some point in this process you will be asked to show some form of identification.
People have told us they often need to provide too much information to prove who they are, and are asked to provide the same information each time they interact with a different government agency.
Government has already taken steps to make accessing government websites easier. For example, last year, changes to the myGov website delivered a number of improvements, some of which simplified how users sign in, with more username and password options made available.
The DTA’s GovPass project will make it easier for users to prove who they are across more government services. Below, we explain what this project is about, where things are up to, and what it will mean for you, the user.
Having someone vouch for you
Once this project is fully operational, you will have some new, easier-to-use options available to you when you want to access a range of government services and need to prove who you are.
The new features will give you the ability to prove who you are by using a government or accredited non-government organisation with whom you have an established relationship — these are referred to as verifiers.
When you access an online government service, you are often asked to prove who you are. With GovPass you will have the option of selecting from a number of verifiers who can vouch for you — making access to government services much quicker and easier.
In the initial stage of this project, the verifiers available to vouch for you will be limited to government organisations. Over time, we will bring on board more accredited verifiers, which may include state government agencies or even your bank.
Verification and authentication
If you don’t have an existing relationship with a trusted verifier you will have the option to create one online through a few simple and secure steps.
Just as you would when visiting a government shop front, you will be asked for details such as your birth certificate and driver’s licence. These are checked electronically and your digital pass will be created.
Importantly, your document details are then discarded.
Once you have created an online account, you will not need to create one again. In the early stages of rolling out this project, once you have a verifier, you will get access to a number of simple online government services.
Once the project is fully rolled out, you will be able to do more complex online transactions that have traditionally required you to travel to a department or office.
How are my personal details protected?
Privacy and the protection of personal data have been carefully considered at all stages of this project, and in developing new technology.
When accessing government services, an ‘exchange’ limits the information flowing between your verifier and the government agency you are dealing with.
The exchange is like a gateway that connects the government service with the verifier. The technology behind the exchange means the service doesn’t actually see the user’s documents, and, the provider doesn’t know what government service the user is trying to access. The exchange acts as a double-blind and ensures that all parties involved are trusted and secure.
All verifiers will be required to adhere to a strict set of conditions, including following the Australian Privacy Principles.
All use of personal data is controlled by the user and nothing is shared without their permission.
On screen: Australian Government Digital Transformation Agency
The DTA is building and testing new technology that will make it easier for users to prove who they are online.
The Exchange is a secure gateway between users and government services.
GovPass will give users access to government services more easily than ever before.
The new process will be simple and secure. Here’s one example of how it will work.
Diagram of process on screen. Zooms in to diagram showing steps in the process.
Service User applies for online service and is asked to prove who they are
Exchange If user does not have an existing GovPass account they are directed to set one up
GovPass User enters name, email address and phone number
GovPass Details are verified by email or SMS
GovPass User provides details from three ID documents
GovPass No ID information is retained
GovPass Account created and verified
Exchange Receives encrypted details and user agrees to share with service
Service Receives details from Exchange and gives user access to the service
Zooms out to show whole diagram.
GovPass — simple, clear, fast and secure
GovPass: video by the Digital Transformation Agency dta.gov.au Production: 16 March 2017
When will this project be up and running?
The product is currently in a private beta stage of development. This means we have working software that we are testing with real users, but we’re using test data.
By the middle of this year, we plan to have a product available to be tested by selected individuals.
Early next year, a public beta will be available to everyone to test on a limited number of services.
Because this project will allow you to link into many government services, the DTA is working closely with other government departments so you don’t have to.
In total, more than 500 meetings have been held over the past year with research participants and our government and private sector stakeholders and interested parties.
This includes consulting with privacy and civil liberties advocacy groups to get their advice and feedback about the project.
We have also commissioned a series of independent Privacy Impact Assessments to identify any potential issues that should be considered in the design and delivery of this project.
A preliminary Privacy Impact Assessment has been published by the DTA. Independent consultants will be calling for public feedback on future assessments in the next phase.
Taking time to get it right
The GovPass program consists of three distinct pieces of work:
- the framework, which lays out the policies, standards and requirements that will help to determine a nationally-consistent approach to authentication and verification
- the process of setting up and accrediting verifiers
- the exchange, which is the new technology being tested that provides a secure safe connection between the parties involved
The DTA wants to make sure it gets this project right.
While building new technology can be done relatively quickly, there is considerable work involved to successfully deliver a sound and reliable new process and technologies for public use.
The DTA is drawing on its delivery expertise and understanding of the complexities of this project to ensure all the appropriate steps are taken before rolling it out for public users.
These important steps include:
- testing the new technology with users to make sure it’s right and meets the user needs
- improving existing systems used across government and ensuring the new technology can work with them
- ensuring stakeholders are involved in the process so they understand and are comfortable with the new technology and processes being proposed
- ensure the regulatory frameworks required to sit around the technology, such as the national standards and processes are agreed by all parties, so a consistent approach can be achieved
We’ll continue to bring you updates on this project as new information is available.
Drew Andison is the policy lead for Govpass.