With the 2016 distributed denial of service attack on Australia’s first fully digital Census and Centrelink’s 2017 automated debt-recovery system glitches still fresh in our minds, it would be easy to pause in the pursuit of digitising government services.
The reality, however, is that there are compelling benefits to expediting government digital transformation, and the case for change is not simply one of customer convenience.
Deloitte Access Economics has estimated that the federal and state governments conduct 811 million citizen transactions each year. It calculated that lifting the share of transactions performed digitally from 60% to 80% over a 10-year period would lead to government productivity benefits worth $17.9 billion, plus a further $8.7 billion in benefits to citizens.
But the benefits of integrated digital government services extend even beyond time and resources saved. Data is the fuel for many new business models and, according to OECD measures, right now Australia performs only moderately well compared to international peers, particularly in relation to the availability of open government data.
The OECD has estimated that adopting more data driven decision-making in government has potential output and productivity benefits of 5% to 6% in the US, while improving data quality and access by 10% could increase labour productivity by an average of 14%. That can have additional flow-on effects across the economy. Almost 2 million people are employed in the three levels of government in Australia, meaning that 16% of the country’s 12.5-million-strong workforce is employed in the public sector.
This represents a strategic capability, enabling knowledge and skills transfer across the broader economy. Based on previous productivity gains from technology take-up, that can have significant benefits for Australia’s output. Further adoption of digital technologies across the economy has the potential to add an extra $66 billion to Australia’s GDP over the next five years alone.
So the case for change is clear; the question is really about how to do it. How do we maximise the opportunities, while best protecting citizens’ data and privacy? This policy brief is intended to start that conversation.
President, Australian Computer Society
What's the problem?
Australia was an early leader in the digitalisation of government services, and some Australian Government departments and state governments have continued to innovate and deliver enhanced services online. However, in the global context, Australia has now fallen behind and has so far failed to adopt an integrated approach to e-government that joins up all government services across all three tiers of government. For citizens, this makes life harder than it needs to be and consumes time that could be spent on other things.
For businesses, it increases transaction costs. Although existing user interfaces are logical and user-friendly, there’s still a limited amount of third-stage e-services enabling two-way interactions between citizens and governmental institutions.1 Critical missing pieces inhibiting the flourishing of e-services are a properly functioning digital identity ecosystem and a digital signature.2
What’s the solution?
The Australian Government should launch a consultation with the states and local governments to develop an integrated approach to e-government that joins up all services from all three tiers of government. The model will need to be customised to Australia’s unique circumstances but should be designed to reduce business transaction costs, allow citizens to engage seamlessly with the federal, state and local governments and prioritise citizens’ control and ownership of their data.
A decentralised architecture should be used to ensure there’s no single point of failure and to allow easy and secure integration with existing digital government platforms. The federal government should provide essential enabling systems:
- a digital identity (eID)—one has already been developed by Australia Post, and a second is being built, but significant work is needed to allow eID to take root
- the legal, organisational and technical preconditions for a digital signature—legislation should ensure that the digital signature has equal legal weight to a traditional handwritten signature
- secure data exchanges between different government IT systems.
Integrated Australian e-government would mean that less of citizens’ and businesses’ time would be wasted engaging with government. A digital signature would make official transactions simple: signing contracts or submitting applications could be done in moments. Mindless hassles when moving between jurisdictions (such as swapping licences from one state to another) would evaporate overnight; there would be no need to conduct 100-point identity checks in person, and time-consuming visits to physical government offices would become a thing of the past. In Estonia, where e-government is a national passion, officials estimate that these efficiencies lift annual GDP by 2%.3
While many government departments already have user-friendly online portals, and some states have begun integrating several services within single online platforms (such as Service NSW and Service Victoria4), Australia has yet to attempt a citizen-centric approach that makes citizen and business engagement with all three tiers of government seamless. It also lacks critical enabling systems. The major building blocks needed to achieve an integrated approach to e-government are an integrated government back office and a simple, easy-to-use and secure eID and digital signature.
That isn’t to downplay the practical challenges of joining up three tiers of government that have historically resisted cooperation or the attention to detail needed to address cybersecurity challenges. Joined-up e-government is nonetheless essential to a high-functioning 21st-century economy and should be attempted.
E-government in Australia
Australia was initially quick to join the global e-government trend, and even developed an international reputation as an early leader in this area (peaking around 1999).5 However, a joined-up approach to e-government wasn’t achieved.6 The success of some large departments, such as the Australian Taxation Office and Centrelink, has depended more on a joined-up ‘front end’ rather than an integrated back end that allows citizens to engage with government seamlessly.7
A national identification scheme (the Australia Card) was proposed in the 1980s. However, the Australia Card Bill generated significant public concerns about privacy and was defeated in the Senate.8 In 2006, Prime Minister John Howard made another attempt with the Access Card,9 before it too was shut down by the Rudd government in 2007.
The Electronic Transactions Act 1999 meant that when entities were required under federal law to give information in writing, provide a signature or produce a document, they could do it electronically.
However, the Australian Government and state and territory governments exempted a large volume of legislation from the operation of the Act. While the Act was an enabler, it didn’t create a ‘unique and un-forgeable identifier that can be checked by the receiver to verify authenticity and integrity and provide for non-repudiation’.10
At the end of the 1990s, the Department of Communications, Information Technology and the Arts was a central player in the coordination of e-government. Two units were created within the department: the Office for Government Online and the National Office for the Information Economy (NOIE), which provided advice and support to the government on internet-specific matters.11 Some of the functions of the NOIE were subsequently taken over by the Australian Government Information Management Office, which was established in April 2004.
However, government departments and agencies had variable reputations, and innovative cross-government projects usually originated from the biggest departments.12 To an extent, that’s still the case, but with more coordination. In general, the major electronic players (such as the Tax Office and Centrelink) and innovative state governments were leading the field, advising central agencies and driving central initiatives.13
In 2016, the federal government established a new agency to manage the government’s digital and ICT agendas: the Digital Transformation Agency (the successor to the Digital Transformation Office, launched in 2015). The agency aims to integrate digital delivery across the federal government and also enhance the transparency of the government’s ICT and digital projects. It covers strategic and policy leadership on whole-of-government and shared ICT and digital service delivery, including ICT procurement policy.14 The Digital Transformation Agenda, coordinated by the agency, foresees agencies and departments delivering ‘a range of initiatives that will provide benefits to all users and improve their digital experience’, including Single Touch Payroll; My Health Record; health payments; trusted digital authentication and verification; whole-of-government platforms; grants administration; and a streamlined online business registration service.15
The Trusted Digital Identity Framework outlines a consistent approach to digital identity in Australia and will be an important component of any integrated approach to e-government.16 Some $92.4 million in funding was secured in the 2018–19 federal budget17 to create the infrastructure that will underpin an eID (Govpass), and the government is aiming to roll out pilot services to half a million users by the end of June 2019.18 This will largely duplicate an eID recently launched by Australia Post called Digital iD. The challenges to the widespread rollout and adoption of eID in Australia are dealt with in a previous Policy Brief.19
States and local councils also deliver a range of services online. A leading actor is the New South Wales Government, which offers a single sign-on service for secure access to government transactions; more than 1.5 million customers have already signed up.20 Victoria is another leader. In May 2016, it released the Victorian Government Information Technology Strategy, which outlines steps the government is taking to improve the security of information and infrastructure critical to the proper functioning of e-government.
At the local government level, the City of Sydney is contributing to the open data movement by making accessible to the public an ever-growing range of data in a number of formats. The datasets provide information on environmental sustainability, transport, arts and culture, facilities, parks and more.21 Opening up data facilitates the creation and management of open services for the private and community sectors, increases transparency and stimulates the economy. It also decreases the number of information requests and reduces administrative workload.
An integrated approach to e-government in Australia
An integrated approach to e-government in Australia would require detailed consultations across all three tiers of government, and with business and the public. However, several principles derived from the experience of others can help frame the approach.
The once-only principle
The once-only principle (OOP) is central to joined-up government. The EU addressed this in its eGovernment Action Plan 2016–2020, where the foundations for the EU Digital OOP are laid out.22 The OOP requires that individuals and businesses shouldn’t have to supply the same information more than once to public entities (for example, when notifying a change of address). This requires the existence of public-sector interoperability at different levels: organisational, legal and technical. The conceptual model of the new European Interoperability Framework foresees interoperability levels as integral parts of integrated public service governance, meaning that different public administrations work together to meet citizens’ needs and provide public services in a seamless way.23
A decentralised approach
Facilitating secure data exchanges and interoperability between different government agencies doesn’t require the creation of a single database (a so-called superdatabase) that consolidates all data from other databases. In fact, doing that poses serious security risks. A decentralised approach enables different databases and IT solutions in the three tiers of government to ‘talk’ to each other securely and solves the problem of how to integrate the myriad different government databases and systems that already exist. Four key elements underpin this secure exchange:
- the identification of both the sender and the receiver of the data
- the encryption of data exchanged to ensure the data is unreadable in case someone intercepts it
- the time stamping of data transactions
- a legal audit trail via archiving and logging of electronic records.
In Estonia, X-Road (Figure 1) is a distributed information exchange platform that makes it possible for different systems to communicate across the entire governmental sector.24
Figure 1: Estonia’s X-Road
A digital identity
Digital identity is central to e-government. It serves two main functions: proving one’s identity in the virtual space and verifying virtual transactions. Given the administrative division of Australia into six states and two territories, specific cross-border solutions promise added efficiencies. The EU has taken steps in the direction of cross-border electronic identification and trust services. Its eIDAS Regulation (no. 910/2014) ensures that people and businesses are able to use their own national eID schemes to access public services in other EU countries where such schemes are available. It also ensures the legal validity of digital interactions; that is, they have the same legal status as traditional paper-based transactions. The EU case highlights the need to provide a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens and public authorities. With Australia Post’s Digital iD and Govpass, Australia is laying the foundation for a national eID, although some major questions remain to be addressed.
Addressing privacy concerns through a citizen-driven e-government model is important in winning public support for integrated e-government, especially given the history of the failed Australia Card and scandals such as eCensus. Mutual trust is the key to interactions in which the government collects information about citizens and citizens provide their own data to the government. The principles of confidentiality, integrity and accessibility of data are all critical. Building trust between citizens and authorities is at the core of a working e-government model, so considerable emphasis should be put on communicating with citizens about how and for what reason their data will be processed by the government.
One lesson learned from abroad is the value of placing citizens in the driving seat. In Estonia, for example, every time a citizen’s personal data is accessed by a government agency, the individual user can see that access via a log and contest it if they believe it to be improper. Another example from Estonia is related to the right to choose whether to use digital identity or not. Those who do not want to use their digital identity can still use a physical service centre. Australia is also planning an opt-in approach to its new digital identity; however, it may become de facto compulsory if private-sector organisations are able to insist as a condition of service that it’s used (for example, to use online banking). Were that to eventuate, it would raise concerns about anonymity and the ability to not share information.
A joined-up back office
In order to provide easily accessible e-government services across all tiers of government, a joined-up back office is central. So far, the success of some major agencies, such as the Tax Office and Centrelink, depends more on a joined-up ‘front-end’ (the interface between the user and the back office). As Catherine Garner has noted: ‘Improving Australia’s cross-agency collaboration and integration will provide efficient, dynamic systems with greater personalisation and support Australia on its journey to become an e-government leader’.25
Evaluating outcomes from government-funded services
The ability to evaluate outcomes of publicly funded services is an important means of measuring the effectiveness of the government services being provided to citizens. Applying strict privacy and information security practices, there would be value in evaluating outcomes from government spending at the population level, rather than on a simple agency-by-agency basis. There would be community benefits in having the secure, de-identified evidence base made available for approved service improvement and evaluation of government-funded programs and policies.
In addition to these guiding principles, Australia will need to resolve a number of other important issues. In summary, they include the need to:
- ensure secure data exchange and security of data
- manage the integration process and metadata related to systems and services (a clearly defined and regulated approval process, for example via the Office of the Australian Information Commissioner, is needed for adding new components or new services to ensure smooth integration and the maintenance of security and privacy standards)
- ensure the right of all citizens using e-government services to easily access information about how government is using their data
- ensure the right of citizens to decide who can access their data
- ensure the right of citizens to decide whether or not to use their eID.
Lessons learned from abroad
To implement integrated e-government in Australia, work is needed at several organisational, legislative and technical levels. A few conceptual questions were important when Estonia was developing integrated e-government:
- The question of how to identify people, businesses and real estate had to be addressed. In order to enable trustable and secure data exchanges between different databases and information systems, some identifiers for people, businesses and cadastral units are needed. In Estonia, ID numbers of people and businesses and also cadastral numbers are regulated by law and implemented in all databases and information systems. This is the precondition for secure and trustable data exchanges between different systems.
- The digital ID and digital signature are issued by the same process.26 Private keys (for use by the public key infrastructure) are generated by crypto-processor (chip) and aren’t downloadable.27 The eID and digital signature constitute a part of the government-issued and guaranteed infrastructure, which is used by both the private and the public sectors.
- While an eID is obligatory if a citizen wants to use e-government services, the citizen isn’t obliged to use their digital identity (they can use non-eID-based systems if they prefer).
- Finally, the citizen is the owner of their own data.28 They can control the use of the data managed by the government. The use of personal data is strictly regulated by law. Everyone can restrict the use of their data by blocking access to it if the law doesn’t specify otherwise.
Another lesson from Estonia concerns back-office integration. Several conceptual agreements underpinned the design of the country’s e-government architecture:
- Decentralisation: The system is decentralised. There’s no single point of failure, and the central management of the system doesn’t ‘see’ the data, but only whether the system is working.
- Ease of implementation: The system should be easy to implement. Government institutions shouldn’t need to change their existing systems and processes. Training on the integration of the systems should be offered to all technical experts working in e-government back offices.
- Neutrality of technology platforms: The integration of systems doesn’t mean that all technical systems use the same platform. Usually, governments use a range of proprietary software platforms as well as open-source solutions and technologies developed by different vendors. Integrated e-government should accommodate those variances.29
- Security of transactions: Integrity, confidentiality and non-repudiation (the assurance that a party to a contract or a communication can’t deny the authenticity of their signature on a document or the sending of a message that originated from them) should be guaranteed.30
- Security of data and services: Data and services should be secured so they can be transferred via public networks. The use of the public internet should be enabled, and the development of separate (usually very expensive) government data networks should be avoided.
- Agile planning and implementation: It’s necessary to avoid large, complex projects and instead develop a comprehensive general architecture that can be divided into small components, while still giving due consideration to security requirements.
We make the following recommendations for the further development of e-government in Australia.
- Avoid large e-government projects. Agile development can minimise risks, enable faster results and avoid implementation challenges.
- Establish a properly functioning secure eID and digital signature for each citizen. The eID should be simple and user-friendly, issued by government (similarly to passports) and guaranteed by law. It should be used for both e-government services and business e-services.
- Back-office integration should be coordinated centrally but done in a decentralised way, enabling secure data exchange between systems connected via the internet. The integration platform should enable the integration of different technical platforms in different locations, in different legal environments and with different organisational set-ups. The integration platform should be as simple as possible and not require changes to existing back-office processes and systems. Process redesign can be done step by step.
- A citizen-centric model is important to win public support for integrated e-government. It should allow people to control their private data and provide legal guarantees, supported by organisational and technical frameworks. Building trust takes time, so carefully planned communication between the government and citizens is critical, including building up and publicising a track record of competent and secure service delivery. This can be assisted by following basic design concepts and data protection principles when designing the eID and the back-office integration of IT systems.
Integrated e-government offers major benefits to businesses and citizens. It reduces the time and costs associated with transacting with government and with each other and makes life easier. A thoughtful approach to designing integrated e-government (such as decentralisation) will also mean that the risks of a data breach won’t be increased. Australia’s geography and population size don’t present any technical obstacles to rolling out a world-class e-government system.
The move to create digital identities in Australia also suggests growing political momentum to take a more holistic approach to e-government. If it’s citizen-centric, it could help win public support, too.
30 Nov 2018