privacy, identifiers, costs

Kevin Beck, April 6, 2015

Apropos of the Harper report into Competition Reform (Australian Government 2015) and my reference within it to Public Service EOI and tendering practices and processes “As discussed in Chapter 12 on human services, government procurement processes have often been risk-averse and prescriptive. A submission from Kevin Beck states that tender documents are ‘prescriptively written to place the entire onus on the respondent with risk and accountability deflected away from the agency’ (sub, page 3)”, Part 3, Competition Policy. The near issuance of the tender for the upgrade (replacement) of the Commonwealth’s primary architecture for Social Benefits (Centrelink – DSS- Family Services) within the above Human Services context will be an opportunity to streamline the RFT processes and policies and also to address matters raised below. I am questioning the rationale of the APS in relation the myriad of cards being purchased by the APS and why a card is considered to be the best solution and the haphazard manner of purchasing across the whole of government.

By my assessment Australia’s federal government agencies spend over a hundred million every year on a divergent range of cards used for social security, health, identity, access and security. What is the cumulative cost (by all agencies) and the real effective utility of the following cards? Another question is what stresses arise when suppliers bid so low that the whole contract is not best business practice on either side of the equation, APS or Supplier? How much risk is reasonable for the APS to shed to the Supplier? I would contend that tens of millions of dollars of opportunity savings are wasted on agencies acting in isolation, doing their own thing, acquiring low grade insecure instruments at the cheapest possible price whilst embedding penalties into contracts that can effectively make the supplier lose all of their margin if they breach the performance benchmarks and the overall outcome which is economically unsustainable in the medium to longer term. The most prominent example of this latter proposition is the Medicare card, which churns from one supplier to another whilst having very little utility. DHS is moving to an electronic relationship with the consumer and the card is largely irrelevant in that strategy. The DHS web site that combines all of a person’s interactions into the Whole of Government service model puts greater pressure on the justification for maintaining millions of cards. One need not dwell on the poorly managed and wasted projects that occur so often large and small – Access Card, Australian Passport Redevelopment integration and Defence JP2099 smart card identity. The cost to government, taxpayer and industry is massive not merely in dollars but in the inability for the respondent’s bids to be used by the APS for future learning


and comparison due to an ideological notion of probity effectively losing any opportunity for value out of the exercise.

Among the many in use what is the utility and security of the following cards? The Medicare card, its utility function is largely 20 points in 100 point identity test, a low grade instrument which facilitates ongoing fraud. Priced by suppliers so low that any failure to meet contract benchmarks puts the economics and the relationship under stress.

ASIC Transport card, another low grade high risk identity access instrument issued across nation by private agents, and port owners, enrolment by a questionable security process and a basic identity check by the APS agent, provides access to airports and ports across the nation.

Centrelink pension card, cheap flimsy paper object, low grade low security with no real utility, can be part of a fraud scheme when added to other identifying instruments

Multiple desktop issuance systems of a non-common standard, for identity, and access, from low grade high risk cards to quite high security but very high cost smart cards. Purchasing proprietary cards and laminates ensures the APS is not getting value for money and is locked in. There is no use of economy of scale or common topology design, common software for enrolment and management, for a whole of government utility to reduce the aggregate costs. Could it be that Secretaries like to have a separate card to enter Parliament that denotes their status? Could it also be that contractors and internal information technology divisions want to maintain their relevance and their pet technologies and relationships?

Some instruments (centrally issued) such as the multiple Maritime Services Cards (replacing the seaman’s passport) and the multiple Refugee Status Cards are marginally okay in terms of security relying upon complex art print design, holographic laminates and perhaps a basic chip. The value would be would be better if they were part of a secure topological set (this does not necessarily mean having a chip, which adds exponential costs) perhaps similar to the security quality of the Victorian Driver Licence which is the most secure driver licence in Australia. The Queensland driver licence with chip is not the world leading example of security.

Now Mr Forrest has proposed another financial (social security) benefit control card, a slim line elemental version of the Access Card. A lot of work and debate has gone into this exercise only to be rejected at the political level or if not then locked into the “competitive world of public sector agencies and APS Departments” and the many external (vested interests) who garner influence and often earn their livelihood from poverty and disadvantage.

A plethora of providers from one man shows to multi-national companies feed on the above scenarios of individual agencies doing their own thing resulting in the government as a whole paying too much for what they are getting in return.


Millions of Identifiers in Australian Government Programmes including instruments used outside of Australia

All Australian government agencies use identifying cards/instruments for specific elements of their operations

Employee, and other approved identity and access (physical and logical, various levels of authentication and verification according to security level) to buildings and assets such as computer systems

Asset identification (barcode, RFID, biometrics and other)

Benefit eligibility and receipt (Medicare, Pension, AusStudy and the like) – external parties/clients

Control mechanisms for Centrelink benefit payments (expenditure type controls DSS) – external parties/clients

Cyber security access authentication and verification

Portals

Parliamentarians, Committee Members and others

Third party providers eg medical profession, hospitals using system such as e-health patient records, benefit claims and reimbursements

APEC card

Passport identity – books and transit cards (maritime personnel and refugees)

The Australian Department of the Attorney General publishes frameworks for use, design and issuance but these are not mandated by the government nor by Prime Minister and Cabinet for common use. Departments can ignore them or just take them as guidance.

Where do all these cards fit into Australia’s Security Framework? Coordinated standard topology and architecture multi-purpose identifiers have particular relevance and a contributing value to Cyber Security. As agencies decide what goes into the cloud the question of security (cyber and national) and privacy of data takes on new dimensions.

The uncoordinated issue, and multiplicity of use by each agency, is a very costly affair not only in terms of the instrument acquisition and cost (enrolment, software and card printer personalisation chip or non – chip, encrypted or not) but particularly so when coupled with each agency’s back office systems.

Many projects are run within the CIO Divisions of each agency which further adds costs and is often encumbered by self-interested protecting mechanisms such as the information technology group working to maintain their controls and employment.

This equally applies to external information technology integrators and consulting firms who embed personnel in government agencies under contracts.


Trying to justify poor purchasing, excessive cost and questionable processes The arguments put forward, internally, by various agencies for Identifier Programmes are that identifying instruments for example cards have a number of benefits, such as (a) increasing administrative efficiency and (b) enhancing data accuracy are too often used to override the independent economic evaluation process that would show the current process of discrete acquisition, independent of a common standard and ad hoc, is far greater in cumulative cost across the Whole of Government/Public Service and Agencies than the intangible benefits claimed by the individual agencies when seeking approval to implement their own (island) card or Identifier.

It may be argued that linking a multi-purpose/multi-use common topology card identifier to a name limits the ability of individuals to use different names in different contexts.

For example a bank will identify a client/customer in many different ways – individual, corporation, trust, and so on.

At common law, there is nothing to prevent an individual from operating under various names, provided that he or she does not use different names to engage in unlawful behaviour. Aliases may be used by a variety of people, such as artists, authors and intelligence operatives.

Citizens, and others, have a multiplicity of identifiers in their dealings with the Australian Public Service and their interactions with agencies.

Privacy interests argue against the introduction of multi-purpose identifier cards. According to them such instruments increase the ability of the state to monitor the activities of its citizens. Never mind that Coles Fly Buys in one of the most widely used “’monitoring instruments”, when coupled with Facebook and Cloud they are far beyond the utility perceived by the Public Service. By recording multi-purpose identifiers during transactions, government agencies and organisations can compile substantial amounts of information about a person, including information about a person’s financial circumstances, family composition, hobbies or health. This could then be used for a variety of purposes, such as to locate a person or to determine a person’s interests for the purposes of direct observation, investigation or other purpose.

The obvious savings to government of combining the data collected about the transactions or activities of particular individuals to create a richer dataset are lost in a spurious argument and climate of mistrust and self - interests.

The process of data-matching is well entrenched in Tax so why not use it elsewhere in a much wider scenario for health and Social Security, National Security and more.

The use of a multi-purpose identifier facilitates a data-matching process. The ability of a government to compile dossiers of personal information about individuals is already profound.


The current disparate and ad hoc approach increases the risks of the likelihood of poor quality, and inaccurate data held within agencies.

Regulation of multi-purpose identifiers in a world of vested interests and political expediency The Australian Law Reform Commission (ALRC) has expressed views on Australian Government multiple identification schemes, and cards could be said to fall within the definition of ‘identifier’ in the ‘Identifiers’ principle.

If the Australian Treasury (Government) is serious about saving money and achieving efficiencies then it should legislate to effect a common set of principles and technology processes on all APS agencies whilst allowing for privacy impact assessments without cringing every time some critic pops their head up. Additionally APS agencies should be cognizant of the stresses created by onerous benchmarks, and demand for cheap, that make contracts high risk, acrimonious and unsustainable. I contend that the current situation is not best business or public service practice that is possible.

privacy, identifiers, costs

Documents