The Australian National Audit Office (ANAO) could be taking a closer look at the country’s digital identity system in the coming year. The ANAO has slated the myGovID system for review in the past, though it has yet to perform a full audit of the rapidly expanding service.
Much of that likely has to do with basic resource limitations. The myGovID audit is one of 85 that could be on the docket for 2022 and 2023, and many of those others are equally critical components of Australia’s civic infrastructure. For example, the ANAO is considering a review of the My Health Record system, as well a review of the country’s cybersecurity posture. In that regard, the auditor has previously noted that only two of the 19 agencies evaluated in the past were compliant with Australia’s Protective Service Policy Framework (PSPF) in 2022.
As it stands, Australia has dumped more than $600 million into its digital identity program since 2015. That tally includes more than $300 million in the past two years alone, after the government set aside another $161 million in funding in 2021 to keep the project going until 2024. The proposed audit would review the implementation of the digital identity system, and evaluate its design and its overall utility for Australian citizens.
The ANAO will also try to get a better sense of how the government’s money is being spent. To do so, it will look into the role that stakeholders like the Digital Transformation Office have played in the creation of the system. Australia has been trying to extend myGovID service to the states and the private sector, but has not yet managed to pass the legislation that would be needed to support that expansion.
The Australian Taxation Office is one of the other agencies in the ANAO’s sights. The ANAO noted that the ATO has access to extremely sensitive information that could cause problems if exposed in a data breach. The ATO currently uses myGovID, and has partnered with iProov to add another layer of liveness detection to the platform.