23 April 2010

Identity verification lemon

The Australian National Audit Office (ANAO), now concentrating on process improvement rather than catching officials who borrow from the public cashbox, has released an 80 page appraisal [PDF] of the Attorney-General's Department Arrangements for the National Identity Security Strategy.

Perhaps not too surprisingly (at least for observers such as myself who question some of the more extravagant expressions of faith in biometric silver bullets and real-time identity verification by computer networks) the ANAO finds that a major component of the 2005 National Identity Security Strategy (NISS) isn't quite working as planned. Indeed, there has been a "significant underspend" because some agencies are having trouble getting the NISS national Document Verification Service (nDVS) to work, with concerns over timeliness, accuracy and "glitches".

The nDVS, announced with much ballyhoo in 2006, is a computer network linking federal and state/territory agencies responsible for key identity documents such as birth certificates, passports and drivers' licences (eg the state Births, Deaths & Marriages registries). The expectation is that it will be used to check the veracity of documents presented by people as proof of identity when applying for services or benefits at a wide range of agencies. It reflects agreement that -
Australia has a system of diverse personal identification credentials, issued for primarily operational purposes, which are routinely used by Australian Government agencies, business and individuals as de–facto identity documents. The current patchwork of identity–related credentials are of variable quality and accuracy, which exposes government, business and individuals to a variety of risks from not being able to verify a person is who they claim to be.
Since coming into operation in October 2007, the service has reportedly been used an average of only 10 times per day to check documents presented at participating agencies, although built to handle 250,000 requests a day.

Over its first two years in operation, the service had reportedly not identified a single fraudulent document. 38% of its responses had been errors, including false negatives where a document could not be verified even though it was genuine.

Most damningly, the ANAO comments that -
The one budget funded element of the NISS, the nDVS, has been built and a range of document issuing agencies have been connected to the system, albeit more slowly than expected. However, the system is rarely used and presently, it is making little contribution to the NISS objective of strengthening Australia’s personal identification processes. The passage of time and the lessons learned from the NISS related activities indicate that it is appropriate to revisit the rationale for, and appropriateness of, the NISS and its specific elements in a structured way by AGD and the NISCG.
Reinforcing that comment, the report goes on to state that -
Widespread use relies upon the nDVS being connected to the agencies that issue documents used in establishing one’s identity. Further uptake will, in part, be determined by the convenience, speed and reliability of the nDVS, when compared to other means of document verification. Notwithstanding a prototype Document Verification Service funded in 2005–06 and over two years of implementation of the nDVS, the project has presented significant problems for user acceptance and, consequently, it is rarely used. While AGD has had some recent success is getting more agencies connected to the nDVS, this has not translated into increased use. Remedial strategies for the nDVS may include changes to the nDVS, assisting with changes to user’s systems and work practices, or considering the future of the nDVS itself. The current, very limited, use of the nDVS indicates that it is unlikely in the immediate future that use of the nDVS will significantly contribute to strengthening Australia’s personal identification processes.