State governments and industry groups have questioned plans to introduce a charging framework for the federal government’s decentralised digital identity scheme, arguing that costs will create a barrier to entry for small players.
The proposed model would see “relying parties” such as companies or government agencies charged for using the Govpass system to verify the identity information of individuals before providing a service.
It is intended to help ensure the future viability of the system which – alongside the overarching trusted digital identity framework – has already cost the government more than $200 million over five years.
The framework – which is expected to be embedded in planned legislation – would be set by the Digital Transformation Agency and Services Australia, though consultation with stakeholders is still ongoing.
“A single charge will cover all participants’ activities, including the Oversight Authority’s activities where appropriate,” the DTA said in a consultation paper on the proposed legislation.
“They may include, for example, the activities an identity provider undertakes to create a digital identity.”
But two states and territories with some of Australia’s smallest populations, as well as handful of industry groups and businesses, have raised concerns with plans to commercialise the system, including the lack of information in the consultation paper.
“The feedback from the consultation proved that there was not enough information in the consultation paper to form an approach or model that could inform a charging framework and that further consultation on this is needed,” the DTA said in a summary [pdf] of the consultation process.
Tasmania’s Digital Services Board, which oversees the state’s digital transformation, in its submission [pdf] said the “cost of using the system” was one of several issues that pose “a significant barrier to entry”.
Other barriers include the “administrative or legal burden associated with becoming accredited, participating in the system and meeting any liability obligations (should they arise)”.
It has suggested that the federal government “fund the core digital identity ecosystem”, keep state government charges “minimal” and provide incentives for private sector adoption such as a free tier.
“The Tasmanian government needs to have a clear understanding of the financial implications of any usage fees that it will be charged, as well as its obligations in term of any redress or penalties in the instances of misuse,” the board said.
The NT government said having the charging model set and administered by an oversight authority presented a “scenario where cost efficiency is not incentivised and charges for relying parties are very likely to increase”.
“Relying parties have no influence on the charging regime and limited options to withdraw (relying parties will be largely ‘locked-in’ to a single supplier mode with the oversight authority),” its submission states [pdf].
However, the NT government also said that the national system would “remove the need to establish and maintain [its] own identity systems” and provide “cost efficiencies for relying parties”, though this could change and leave “relying parties exposed to higher ongoing costs”.
“The charging framework needs to be set having regard to the flow-on costs to relying parties and the potential for cost increases as usage grows with higher transaction volumes and more services digitised,” the NT government said.
“The proposed charging framework should be premised on a focus of maximising benefits to users and the economy and incentivising usage, with relying parties involved in setting charges, strict rules and public justification for any increase in charges.
“The NT government requires clarification and further details in relation to the proposed charging framework.”
The Office of the Victorian Information Commissioner (OVIC) also warned against a “model that relies on commercialising the digital identity system or seeks to create a market for digital identity”, like the UK government’s GOV.UK Verity program has done.
“The key policy drivers for the digital identity system should be to provide efficient and economical access to government and private sector services and transactions, and a reduction in fraud and identity theft,” OVIC’s submission [pdf] states.
“These policy outcomes may be impacted if commercialising the digital identity system and seeking to involve multiple identity providers is prioritised.”
The Australian Business Software Industry Association (ABSIA) considers the proposed framework a barrier to entry, particularly for smaller players, sentiment that was shared by the Australian Communications Consumer Action Network (ACCAN).
“We understand that the current approach involves the costs being too high for some players to reasonably participate,” ABSIA said in its submission [pdf].
“The charging framework needs to be feasible for small players to reasonably participate.”
ABSIA has recommended a “tiered charging framework that takes into account usage to make these costs fair and more accessible to smaller developers”.
“This would enable micro, small business and startups to access these services at a lower fee structure when compared to larger businesses.”
Telstra has recommended that the DTA consider aligning the charging framework with “the level of assurance required by the relying party, and volume of the consuming organisation”.
However, the telco is broadly in support of a charging framework, which it said [pdf] “will be important to the sustainability and utilisation of the digital identity system”.
The Commonwealth Bank similarly “supports implementing a charge model that recognises the significant costs required to provide digital identity services”.
“A charge model will encourage innovation among various industry participants and underpin the viability of future digital identity systems,” its submission [pdf] states.
But it has called for additional detail on the plans, including why it won’t recover costs relating to system design and build, and wants a “high-level of transparency for how future charges will be set”.
“A failure to clearly communicate how a charge model will operate could have a chilling effect of private sector investment, potentially stifling the development of private sector solutions in the digital identity space and restricting choice for consumers,” CBA said.
Melbourne-based cyber security firm VeroGuard Systems described the model as “presenting insurmountable challenges” in its submission [pdf], with the “transaction-based model… impossible to budget for as the volume of requests are unpredictable”.