Several shortcomings in the Attorney–General’s Department’s (AGD) management of the National Identity Security Strategy (NISS), including a failure to implement widespread use of the national Document Verification Service (nDVS), have been highlighted in a report released by the Australian National Audit Office (ANAO).
The implementation of the NISS by the AGD, which has lead responsibility for coordinating the development of the strategy, has been both limited and not in alignment with the original intention of the strategy according to the report released 21 April.
The $24.8 million nDVS, a system that provides a means of checking information within identification documents against the records of the document issuing agency, was called out for extended criticism. The report states that “the project is still resolving practical implication issues and is rarely used”.
According to the report, key shortcomings of the nDVS are that it is of limited use, suffers times outs against other agency systems due to poor response times and has a high error rate.
“As at February 2010, many key identified issuer agencies were still not connected to the nDVS," the report states.
“Progress in implementing the elements of the NISS by the parties to the IGA (Intergovernmental Agreement), as originally intended, has been limited,” it also states.
“A range of activities tied to the six NISS elements has been undertaken which, in many cases, does not align with the original intended outcomes.”
The report also criticises the inaccuracy of the personal identification documents, attributes and information used throughout Australian agencies.
“The current patchwork of identity–related credentials are of variable quality and accuracy, which exposes government, business and individuals to a variety of risks from not being able to verify a person is who they claim to be,” states the report in its overall conclusion.
The principal shortcomings of the nDVS identified during the audit include:
- The report states: “Use of the nDVS has been very limited to date and well below expectations. On average there have been less than ten transactions per day. This stands in contrast to the nDVS project scope that estimated that when in operation, the nDVS should be able to handle up to one million transactions per day.”;
- Use of nDVS to date has largely been for testing or pilot programs by user agencies. The pilots have not been translated into widespread adoption due to some of the issues encountered, including a high rate of documents incorrectly returning ‘not verified’ due to data errors and timing issues; and
- The report states that; “there would be benefit in AGD systematically reviewing, with key potential users, the barriers to system uptake and formulate remedial strategies accordingly. These strategies may include changes to the nDVS, assisting with changes to user’s systems and work practices, or considering the future of the nDVS itself.”
Lack of timely responses
- The delivery of timely and accurate responses has been an ongoing issue for the nDVS, with current response times longer than desirable;
- While the majority of transactions are less than 20 seconds, from the available data in the last three months of nDVS transactions (July–September 2009), 25 per cent of transactions were longer than 20 seconds; and
- Potential user agencies have advised the ANAO that the roll out of the nDVS is likely to be limited until the system is developed with a maximum response time of 10 seconds. There are also issues relating to system design with external systems. Some agencies have a time out after 15 seconds due to factors including customer service requirements, causing the transaction being not progressed when the response time is greater than 15 seconds, but within the 20 second timeframe.
- The nDVS has been operational since October 2007. Throughout this time, the nDVS has produced a combination of ‘Yes’, ‘No’ and ‘Error’ responses. 38 per cent of all responses have been false negatives and ‘Error’ responses;
- Testing of the false negatives responses has identified that these are attributable to (i) user errors (incorrect data entry) or (ii) data errors (inconsistencies between details recorded on the document and the electronic record held by the agency); and
- The AGD has worked with some agencies in searching protocols to remedy some of the data errors, although the broad issue of data errors continue to cause error responses.
In an effort to address the issues faced by the AGD in implementing the NISS, a review of the Intergovernmental Agreement that underpins the Strategy (the NISS IGA) will commence from April 2010. As well as this review, the ANAO included three recommendations aimed at improving AGD’s coordination of the NISS:
- That the AGD, in consultation with the National Identity Security Coordination Group (NISCG), formalise the specific responsibilities of key agencies of the NISS.
- To more closely align the deliverables of the six NISS elements to the NISS objective, that the AGD, in consultation with the NISCG, assess the current objectives and appropriateness of the six NISS elements.
- To improve program effectiveness, the AGD should adopt a structured planning approach for all elements of the NISS, against which progress and achievement can be measured and reported.
The complete Attorney–General's Department Arrangements for the National Identity Security Strategy report can be accessed here.