Just over a week ago, I upgraded my three-year-old iPhone to a shiny new model. It was a pretty smooth experience until I went to use the myGovID app so that I could, as you might expect, log into myGov.
While I anticipated that it might be necessary to reauthenticate myself/phone to the app, I never dreamed I’d need to also redo my biometric, scan my passport and enter my Medicare card number. This was hardly the user-centered experience I was led to believe was to be the future.
Not so much the promise of “set up once and use it again and again”, and more like “set up again and again…”.
The myGovID is the digital identity that is the key to the portal that is myGov. It will progressively take the place of the myGov account sign-in using username and password. However, the experience of having to reverify my identity to my iPhone was just my most recent of several examples of myGov failing to meet one of its most basic criteria – that being ease of use.
As it happened, this occurred only 24 hours after the announcement by Bill Shorten that David Thodey would lead a “user audit” to help “unlock the potential of myGov to turn it into a world-class citizen centric service that supports citizens throughout their life-course.”
A user centred review of how the federal government enables its citizens to interact online seems way overdue.
Some might suggest that being “world-class” is aspirational, but what might surprise many is that for the last decade Australia has been ranked in the top 10 of countries in the world on the UN’s well regarded biennial eGovernment Survey for digital service delivery. So, while there’s certainly some work to do, it’s not an unreasonable target.
Unfortunately, given what I believe are the fundamental challenges facing the government in improving myGov, the review’s narrow terms of reference, together with some recent comments attributed to the review’s chair, I doubt that the review will provide the sort of guidance or advice we truly need to improve citizen’s myGov experience.
“The truth is Services Australia has done a lot of work in this area. I think we’ll just look at what they’ve done and see if we can take the best-in-class out of that,” Mr Thodey told the Sydney Morning Herald when the review was announced.
Many of myGov’s shortcomings can be traced back to the failure by the DTO/DTA to implement the program in a manner consistent with the vision originally espoused by the Reliance Framework. This framework was endorsed in 2011-12 by the then Labor government and represented the basis for subsequent decisions to adopt the myGov model and to invest significantly in establishing and operating it.
Under the framework, myGov was expected to deliver improved online service delivery for citizens, including a single digital credential. This was to be supported by a governance framework, standardised business processes, and common standards.
As documented in the ANAO’s audit of the program conducted in 2016, good progress was being made. However, that was until later that year, when the DTO became “responsible for myGov service strategy, policy and user experience including: any changes to the current myGov service capabilities that related to policy objectives or user needs; and the on-boarding of new member services.”
Unfortunately, by this stage DTO was no longer recognised by agencies as having the expertise or capability to perform this role and, in part, this led to the establishment of the DTA, which was given far greater direct authority to influence agency policy, programs and business processes.
For various reasons that go beyond the scope of this note, the DTA failed dismally to leverage this authority or to put in place any effective governance structure to support myGov’s advancement. Hence, Services Australia now takes the lead here.
In 2015, when I was at Gartner, I produced a research note on government portals. It included a number of observations and made several recommendations, but perhaps the most critical ones relevant to myGov today were that:
- the choice of online credential used by the portal is critical and importantly, that a “good online credential is necessary but not sufficient to ensure portal success. It won’t guarantee success but a poor one will ensure failure.”
- any whole-of-government portal should “enable multiagency service integration, the transformation of business processes and a transition to digital government”; and
- the government must understand that “portal success is dependent on citizen centricity, policy and business process redesign, together with engaged leadership, appropriate governance and the authority to simplify and consolidate policy”.
Firstly, as the research showed even then, you cannot separate the matter of having a simple, reliable, and secure digital credential from that of enabling an effective and user-friendly digital service. These are interdependent, and the latter simply will not deliver the benefits expected without the former.
A digital credential without an application that makes use of its various levels of confidence or identity proofing (IP) levels, is a waste of effort and money.
Which reminds me, based on the little detail that’s been shared, the investment by the federal government on the Trusted Digital Identity Framework (TDIF) along with GovPass, myGovID and the Digital ID Beta program components, in total is approaching half a billion dollars.
Let that sink in for a moment.
While the ATO’s use of myGovID to replace the failing AUSkey credential (used by businesses), has arguably been a success, the same cannot be said for Services Australia’s approach to using it for citizens.
In particular, the implementation at the IP3 level is simply not fit for this purpose and broad adoption will only be achieved through compromise or some clever changes to definitions.
Overall, its difficult to see how a case could be made that the level of investment by the government on the TDIF program has delivered Value For Money. Then again, that should probably come as no surprise really, given the recent ANAO audit report on DTA’s approach to procurement.
Secondly, one of the critical design criteria for any government portal that acts as a platform to integrate services provided by multiple independent agencies, must be the need to ensure a common user interface and experience. This is especially true for users as they move virtually across agency boundaries.
Citizens do not understand, and should not need to know about, the complexity of how programs and policies are divvied up between agencies. They also should not experience differing or inconsistent approaches to how web pages are rendered or navigated. And yet, myGov fails this. Try this most simple of exercises:
- Log on to myGov
- Assuming you have them linked, go to your Centrelink, Medicare and ATO accounts and then exit back to the myGov landing page from each of these
- Note how each agency has its own way of rendering and displaying information – they are in no way consistent
- Even the experience of returning to the myGov landing page from each of these is handled differently.
No wonder users find navigating the site complex. Of course, as you move within each of these agency sites, the extent of UI creativity grows.
Fundamentally this demonstrates an emphasis on agency centricity rather than citizen centricity and this is made all the more evident by being able to so quickly compare the differing schemas, how pages are rendered, and the program specific terminology and acronyms used.
Now let’s say you want to find out something about your superannuation – perhaps you wanted to check the value of your superannuation transfer balance cap. Most citizens will simply not be aware that this can be found via the ATO link – since superannuation is managed by the ATO.
And they are not alone. Several attempts to use the myGov Digital Assistant – searching for variations on the words and terms – only resulted in being told by the Digital Assistant that it was “still learning about this” and was unable to offer any advice beyond suggesting that it could search the web. It never suggested that I look at the ATO page. So, Google to the rescue?
DTA’s Digital Service Standard requires that government sites are accessible. Specifically, this means that web sites must comply with the Web Content Accessibility Guidelines (WCAG), are able to be used by disabled citizens, older people, users located in remote communities and by those that may struggle with using digital services.
In relation to myGov, Services Australia states that it “aims to meet WCAG V 2.1 AA” and that it is continually making updates to myGov so it meets this level of compliance. Notwithstanding its legal obligation in this area, it certainly doesn’t now. The only Assistive Technologies it references are those that relate to supporting the visually disabled.
The chief executive of the Centre for Digital Business, Marie Johnson, describes myGov as the most discriminatory of government digital services for people with disability, people from CALD backgrounds, Indigenous people, and people who live in remote areas affected by limited connectivity.
The fundamental challenge with myGov is not technology or investing another $100 million. myGov is trying but failing to hide the complexity inherent in government policy and programs, it continues to exhibit the desire of agencies to retain control of these and to do it their way, and they suffer from having to deal with the pace, or urgency of change being imposed on them.
As put by Gartner’s 2015 report Government Portals Are Evolving to Enable Digital Government, “Governments should not see portals as a panacea. They will not (and cannot) replace the need for better program and policy design, and they can only partially overcome complexity in administration.”
There seems to be little evidence that there is the political will for this type of change, let alone any bureaucratic acceptance of these issues.
While I’m sure the review will make some useful suggestions about improving the UI and UX, I doubt it has the capacity to get to the core issues holding myGov back from the original vision.
Glenn Archer is a Visiting Fellow at the ANU and former Australian Government CIO and head of AGIMO.
Do you know more? Contact James Riley via Email.
Now is the time to mandate biometrically verified digital identities, which incorporate critical privacy-by-design and privacy preserving elements.
MyGovID is not fit for purpose as reusable digital identity. It is still way too buggy, fails basic ID document scanning and doesn’t have basic functionality that is required, such as deleting documents, viewing selfie and understanding Identity Proofing Levels. The 80+ government services that the Digital Identity Legislation and subsequent System it will legislate require richer reusable digital identity options for Australians.
The Optus breach although not good for millions of Australians, will hopefully be catalyst for change.
Huge honeypots of stored Personally identifiable information is no longer required if reusable, secure, Trusted Digital Identity Framework (TDIF) accredited digital identities are used by corporations to verify their customers.
The Australian Commonwealth needs to move quickly to:
1/ Pass the Commonwealth Digital Identity Legislation (https://lnkd.in/gDaDRR6t) as quickly as possible – its been dragging on for too long.
2/ Launch the much anticipated Digital Identity System (https://lnkd.in/g5hWXyWq) – to ensure a national digital identity framework is operational to allow thousands of rely parties and other reusable wallets such as Australia Post’s DigitalID, the NSW Department of Customer Service ServiceNSW wallet, the Yoti Digital ID Wallet, the Mastercard ID wallet and the ConnectID reusable identity hub to remove the data honeypots and eradicate the hackers.
3/ Align regulations for “identity heavy” sector agencies (such as AUSTRAC) to recognise and mandate the use of digital identities to proof and verify individuals/customers across all industry types including banking, financial services, wagering, crypto, superannuation, casinos, remittance providers and others (https://lnkd.in/ghEzzYYt).
4/ Increase the funding of the Digital Transformation Agency to ensure more TDIF accreditations can be completed by identity providers with reusable digital identity wallets. This needs to be ubiquitous, not just the domain of the state and federal governments.
David, as Panel Chair, it would be good to see you connect the dots for not only the MyGov portal, but the entire digital identity strategy that has been slowed to a snails pace due to political jockeying, budgetary constraints and glacial execution.
Let’s bring Australia into the 21st century, we are seriously and sadly lacking compared to many other countries.
Best
Darren
Despite being a computer professional, I have limited my interactions with myGov to the bare minimum. Perhaps it was because after 19 years working on government IT (and another 20 teaching the people who do it), I know the limitations better than most.
My experience is that myGov works, sort of, after numerous attempts. But these limitations are perhaps more in the manual systems it is trying to improve. As an example, I could not link my medicare account to myGov, until I changed my name with Medicare. This is because decades ago, when I signed up with Medicare, I used the common version of my name, not what is on my birth certificate. No one worried about this over the decades, only when linking to myGov. We need our systems to either be strict about details from the start, or understand reality is not so black and white.
Signing up for ID with ASIC as a company director was weirdly like a dystopian scifi story. I was asked an almost endless series of questions, and then had to position my ID to be scanned just right. Hopefully that is it, and I do not have to do that again, or do I?
Thanks for your comments – we are going to try to help move myGov forward and all recommendations and comments are welcome. I am sure that we will have to make some compromises – but this is such an important service for all Australians we are going to try to make some sensible and affordable recommendations. Personally, I think myGov has improved significantly in the last 18 months – however, I think we all agree that it can improve. I applaud the Minister for initiating the audit and Service Australia and the other Government Departments for their support and engagement to help make sure we make this a productive review over the next 11 weeks. All comments and thoughts are welcomed. – David Thodey (Panel Chair)
Dear David, I believe this isn’t your field and that you come without the necessary knowledge, experience or foundations. How could you “try” to help move myGov forward … (or) …”try” to make some sensible and affordable recommendations. Sir, that’s not something that you are trained for. Perhaps I’m wrong, and you come from a government service delivery, digital platform, information management, portal architecture, software development or application lifecycle background (your LinkedIn entry shows that you studied anthropology). Please update readers. Without prejudice, I believe that the Chair was probably chosen because of brand recognition rather than subject matter knowledge. The predictable failure of such a choice is obvious to those with genuine expertise. Please consider your position. Best regards. Digital Koolaid
Authentication needs to be decentralised and device independent to protect users. Sites are changing continually devices become obsolete, get broken, stolen, bricked, compromised and spoofed. We have had a valid device independent alternative decentralised authentication service available for the entire life of MyGov and have written to every level of Government over this time on a continual basis to support Australian development. This technology is Australian designed and owned however we have been ignored to the benefit of foreign controlled multinational corporations who are getting a grossly unfair financial advantage through their market domination to our detriment. The only thing that has happened is that we have been attacked by the leading proponents within Government that benefit from controlling authentication for their benefit above the requirements if users it is a National disgrace. All the while Australian users continue to be exposed to horrendous privacy breaches as demonstrated by the Optus debacle this week, that are of the Governments making ultimately because of the legislative demands it places on the private sector to collect and maintain records about users. Authentication for authorisation does not require the accumulation of personal data to occur on wide area networks (internet) in fact using personal information as has been shown in the Optus breach (and many others) actually exposes users to greater risk of identity theft. It is certain that until such time as effective authentication routines that we have designed and patented for the benefit of Australia are implements the community will continue to be at risk.
Totally agree, this technology has been around for a long time now, but corporate greed supplants user needs here. A lot of money to be made now days in destroying user privacy – for scammers and corporates alike.
Hi Loius. Say it loudly and say it often. The hypocrisy is stunning. All the talk about Australian innovation and sovereign capability by the APS and their political masters is rubbish. The only way I can see to stop this is to risk shouting it on every occasion, at every event, in every publication and in the comments that follow. Good news that InnovationAus allows your comment so that readers understand the corruption of APS decision making. The DTA has been up to the gills in this and the ANAO has exposed their non-compliance with the rules and standards they claim to observe. Good comment and please keep it up. Regards.