Taylor-Price told iTWire in an interview that Govpass was one of the most sensitive systems outside defence and intelligence that the government has had to run because it would be a single repository of all of the information of all Australians, "an incredibly sensitive dataset".
The system is intended to allow Australians to be able to prove their identity to government services online. According to the Digital Transformation Agency, "Users will be able to prove themselves by having an accredited organisation vouch for them, such as a government agency, or in the future, even their own bank."
One would need to provide personal details to establish a Govpass ID; after this is set up, most of the personal data will be deleted. The government allocated $92.4 million in the recent Federal Budget to see the project through to completion.
|
Given the fact that a move to set up a national identity card many years ago was as popular as having stones for breakfast, Taylor-Price said the DTA had consulted privacy groups before starting out.
"The DTA did an industry-wide consultation where they approached all of the privacy groups and they also got an external consultant to come in and assess the privacy impact that this would have," he said.
Rupert Taylor-Price: "...we're trying to support government in the move to open source and open standards."
As the Australia Card was not very well received, he said what was needed was to find a way to meet the security and privacy to a level which with the Australian public was comfortable.
Taylor-Price said there were many facets to how this was managed "including an opt-in system, how they manage the data within that system and using a cloud system like ours, which is entirely Australian-owned and located within the Australian legal jurisdiction. It has been certified by the Australian Signals Directorate and meets a whole range of security requirements."
Vault Systems is one of four Australian providers to have the coveted Protected status from the ASD for its cloud offering, the other three being Macquarie Government, Sliced Tech and Dimension Data. Microsoft was certified as the fifth provider recently.
"For an individual citizen, their identity is the most sensitive data that the government holds," said Taylor-Price who started Vault Systems some six years ago. "If they are working with the Department of Human Services that information is very sensitive as it could include medical records, psychological assessments, criminal history.
"Citizens don't choose the data that government comes to hold, it is picked up by compliance programs and brought into government.
"So we decided to build multiple clouds at the different security classifications, but all to the same high security standards. What we've done with Govpass is an example of the type of systems with which our entire business was built."
Taylor-Price, who has worked in government for 12 years, said Vault Systems was more involved in "the automation, the cloud technology, the delivery of the actual infrastructure and environment that sits behind that".
He said the DTA, along with the Australian tax Office and the Department of Human Services would run Govpass.
"What Govpass has done is quite unique, they have looked at how they can work with industry as well so the same ID information can be used for interaction with commercial entities," he said.
The DTA was trying to reduce the amount of vendor lock-in in government services, and that suited Vault Systems as it had always worked with open standards. Its cloud is built on the open source OpenStack platform and security is baked in.
"Government has a strong history of working with proprietary vendors and essentially getting locked in," Taylor-Price pointed out. "They think they embark on a project at a certain cost point and then, because they are in a proprietary environment, they lose the flexibility of being able to move within that environment.
"That's when you get the contract variations, you hear of costs being many times the initial budget (and) a lot of that comes down to proprietary and vendor lock-in. So there has been a big movement within government to move towards open source."
He said the DTA had a digital service standard and specification seven on that required open source and open standards. "It was a recommendation that went to government under (current Minister for Law Enforcement and Cyber Security) Angus Taylor last year to try and mandate the use of open standards across government.
"But, of course, there are a lot of competing financial interests that want as many proprietary systems within government as possible and we're trying to support government in the move to open source and open standards."
He said Vault Systems had a very different ethos and agenda to proprietary organisations.
"Microsoft is a partner of Vault Systems, we run many Microsoft workloads on top of our open source and open standards platforms. Because the base system is open source and [conforms to] open standards doesn't rule out running proprietary loads on top.
"We think it is important that the base infrastructure, the cloud layer conforms to open standards. The further down the stack you have open standards, the more flexibility you have. That would give government the freedom to move between providers."
Asked about the security of the set-up, Taylor-Price was quietly confident, but avoided any hype.
"[There are] always risks, no system is perfect," he said. "We have built in all system requirements natively into the base platform. All security components have been re-engineered at their source to natively meet the government requirements. I'm very sure this is the most secure platform the government has to host systems on."