Cabinet has mandated that government departments must get Cabinet-level approval before investing in identity-verification technologies.
According to minutes of Cabinet Budget discussions released last week, senior government ministers agreed that “no department should make an investment in its own identity-verification capability, outside of the Identity Verification Service, even if funded from within baselines or depreciation, without first consulting the State Services Commission and Treasury, and seeking Cabinet approval”.
The decision was made for a number of reasons, says a spokesman for State Services Minister Annette King.
“Ministers want to ensure that where all-of-government capability exists, this capability is used, rather than agencies duplicating investment across government,” says the spokesman.
He says that both the financial and non-financial benefits of the Identity Verification Service (IVS) will be realised more quickly because take-up across government will be faster.
“The State Services Commission has been leading policy and implementation work on government authentication since 2002. This is a complex area of work and the SSC has developed the policy expertise and technical knowledge to best manage this issue for the government,” says the spokesman.
“Without consistent and high-quality authentication, the government will not achieve its transformational goals,” he says.
This is not the first time such high-level approval has been mandated. A 2001 Cabinet decision ordered that any major IT-enabled investment of significant cost to government would first require direct Cabinet approval.
The model will be applied on a case-by-case basis, the spokesman says, where the government can benefit from all-of-government capability.
A spokeswoman for Cisco Systems said that the SSC’s network is a Cisco network and that it has authentication capabilities.
“In terms of other identity verification systems, I don’t think it precludes anybody from playing,” she says.
Computerworld also contacted Tony Krzyzewski, of authentication solutions provider Kaon Technologies, for a comment, but he declined because of a “confidentiality agreement”.
The Identity Verification Service, which won $9 million in funding over two year in last month’s Budget, will allow external users to verify their identity when dealing with agencies online in real-time, says the SSC.
The system will use two-factor authentication, which requires at least two authentication form factors, such as a password in combination with either a physical device or biometric authentication. IVS is being built to accommodate whatever second-factor identification system finds market acceptance.