Australian Government Smart Card Project

Items

  1. Introduction
  2. Access Card Proposal
  3. Formatting of the Report
  4. Overview of the report
  5. Outline of the HSS initiative
  6. Rationale for change
  7. Risk in the Smart Card Project

    See Also

  8. Other Information Technology
  9. Home

Introduction

These are some comments on the Australian Government's access card Health and Social Services project. It may be of use to students of "Information Technology in Electronic Commerce" at the Australian National University (COMP3410/COMP6341) and others. It is not intended as a detailed analysis. Comments, corrections and suggested additions would be welcome.

Access Card Proposal

The Australian Government provided details of a health and social services access card (or "smart card") in the 2006/2007 budget. The project is more formally known as the "Health and Social Services smart card initiative" ("HSS initiative", or colloquially the "smart card project").

The introduction of the new access card will cut some of the red tape involved in obtaining health and social services benefits, whilst delivering a more convenient, efficient and secure system for obtaining Government health and social services benefits.

The inclusion of a digital photograph on the access card will significantly enhance the identity security elements of the card, protecting the cardholder's identity and reducing opportunities for fraud. So if your card is lost or stolen it can't be used by anyone else.

From: Access Card to cut red tape for Health and Social Services, Media Release, Human Services Minister Joe Hockey MP, 9 May 2006

An analysis of the proposal by consultants, was released by the Government on 6 June 2006. The report recommended the project be implemented, starting in 2008 and be use for social services and health benefits.

... 'The access card project will be conducted in an open and transparent manner'.

From: KPMG business case backs health and social services access card, Media Release, Human Services Minister Joe Hockey MP, 6 June 2006

Formatting of the Access Card Report

The report, "KPMG Access Card Business Case" (February 2006), consists of 105 pages, distributed in electronic format as a PDF document. Unfortunately the report was provided in the form of a bitmap image of each page (much like a fax). The text of the report was not provided in a machine-readable format, as is done with other PDF documents on the Department of Human Services web site.

The format of the report limits access. Because of the lack of machine-readable text, the report cannot be found using a web search, the text cannot be searched internally using PDF's built in search mechanisms and excerpts cannot be easily copied from the report for comment. As a result there may be errors in the sections of the reported quoted here, which were transcribed by hand or using optical character recognition.

Because of the lack of machine-readable text, the report is inaccessible to those with limited vision. Providing the report in this way is contrary to the Australian government policy on the use of accessible formats for the disabled, and may breech the Disability Discrimination Act. The requirements for accessible document formatting are well known to web professionals and are discussed in a presentation to the Beijing Olympic 2008 committee.

Overview of the report

The report's authors point out that it is not an audit or a comprehensive review of operations and depends on estimates provided by the Australian Government. The report was prepared for the Minister for Human Services in February 2006.

The report is divided into two volumes:

  1. Business case
  2. Detailed costing

The detailed costing and attachments to the report were deleted before public release, for commercial reasons.

The business case is divided into six parts:

Outline of the HSS initiative

The project aims to change service access arrangements for health benefits and social services:

From: "KPMG Access Card Business Case", KPMG, February 2006

The aim of the initiative is to improve service delivery by better access to services and entitlements, make the system more efficient, easier to use and to lessen fraud. However, it should be noted that the authors were only briefed to carry out an analysis of the one option presented by the Government. They were only asked to make a business case of how well a smart card would work, not to see if there were better alternatives. As an example making payments direct to bank accounts, rather than in cash and the use of the financial system to identify recipients might provide sufficient fraud control, without the need to build a new IT system and saving administrative costs.

The smart card initiative assumes no change to eligibility or entitlement criteria, nor rationalization of the agencies which administer the programs (apart from creating a new agency to administer the smart card). It is assumed that separate agency databases will continue to exist (but with some interconnection for identification information of the smart card) and that the public will continue to need to interact with the different agencies.

As the report points out, the smart card will allow a person to register once, but they will still need to "... continually provide relevant asset, income and family composition information as per the existing policies of DHS agencies". Identification makes up only a small part of the information provided to the agencies. As a result the smart card is unlikely to greatly reduce the burden on the public of having to provide information to the government and will not greatly improve the efficiency of agencies. The report does not investigate other initiatives which could achieve greater savings. As an example improvement to agency web sites and the use of mobile phone technology might reduce the burden on the public while at the same time reducing administrative costs.

Rationale for change

The report lists as key drivers for change:

From: "KPMG Access Card Business Case", KPMG, February 2006

Taking each of these points in turn:

  1. Improving Upfront Access Arrangements: Identification makes up only a small part of access. Therefore, introduction of a smart card will make a minimal difference to the efficiency of access arrangements for health and social services.

  2. Reducing Opportunities for Fraud: Having one Point of Issue (POI) would reduce opportunities for some fraud. However, this will also introduce a single point of failure. Failure of the smart card security would expose the system to a risk of widespread fraud. Increased security could instead be achieved by using existing identification means in the financial and telecommunications industries and strengthening those means. For example, if payments are made to bank accounts, rather than in cash, the risk of fraud is reduced. If a transaction card is used to purchase subsidized medicine, this can be used as part of the identification.

    It should be noted that the mock up of a Government smart card demonstrated by the Minister is one designed for a GSM mobile phone ("The card we had to have? Human Services Minister Joe Hockey", Picture by Edwina Pickles, The Sydney Morning Herald, June 13, 2006). Many already carry a Subscriber Identity Module (SIM) card, issued by their mobile phone carrier. These could be used to help reduce fraud, without the need to build a new infrastructure for issuing cards or reading them.

  3. Coming Changes in Technology: Forecasts of technological change are often wrong. Early adopters pay more and may be left with orphan technology. The Australian Government, along with most of the IT industry, failed to see the development of the Internet in the 1990s, resulting in wasted investment:

    ... In the 1980's and early 1990's significant effort went into developing open systems standards, particularly for interconnecting incompatible systems. Open Systems Interconnection (OSI) development began overseas in 1977. The IESC was given the task of developing the Australian GOSIP (Government Open Systems Interconnection Profile) in 1988 and the policy was promulgated in November 1990. The final version, GOSIP 3, was published in August 1993. By 1995 it was clear that there was a lack of compliance with GOSIP. The Internet standard TCP/IP had become a marketplace reality and GOSIP and open-systems policies were dropped from whole-of-government IT strategies.

    From "Electronic Service Delivery, including Internet Use, by Commonwealth Government Agencies", Australian National Audit Office, 1999

Problems with the current system

The report outlines problems with fragmentation, duplication and inconvenience with the current health and social services delivery.

From: "KPMG Access Card Business Case", KPMG, February 2006

However, these problems have little to do with identification technology, but are due to a lack of coordination between agencies and administrative complexity. They could be solved by rationalization of the administrative processes, without the need for a smart card.

The report asserts that a smart card will meet the requirements of the Australian Government Authentication Framework (AGAF). However, the AGFA includes a checklist for government, to be used in planning and setting up systems that employ e-authentication. The smart card project does not appear to have been assessed against the checklist. Also the report does not consider if the proposed smart card will fit within the Australian Government Smartcard Framework.

The AGAF checklist recommends reusing credentials issued by another party, such as another government agency or a bank, rather than issuing new credentials. This option does not appear to have been assessed seriously by the smart card project, as this was outside its brief.

The Department of Industry Tourism and Resources is undertaking the VANguard project, to provide online validation, authentication and notary services for Federal, State and Local government agencies via a single entry point. It is not clear to what extent the services of VANguard will be used for health and social services.

The report envisages that the smart card could, in future, be used to carry digital keys for the cardholder to 'digitally sign' data. No details are provided how this would provide a benefit over the digital signatures already issued by other government agencies and the private sector. It is claimed that as card readers attached to PCs become available this will allow social service claims to be made on-line. However, some government transactions, such as tax returns are already submitted on-line without using card readers.

Opportunities for fraud

The report's authors were tasked with examining opportunities for fraud in the current health and social services systems and how a smart card might prevent it. Unfortunately this section of the report has not been made public for security reasons. It is therefore not feasible to assess it.

However, the report discusses, in general terms, fraud through identity theft, false claiming of entitlements, failure to notify changes which affect entitlements, and leakage arising from mistakes due to incorrect and outdated data. A series of examples is provided.

From: "KPMG Access Card Business Case", KPMG, February 2006

While these are problems in the existing health and services systems, they do not necessarily point to a smart card as the answer. Addressing some of the points:

  1. leakage losses: Medicare and Centrelink leakage can be detected using Analytics (data mining) techniques on the existing data. The Australian National University and CSIRO have developed techniques to data mine, while respecting the privacy of the records. The Australian Taxation Office is using Australian developed open source Analytics software for fraud discovery.
  2. photographic identification not required: If there is an unacceptable risk in photographic identity not being required to collect a Medicare card, the obvious solution would be to change procedures to require such identification.
  3. claiming at surgery or pharmacist: Procedures could be changed to require the name on the Medicare or a health card to be checked. If the current cards do not provide sufficient authentication, then other forms of identification could be used. This needs only done the first time the person presents to a particular surgery or pharmacy. If more than one person attempts to use the same card at the same place, the fraud is likely to be detected. In addition, if a transaction card is used for payment, then the credit or EFTPOS card provides a means of identification. Doctors and pharmacists have an incentive to check identity for financial transactions, to ensure they are paid. If smart cards are introduced by financial institutions, this would strengthen the identification without the need for a government smart card.
  4. relationship between a cardholder and benefits: No off-line system, including as a smart card, can hold up to date information on benefits the card holder is entitled to. The entitlements can change after the smart card is updated. Therefore, any system relying on an off-line system will be out of date. A cost/benefit risk management strategy must be used to assess how out of date the information can be and still be acceptable. One risk mitigation strategy is to make payments to a bank account. Another approach is to use an on-line system, which does not necessarily require a smart card.

Technology drivers

The report avoids the mistake of driving the whole strategy from a technology imperative. However, some technology drivers are listed as reasons for a smart card approach.

From: "KPMG Access Card Business Case", KPMG, February 2006

Addressing these points:

  1. Smart card technology common place: While most EFTPOS terminals may be smart card compatible, there appear to be few cards issued for them to read. If such cards are in common use by 2007/2008, this may obviate the need for a government smart card. The financial industry smart cards can instead be used for authenticating health and social service recipients.
  2. Move away from magnetic stripe cards: Magnetic stripe cards have a high risk of fraud and failure. However, the financial services industry is using a range of techniques to supplement, rather than replace magnetic stripe cards. One of these is the use of a smart card chip on the magnetic stripe card. Others are lower technology options, such as including a non embossed number printed on the card and offering incentives to merchants to use on-line payment.
  3. wide acceptance of chip card technology in Australia: Mobile phone smart cards do not indicate a wide acceptance by the customer, as many will be unaware of the existence of the card inside the phone. However, the widespread use of these cards offers an alternative form of identification to a government card.
  4. widespread recognition of the need for greater security in public information and processing environments: The need for improved computer security does not imply an acceptance of smart cards. As an example the recent case of an ADF officer leaving a sensitive CD-ROM in a public computer would not be overcome by a smart card. Had the employee instead left their smart card in a public computer, the security lapse could have been far more serious.
  5. state travel and driver licences: The adoption of smart card drivers licences would provide an alternative for identifying health and social security recipients, without the cost of an additional federal smart card. The proposed investment in the federal card could instead be provided to state governments as an incentive to adopt a nationally standardized card.

Risk in the Smart Card Project

It should be noted that the government's proposal is for a smart card project. Therefore, much of the analysis here is of that smart card proposal. Alternative approaches to achieving the projects stated aims are discussed. But the intention is not to propose an overall alternative strategy.

Any strategy needs to address the problems common to any large IT project, as well as those with smart cards. IT projects have a high risk of failure. Standards Australia estimated 50 to 90% of projects go over time, over budget, or fail to meet expectations of productivity or efficiency benefits.

Estimates of project underperformance vary, but it is generally recognized that somewhere between 50 and 90% of projects go over time, over budget, or fail to meet expectations of productivity or efficiency benefits. Part of this standardization process will be to discover the missing elements in existing methodologies as a contribution to global management knowledge.

The magnitude of expenditure, and the rate of 'failure', of information systems projects are staggering. One report found that 75% (US$26.8 billion) of the software budget spent by the US Department of Defense was either never used or cancelled prior to delivery, and a further 23% (US$8.2 billion) could only be used after modification.

From: "Fact Sheet - IT Management and Governance", Standards Australia, Committee IT-030.

Others put the failure rates for IT projects as high as 97%. But then point out such figures miss the point that it is the benefit derived from the effort which is important, rather than a "success/fail" flag.

As ICT has a significant effect on organisational performance and introduces significant financial and operational risks - it is core to good corporate governance. Various studies show that ICT promises are rarely fulfilled - with failure rates as high as 97% being quoted for particular types of projects. This figure is of course sensational. The issue is not how many projects or ideas succeed or fail - but the cost and benefits derived from the effort.

Information and Communication Technology is intrinsic to current business practices and continues to be a driver for change. With effective systems organisations can receive and process customer requests in a timely manner and be paid efficiently. The analysis of Information about the transactions can provide useful information to help organisations improve their business processes.

From: "Governance of ICT", Marghanita da Cruz, Ramin Communications, 2006.

Definitions of failure may range from not delivering on time and budget, to total abandonment of a project.

Failure is defined in terms of the Ewusi-Mensah and Przasnyski (1991) definition of total abandonment, where a project is terminated before full implementation. This definition is consistent with Sauer's (1993) definition of failure where development of an information system ceases, leaving supporters' interests unsatisfied. For the purposes of this study, success is limited to "non-failure" as defined above. Although this definition clearly excludes several known categories of failure and success, it means that failure and success can be objectively declared and is considered to be an acceptable limitation for this study.

From: "Conflict as a Factor in Information Systems Failure", Warne, L., 8th Australasian Conference on Information Systems (ACIS 97), 1997.

However, even allowing a generous definition of success, such as implementation of the system within double the budgeted cost in double the time frame envisaged, the smart card project would appear to have little chance of success. A reasonable estimate of success would be 25%. This is not to suggest the project should not be undertaken, but that the project's sponsor (the Minister) and developers need to acknowledge this is a high risk project and take steps to minimize the risk.

Projects risks can be lessened through formal project management processes. As an example the Australian Department of Defence Project Wedgetail.

... One of the country's largest and most software-intensive projects, known as Project Wedgetail, recently received a Practical Software and Systems Measurements (PSM) award in Colorado, United States.

The Department of Defence received the award at the international Seventh Annual PSM Users Conference for outstanding efforts in implementing PSM into a complex and diverse environment - Project Wedgetail's Airborne Early Warning and Control System (AEW&C). ...

From: "DEFENCE'S AIRBORNE EARLY WARNING AND CONTROL SOFTWARE RECEIVES INTERNATIONAL RECOGNITION", Defence, PACC 317/03 Tuesday, 4 November 2003

Apart from formal project development techniques, risk can be reduced by limiting the scope of a project. As an example, the smart card project envisages a number of uses of the card beyond the core of identification for health and social services. While these extra uses might be useful in gaining support for the concept, they complicate the project and increase the risk of failure.

One use proposed for the smart card is the storage of patient records. This is a "safety critical" application, where failure of the system could result in death or serious injury. It requires more stringent development techniques, which will result in higher costs for the system. It also exposes the developers, consultants, testers and their sponsors, including the Minister, to criminal prosecution if the system fails. It may be best to drop this use from the requirements.

Web page by