Chapter 11

Fragments of the Real Me: National identity in New Zealand

Richard Williams

Governments have invested hundreds of millions of dollars undertaking digital transformation, creating shared public sector information and communications technology (ICT) services based on expectations of improved customer service and cost reduction. Unfortunately, the promised benefits have often failed to materialise (Chesterman 2013; Hillier 2019; Walter 2009).

Identity is a critical function for effective shared service provision, particularly for high value transactions. Business leaders, supported by ICT professionals, need to ensure services are provided to the right people, with the right permissions, at the right time. Inadequate identity solutions have led to privacy and security breaches internationally where millions of accounts have been exploited, leading to new legislation like the European Union General Data Protection Regulation (GDPR) and Privacy Act 2020, which have increased control over data for individuals and resulted in increased compliance overheads and penalties (Houser & Voss 2018; Jackson 2019).

Nationally New Zealand has a fragmented approach to identity. In the November 2019 Strategy for a Digital Public Service the Minister of Government Digital Services stated, ‘our public service is already trusted and highly regarded as a global leader in digital government’ (Department of Internal Affairs 2019, p. 2), although ‘foundations that could better support New Zealanders in dealing with government, such as digital identity and informed consent tracking, are patchy or not present’ (Department of Internal Affairs 2019, p. 17). The COVID-19 pandemic, and in particular the need to track and trace the spread of the coronavirus, has brought the importance of effective identity services for New Zealand to the fore.

This chapter presents a history of national identity services in New Zealand, highlighting important changes, performance and future identity challenges. This incorporates the views of over 20 professionals involved in the governance of national identity solutions in New Zealand, and an in-depth review of academic and government literature to identify common identity challenges and opportunities for future information service provision (Williams 2020).

Shared services

Identity services are a critical component for effective provision of shared services to the right people, at the right time. Requiring a person to provide proof of identity to access services has been in place for centuries — e.g. passports or bank accounts. The methods used to prove identity to gain access can occur through various channels including digital, telephone, postal or physical access (Gronlund 2010).

Governments have commonly issued authorised forms of citizen identity to provide access to services, secure borders and show proof of ability to operate motor vehicles or own firearms (Eaton, Hedman & Medaglia 2017; Lips, Taylor & Organ 2009). Government issued identity documents are valuable, making them targets for fraud.

Traditional paper-based identity services were time consuming, inaccurate and expensive to maintain (Sullivan & Burger 2019). Countries need to identify citizens and to manage entitlement to services. Information systems holding information about citizens, particularly those used to manage entitlements, require up-to-date information about individuals (Lips & Pang 2008; Polanski 2015). The introduction of new technologies, including the internet, enabled digitisation of national identity solutions (Melin, Axelsson & Soderstrom 2016).

Since the 1990s governments have increasingly promoted digital channels to improve services to customers and reduce costs (Maude 2013; Stalla-Bourdillon, Pearce & Tsakalakis 2018). These digital channels have required countries to rethink information sharing, privacy and security implications (Göransson 2018; Lips & Pang 2008). A centralised identity service provides access to multiple services removing the requirement for multiple digital identities, usernames and passwords (Kubicek 2010). Providing identity credentials to access multiple client services increases security and privacy exposure. Service providers need to ensure proper use and sharing of information as well as ensuring no unauthorised access occurs (Collings 2008, Lips et al 2009).

Internationally governments have attempted to deliver electronic identity services as part of digital service programmes (Eaton et al 2017, Göransson 2018; Melin 2016). These services are commonly delivered alongside traditional channels to provide cheaper and more citizen-focused services, improved data access, and joined up services. There have been mixed results, ranging from reported successes like Estonia where identity has been used to enable a digital ecosystem, Scandinavian countries where they have explored different partnering relationships with banks to increase adoption, and large scale reported failures like the United Kingdom (Eaton et al 2017; Hillier 2019; Vassil 2015). What these international examples show is that providing digital identity is challenging, particularly as personal information must be kept up-to-date, and people need to have a reason to use the service which increases the likelihood of keeping information current. This has led to a focus upon getting service providers and citizens to adopt national identity services, with a warning that failure can be costly in both financial and reputational terms.

New Zealand’s national identity service

The New Zealand national electronic identity service has been provided as part of wider all-of-government programmes. From 1999 to 2009 the service was provided by the State Services Commission (SSC) to government agency clients who provided services to citizens. From 2009 to the present day the service and wider programme have been provided through the Department of Internal Affairs (DIA).

In the 1980s and 1990s New Zealand’s public sector governance changed from a centrally controlled bureaucracy to a contract-based system with increased agency authority and autonomy (Halligan 2007; Pollitt 2017). New Zealand undertook a large change programme with aggressive timeframes introducing private sector methods to improve public sector performance (Stoker 2006). These changes were considered the most radical and complete public reform of any developed country (Chapman & Duncan 2007). Agency chief executives were provided increased decision-making ability (Baehler 2003; Jensen 2003), through delegated authority and autonomy to manage their agencies thereby reducing SSC functions (Chapman & Duncan 2007; Newberry & Pallot 2003).

In the late 1990s SSC investigated public sector shared services, initially identifying candidates where ‘a shared services approach may be more efficient’ (Gill & MacCormack 1999, p. 7). Following this investigation SSC developed and published their e-government vision to guide public sector ICT direction in May 2000 (State Services Commission 2006b). The e-government programme was approved by the Executive in July 2000 to deliver the vision of better managing investment on information and communications technology and offering more accessible public services (State Services Commission 2001).

Work continued on the e-government programme identifying new shared services resulting in revision of the e-government strategy by SSC and Executive ratification in June 2003 (State Services Commission 2003). The Executive agreed to deliver shared identity and network services. An authentication programme was established to deliver the initial identity service, the Government Logon Service (GLS). A programme was also established for a Government Shared Network (GSN) (State Services Commission 2003). The Executive passed the Public Finance Bill empowering the Commissioner to deliver shared services across the public sector, and to set the expectation agencies would use these services (Chapman & Duncan 2007; Prebble 2005).

Major public sector ICT project failures, most notably the police system INCIS, resulted in public sector ICT project guidelines in 2001 (Gauld 2006; State Services Commission & Treasury 2001). As a result of the INCIS inquiry, the ‘State Services Commission and Treasury were required to monitor IT projects to provide second opinion assurance to Ministers’ (State Services Commission 2001, p. 55). This meant SSC was empowered to deliver a major programme of sector ICT change as well as monitoring major ICT projects.

In March 2005 SSC proposed an Identity Verification Service (IVS) using the existing DIA identity framework (State Services Commission 2005), which the Executive approved (State Services Commission 2005).

SSC completed GLS development in 2006, creating a single login for multiple systems without exchanging identity data between clients. SSC promoted GLS as improving ease of use, security and convenience for customers, affordable access to high quality authentication services for clients and significant cost savings for the Executive (State Services Commission 2006a).

A memorandum of understanding between SSC and the Privacy Commissioner enabled privacy commission staff to participate in service design and perform privacy impact assessments (Parliament 2007; State Services Commission 2006a). Several third-party security reviews were also conducted. The unstated intention was for privacy and security reviews to be undertaken for each subsequent release, indicating an ongoing commitment to privacy and security (State Services Commission 2006a).

The steering committee approved the Authentication Programme business case to roll out GLS and undertake collaborative IVS design with DIA. Business case and funding were approved in June 2006 by the Executive who ‘agreed that no department should make an investment in its own identity verification capability, outside of the Identity Verification Service, even if funded from within baselines or depreciation, without first consulting SSC and the Treasury and seeking Cabinet approval’ (State Services Commission 2007).

By 30 June 2006 GLS was reported as built, tested and ready for client integration (State Services Commission 2006a). Operational issues delayed the Authentication Programme requiring Executive approval to transfer $672,000 to 2006/7 potentially delaying service release (State Services Commission 2006a).

On 31 March 2007 GLS was integrated with SSC’s shared workspace service. The shared workspace was ‘a collection of over 150 individual collaboration workspaces being accessed 5000 times each month by State servants, vendor staff and other members’ (State Services Commission 2007, p. 53). SSC reported that testing had been successfully performed, however, users complained it added an additional login for no real value (Williams 2020).

GLS was reported to Cabinet as successfully tested and implemented within the agreed scope, quality and budget on 18 July 2007. However, implementation took longer than expected, requiring Executive approval to carry forward funding to 2007/8 (State Services Commission 2007).

The Executive instructed the public service and parts of the state sector to use the identity service, including the government login and IVS, for authentication (State Services Commission 2007). Later the Executive directed crown agents to use authentication shared services (Parliament 2008).

The Commissioner believed the Executive had provided him a mandate to compel client adoption. He introduced the Development Goals for the State Services to reinforce this mandate (State Services Commission 2007). Having the Commissioner lead the e-government programme, direct sector goals and oversee monitoring of ICT programmes appears to have blurred the lines of accountability.

SSC produced the New Zealand E-Government 2007 report presenting their vision and promoting success to date as ‘the beginnings of a paradigm shift in how agencies conduct their business. Both the GLS and GSN have been built and are in operation, and agency uptake is gaining momentum’ (State Services Commission 2008b, p. 79). The report was positive about the future, however, elsewhere there were performance concerns. SSC failed to meet performance targets in 2007/8 and 2008/9 (State Services Commission 2008a, 2009). The identity service failed to deliver business case benefits, creating reputational risk for the Commissioner arising from increased Executive scrutiny.

GSN was worse, as performance was ‘well short of expectations and the projected gap between expenditure and revenue, at some $700,000 per month, was not financially sustainable … on 3 February 2009 the GSN project would be discontinued and participating agencies would be moved to a new provider in the private sector’ (Walter 2009, p. 11).

Publicly aired infighting occurred between strategic and implementation functions. The implementation arm, called Government Technology Services (GTS), was critical of governance arrangements stating, ‘government ICT projects, both locally and internationally, had failed because of the absence of a solid strategy and effective governance.’ The Government CIO (GCIO) countered arguing public sector system ‘savings weren’t reflected in the cost of the project. It was losing half-a-million dollars a month but was saving much more across government. Yet, in a narrow accounting concept, it was a failure’ (Pullar-Strecker & McEntee 2009, p. 1).

As noted above, the State Services Commissioner owned the identity service and believed he had ‘the power to direct other agencies. He was looking for an opportunity to use that power. He issued the direction to the whole public service they had to use shared services’. This directive led to client resistance rather than willingness to collaborate (Williams 2020, p. 197).

Clients criticised the provider for driving adoption without understanding their needs or making adoption easier. Clients feared reliance on a third-party identity service built on technology that was rapidly becoming obsolete. They did not trust the provider and were concerned about losing autonomy or the ability to make decisions to support the delivery of client outcomes. As a result, clients continued to play the waiting game holding off creation of digital services to avoid integration, meaning the provider failed to meet adoption targets, leading to the conclusion the e-Government Unit had failed. SSC’s apparent failure as provider was viewed as particularly embarrassing given SSC’s system-wide responsibility for advising agencies how to run major projects (State Services Commission 2011; State Services Commission & Treasury 2000, 2001). The State Services Commissioner panicked and reacted to shift the risk of failure, moving shared services to the Department of Internal Affairs (Williams 2020).

On 7 October 2010, the Internal Affairs Minister announced, ‘functions of the Government Chief Information Officer would transfer to the Chief Executive of the Department of Internal Affairs’ (Duncan 2010, p. 1). SSC retained their ICT project monitoring function (State Services Commission 2011).

To increase adoption GCIO requested a strengthened executive mandate to show ‘we have consulted enough, now we use the stick’ (Williams 2020, p. 200). This echoed the SSC directive approach to adoption, which ran contrary to client sentiment and previous research into the use of mandates in the New Zealand public sector (May 1993; May & Burby 1996). On 22 September 2010, the Executive directed public service adoption through the Cabinet Economic Growth and Infrastructure Committee (Cabinet Office 2010a). If client services required authentication the identity service had to be used. Any client wishing to opt out, or taking action to undermine the programme, would be reported to the Expenditure Control Committee (Brownlee 2010). Yet clients still actively avoided creating services using the identity service (Williams 2020).

Monitoring major ICT projects changed to monitoring major projects and was undertaken by the State Services Commission, which is interesting as they were monitoring ICT programmes when the e-Government programme failed. SSC replaced the 2001 guidelines with Guidance for Monitoring Major Projects and Programmes in 2011, which incorporated the gateway review process (State Services Commission 2011). Public service departments were directed to follow the guidance by Cabinet.

GCIO struggled to meet identity service performance targets (Department of Internal Affairs 2010). The 2010 target was 250,000 customer logons but little over 50,000 were delivered. After the failure, the targets for 2011 and 2012 were decreased from 250,000 to a range of 100,000 to 250,000. The service exceeded this range but still fell short of the original target, indicating that the shifting of goalposts was occurring. In 2013 the service surpassed both old and new figures with the rate almost trebling. The annual report attributed most of the increase (around 300,000) to the introduction of the StudyLink service used by students to apply for funding (Department of Internal Affairs 2011, 2012, 2013a).

GCIO’s vision was an identity service as a one-stop-shop for electronic identity verification, which was enhanced by offering the identity service to private sector clients through legislative reform and partnership with New Zealand Post. The partnership was intended to maximise efficiencies for the Executive and increase customer and client adoption. New Zealand Post would provide an address service that could integrate with the identity service enabling sharing of address information with clients for customer approved services (Department of Internal Affairs 2011).

The Electronic Identity Verification Act (2012) and Identity Information Confirmation Act (2012) were passed on 18 December 2012, enabling private sector adoption. The intent was for more clients to integrate services with the identity service to increase customer adoption. Private sector clients were invited to join in a controlled fashion, whereas the public sector was directed to join (Parliament 2014, p. 3).

The Executive built on legislative reforms by endorsing the Better Public Services (BPS) programme. In March 2012, the Prime Minister announced ten results expected as part of BPS. Result 10 was designed to improve customer interactions with government as shown in the Result 10 outcome, ‘New Zealanders can complete their transactions with government easily in a digital environment’ and Result 10 target ‘by 2017 an average of 70% of New Zealanders’ most common transactions with government will be completed in a digital environment’ (Department of Internal Affairs 2014b, p. 6).

In 2013 the GCIO released the ICT Strategy and Action Plan 2017 which set new public sector and identity service targets (Department of Internal Affairs 2013b). The strategy was a response to the Executive’s Directions and Priorities for Government ICT (Cabinet Office 2010b), and SSC’s Better Public Services programme (State Services Commission 2018), promoting a ‘culture of collaborative leadership and operation’ through collaborative cross-sector governance arrangements (Department of Internal Affairs 2013b, p. 24). The strategy was overseen by Cabinet committee with a planned review in 2015 ‘to ensure it remains relevant and incorporates emerging technologies and practices’ (Dunne 2015, p. 1). The Executive used the 2017 strategy to charge the Government Chief Information Officer, who was also the chief executive at DIA, with leading the all-of-government ICT transformation to provide system-wide assurance, delivery of integrated online services and business savings of $100 million dollars per year by 2017 (Department of Internal Affairs 2013b).

DIA was appointed lead agency for Result 10, accountable for delivering 70 per cent of common transactions digitally by 2017 (Department of Internal Affairs 2012, p10). In January 2013, a Digital Service Council was established with representatives from participating clients, to oversee the Result 10 programme and champion change across the public sector (Department of Internal Affairs 2014b). The identity service was identified as contributing to the delivery of Result 10 and was rebranded RealMe with the new brand launched on 1 July 2013 (Department of Internal Affairs 2013a).

Public service chief executives were directed to ‘secure GCIO agreement to their strategic ICT plans and investment intentions’ (Cabinet Office 2012, p. 3). In December 2013, the Executive directed crown agents to gain approval from the GCIO before finalising or implementing ICT strategic plans or investment decisions. This direction enforced the GCIO’s mandate for leadership of government ICT (Parliament 2014) providing coverage across ‘60 public sector agencies and district health boards’ (Dunne 2017a, p. 2). Although the directive reinforced the GCIO mandate it did not provide the GCIO with a mandate across the state services, or even across all crown agents.

GCIO led a Service Innovation Group (SIG) overseeing eight group members who were clients participating in delivery of Result 10 (Department of Internal Affairs 2015). The SIG developed the Result 10 Blueprint which was explicitly linked to the identity service through Blueprint Action 5, ‘Adopt RealMe and deliver integrated digital services’ (Department of Internal Affairs 2014b, p. 42). GCIO believed increased adoption of RealMe would ‘drive uptake of digital transactions by promoting trust and confidence in transacting digitally’ (Department of Internal Affairs 2014b, p. 43). The push began to increase private sector client adoption (Department of Internal Affairs 2014a).

The previous focus on New Zealand citizens as customers changed to ‘include all individuals who are customers, or potential customers, of New Zealand government services’ (Department of Internal Affairs 2014b, p. 13). Customers were able to adopt two identity services, a RealMe login and a RealMe verified account. The RealMe verified account allowed customers to securely release verified information about themselves, like identity and address, to clients to prove who they are or where they live. The RealMe verified account required a customer to first prove who they are, by providing an approved form of identity and having their photograph taken at a participating New Zealand PostShop (Department of Internal Affairs 2014a).

Progress was presented against the Result 10 target for 2017, although interim targets were only presented once in the 2015/16 annual report where the service had reached 50.7 per cent, which was close to the interim target of at least 53 per cent, and the GCIO believed results were ‘on-track to support achievement of the Result 10 target’ (Department of Internal Affairs 2016, p. 139).

In 2015 the Executive moved project guidance and monitoring to Treasury (2017). GCIO was named a functional leader, which appears significant as it placed GCIO under the authority of the State Services Commissioner (Cabinet Office 2015), signalling a shift as the ICT Strategy and Action Plan did not mention the GCIO relationship with SSC. The Executive approved a refresh of the strategy and action plan. The performance target for Result 10 remained unchanged. The service continued to be overseen by Cabinet committee and sector programme assurance (Dunne 2015).

The identity service had a reputation as not user-friendly and expensive, contributing to client resistance. Government agencies were hesitant to adopt, even with the Cabinet mandate, meaning performance targets were not met. Common reasons for non-adoption included cost and difficulty integrating with the identity service, and the limited identity functionality provided. Even agencies involved in the SIG charged with delivering Result 10 did not adopt the service, saying one thing in meetings and doing another in practice, which became known as the curse of the smiling faces (Williams 2020, p. 172).

Positive aspects of the identity service were identified, particularly privacy and using the service to enable citizen centred life events (Williams 2020). The service was recognised as privacy enhancing with the award of the Privacy Trust Mark by the Office of the Privacy Commissioner (Department of Internal Affairs 2018). GCIO began releasing customer services leveraging the security and privacy provided by the identity service including connecting a group of online services around a customer life event. Connecting these services through a single identity made it easier to ensure the right people could access services they were entitled to, when they needed access. The identity service made it possible for customers to agree to have their information shared between related agencies, thereby connecting services. These two factors contributed to collaboration with the education sector which provided students the ability to apply for integrated student services across agencies, which saw the large adoption increase in 2013. Other life event services included integrated birth (SmartStart) and death (End of Life) services which required the identity service to gain access (Department of Internal Affairs 2018).

The GCIO name changed to Government Chief Digital Officer (GCDO), who changed tack again proposing moving from service provision to an identity framework. This was met with client scepticism and observations GCDO was working in isolation, reflecting previous failed attempts to deliver the identity service in New Zealand and internationally. The right noises were seen to be made but there was a lack of follow through (Williams 2020).

The Executive reviewed results to March 2017 and announced Result 10 performance targets were on track to ‘be met by the end of 2017’ (Dunne 2017b, p. 1). Performance targets were refreshed for another four years so ‘by 2021, 80% of the transactions for the 20 most common public services will be completed digitally’ (Dunne 2017b, p. 6). Although new targets were set the Executive was not advised which services would be included in the 20 most common services to be measured (Dunne 2017b). This was done in the absence of a new ICT Strategy to replace the Strategy and Action Plan. By June 2018, the GCDO still had not reached the 70 per cent target set for Result 10 (Department of Internal Affairs 2018).

Recent developments

Reviewing government documents and exploring views of professionals involved in governing the national identity service highlighted potential benefits and challenges. As found in international cases governance was problematic. Experts involved in identity service governance saw it as like a project or software delivery lifecycle. This approach was criticised as contributing to service failure as the governance focus was on the next technical deliverable rather than focussing upon the needs of clients or customers. These assertions are supported in recent literature critical of programme management as an approach for delivering public sector digital transformation and by professionals involved in the governance of digital services who found prioritising technical project deliverables reduced the focus on delivering citizen centric outcomes and transformation (Hodgson, Fred, Bailey & Hall 2019; Lofgren & Allen 2019). The consistent failure to meet targets, and subsequent shifting of goalposts through changed performance metrics raises questions about the success of the national identity service (Williams 2020).

The Minister of Government Digital Services comment in the Strategy for a Digital Public Service ‘digital identity and informed consent tracking, are patchy or not present’ appears to be an admission the national identity service has failed to live up to expectations, although he also stated New Zealand is a world leader in digital government (Department of Internal Affairs 2019, p. 17). Taken together these statements appear inconsistent when evaluated against the requirement for digital services to provide improved citizen services through the right people accessing the right services when they need to access them.

Exploring the history of the identity service in a wider digital public sector context highlighted further inconsistencies. The previous all-of-government digital strategy was published in 2013, with an update in 2015 which ran until 2017. The Strategy for a Digital Public Service was agreed with the Executive and published in November 2019. This points to a situation where there was essentially no approved strategy for two years. In the absence of a strategy identity service targets were refreshed to 2021, with the new target 80 per cent of transactions completed online, however, at the time they had not specified which services would be measured.

The strategy for a digital public service is planned to be delivered through several programme parts which are expected to help ‘achieve the vision of a Unified modern, Agile and adaptive public service’ (Department of Internal Affairs 2021). As of April 2021, the strategy programme has two Digital Identity parts in the programme of work. The first is producing a digital trust framework which is an ongoing piece of work following approval in July 2020 (Faafoi 2020). The second part is enabling the development of new approaches to digital identity, which is an activity the programme reports as ‘yet to be started’ (Department of Internal Affairs 2021).

Analysis of expert views of the New Zealand identity service, supported by international examples and academic literature, led to identification of governance as contributing to the failure of services to enable digital transformation. The programme to deliver the digital strategy has identified a governance framework work stream which will ‘determine the digital strategy governance, partnership and implementation model’. However, yet again this work stream is yet ‘to be started.’ Similarly, research has found that architecture is required to design the changes required to deliver digital services within a wider ecosystem, which has been identified as critical for delivery. The programme has two architecture work streams, both of which are yet ‘to be started’ (Department of Internal Affairs 2021).

In the meantime, while the work stream ‘enabling the development of new approaches to digital identity’ was waiting ‘to be started’, the COVID-19 pandemic struck. By late 2020 the New Zealand COVID tracking application was set up and had over 2 million users. The application had a dependency upon the user’s telephone number and email address, rather than a validated, privacy enhancing identity service. At this time the national identity service, RealMe, had around 750,000 validated users and appears to have missed an opportunity to increase adoption by failing to integrate with the COVID application. The COVID application could have been a prime candidate to kick start the work stream developing new approaches to digital identity, however, over a year after the COVID pandemic struck this programme work stream remains yet to be started.

The COVID application could have benefited from integration with a speci­fically designed, privacy enhancing, identity service that enabled customer agreed information sharing. Patients could have used the identity service to approve information sharing with other health service agencies electronically, treating COVID as a life event; potentially improving treatment and the national response to the pandemic. This may have helped position New Zealand as a leader in digital government, overcoming privacy issues identified in almost all COVID tracer applications investigated internationally (Sun et al 2020).


Despite 20 years since inception, and over 14 years in production, the existing national identity service has consistently failed to deliver integrated client services, most recently when required for the COVID pandemic.

Drawing back, the past 20 years can be viewed through three time periods based on changes to the provider and sector ICT strategies. The first occurred where SSC was provider, the second where DIA was GCIO and implemented the strategy to 2017, and the third period was post 2017 to the present date. All three stages gained Ministerial or Executive empowerment and attempted to use a mandate to compel agencies, as clients, to adopt the identity service. This appears to have run contrary to the autonomy provided to public sector agencies through the legislative reforms of the 1980s and 1990s, it also shows a pattern of tensions between centralised control and agency autonomy stretching back at least 40 years.

Additional tensions emerged between governance layers. These tensions were not only observed between the provider of the identity service and clients. Tensions emerged between the strategy and implementation arms of the provider, between Executive and the provider, and between the provider and central agencies who set public sector strategic direction, particularly the State Services Commission. Although numerous governance changes have been made, there has been a continued failure to meet performance targets, or the broader strategic goals.

The 2019 digital strategy and associated programme are intended to promote a modern, agile, adaptive public service, however, in the 18 months since the digital strategy was published the programme had not started key governance or architecture parts of the programme, nor the development of new approaches to digital identity that could have been used to integrate with the COVID tracking service. This inability to integrate services across the public sector for the good of New Zealanders reinforces the historical inability to effectively deliver national identity services that cost effectively provide the right people with convenient access to services they are entitled to, when they need access.

This raises the question, what is next for RealMe and national identity services in New Zealand?

Dr Richard Williams is the Chief Information Officer at Massey University. Richard is a lifelong learner and leader with a passion for developing people through experience, education and research. He has successfully led the development and delivery of innovative, cost-effective digital services aligned to the needs of customers in the education, health, transport and defence sectors. Richard has extensive experience leading teams to develop strategic direction and has successfully managed programmes delivering cost effective information technology services aligned to organisational, system and stakeholder needs. As an experienced CIO and senior manager he has successfully transformed teams into high performing units and enjoys developing and enabling people to succeed and grow. Building on his professional experience Richard recently completed his doctorate where he developed a digital transformation toolkit for effective governance, strategic planning, implementation and assurance of information services that enable outcome delivery.


Baehler, K (2003). Managing for Outcomes: Accountability and Thrust. Australian Journal of Public Administration, 62(4), 23–34.

Brownlee, G (2010). Government Procurement Reform. Wellington, NZ: Parliament

Cabinet Office (2010a). Directions and Priorities for Government ICT — EGI Min (10) 23/2. Wellington, NZ: Author

—— (2010b). Directions and Priorities for Government ICT — EGI Min (10) 35/5A. Wellington, NZ: Author

—— (2012). Implementing The Functional Leadership Of Government ICT. Wellington, NZ: Author Retrieved from

—— (2015). Investment Management and Asset Performance in the State Services. Wellington, NZ: Author Retrieved from

Chapman, J & Duncan, G (2007). Is there now a new ‘New Zealand Model’? Public Management Review, 9(1), 1–25.

Chesterman, RH (2013). Queensland Health Payroll System Commission of Inquiry. Queensland: Queensland Government

Collings, T (2008). Some thoughts on the underlying logic and process underpinning Electronic Identity (e-ID). Information Security Technical Report, 13(2), 61–70.

Department of Internal Affairs (2010). Annual Report 2009–10. Wellington, NZ: Author

—— (2011). Annual Report 2010–11. Wellington, NZ: Author

—— (2012). Annual Report 2011–12. Wellington, NZ: Author

—— (2013a). Annual Report 2012–13. Wellington, NZ: Author

—— (2013b). New Zealand Government ICT Strategy and Action Plan to 2017. Wellington, NZ: Author

—— (2014a). Annual Report 2013–14. Wellington, NZ: Author

—— (2014b). Result 10 Blueprint. Wellington, NZ: Author

—— (2015). Service Innovation Group Terms of Reference. Wellington, NZ: Author

—— (2016). Annual Report 2015–16. Wellington, NZ: Author

—— (2018). 2017/18 Annual Report Wellington, NZ: Author

—— (2019). Strategy for a Digital Public Service. Wellington, NZ: Author

—— (2021). Programme of Work. Wellington, NZ: Department of Internal Affairs. Retrieved from

Duncan, A (2010). Internal Affairs to lead ICT for government. Wellington, NZ: DIA. Retrieved from!OpenDocument

Dunne, P (2015). Review of the Government ICT Strategy. Wellington, NZ: Cabinet Office

—— (2017a). ICT Functional Leadership: Progress Report April 2016 to September 2017. Wellington, NZ: Cabinet Office

—— (2017b). ICT Functional Leadership: Progress Report October 2016 to March 2017. Wellington, NZ: Cabinet Office

Eaton, B, Hedman, J & Medaglia, R (2017). Three different ways to skin a cat: Financialization in the emergence of national e-ID solutions. Journal of Information Technology, 33(1), 70–83.

Electronic Identity Verification Act No 123 (2012). Retrieved from

Faafoi, K (2020). Proactive Release Progressing Digital Identity: Establishing a Trust Framework Cabinet Paper. Wellington, NZ: NZ Government. Retrieved from$file/Combined-Digital-Identity-Proactive-Release.pdf

Gauld, R & Goldfinch, S (2006). Dangerous Enthusiasms. Otago, NZ: Otago University Press

Gill, D & MacCormack, J (1999). Working paper: Shared Service Centres. Wellington, NZ: State Services Commission

Göransson, A (2018). Electronic Identification as an Enabling or Obstructive force: The general public’s use and reflections on the Swedish e-ID. Linnaeus University, Sweden.

Gronlund, A (2010). Electronic identity management in Sweden: governance of a market approach. Identity in the Information Society, 3(1), 195–211.

Halligan, J (2007). Reintegrating Government in Third Generation Reforms of Australia and New Zealand. Public Policy and Administration, 22(2), 217–238.

Hillier, M (2019). Accessing public services through the Government’s Verify digital system. London, UK: House of Commons

Hodgson, D, Fred, M, Bailey, S & Hall, P (Eds.) (2019). The Projectification of the Public Sector. London, UK: Taylor and Francis Ltd

Houser, K & Voss, W (2018). GDPR: The End of Google And Facebook or a New Paradigm in Data Privacy? Richmond Journal of Law & Technology, 25(1), 1–109.

Identity Information Confirmation Act No 124 (2012). Retrieved from

Jackson, O (2019). GDPR: Google fine could lead to corporate structure changes. International Financial Law Review, 1–3.

Jensen, G (2003). Zen and the Art of Budget Management: The New Zealand Treasury. In L Jensen, J de Vries & J Wanna (Eds.), Controlling Public Expenditure The Changing Roles of Central Budget Agencies — Better Guardians? Cheltenham, UK: Edward Elgar Publications

Kubicek, H (2010). Introduction: conceptual framework and research design for a comparative analysis of national eID Management Systems in selected European countries. Identity in the Information Society, 3(1), 5–26.

Lips, M & Pang, C (2008). Identity Management in Information Age Government: Exploring Concepts, Definitions, Approaches and Solutions. Victoria University of Wellington. Wellington, NZ.

Lips, M, Taylor, JA & Organ, J (2009). Managing Citizen Identity Information in E-Government Service Relationships in the UK. Public Management Review, 11(6), 833–856.

Lofgren, K & Allen, B (2019). In and Out of Amber. In D Hodgson, M Fred, S Bailey & P Hall (Eds.), The Projectification of the Public Sector (pp. 95–111). London, UK: Taylor and Francis Ltd

Maude, F (2013). Government Digital Strategy: December 2013. London, UK: Cabinet Office

May, P (1993). Mandate Design and Implementation: Enhancing Implementation Efforts and Shaping Regulatory Styles. Journal of Policy Analysis and Management, 12(4), 634–663.

May, P & Burby, R (1996). Coercive Versus Cooperative Policies: Comparing Intergovernmental Mandate Performance. Journal of Policy Analysis and Management, 15(2), 171–201.

Melin, U, Axelsson, K & Soderstrom, F (2016). Managing the development of e-ID in a public e-service context: Challenges and path dependencies from a life-cycle perspective. Transforming Government: People, Process and Policy, 10(1), 72–98.

Newberry, S & Pallot, J (2003). Fiscal (ir)responsibility: privileging PPP’s in New Zealand. Accounting, Auditing & Accountability Journal, 16(3), 467–492.

Parliament (2007). Vote State Services. Wellington, NZ: Author

—— (2008). Whole of Government Direction Regarding All-Of-Government Shared Authentication Services. New Zealand Gazette(141), 3844–3845. Retrieved from

—— (2014). Directions to support a whole of government approach, given by the Minister of State Services and the Minister of Finance under section 107 of the Crown Entities Act 2004. Wellington, NZ: Author Retrieved from

Polanski, PP (2015). Towards the single digital market for e-identification and trust services. Computer Law & Security Review: The International Journal of Technology Law and Practice, 31(6), 773–781.

Pollitt, C (2017). Public management reform : a comparative analysis : into the age of austerity (Fourth edition. ed.). Oxford, UK: Oxford University Press

Prebble, M (2005). Briefing for the Minister of State Services. Wellington, NZ: State Services Commision Retrieved from

Pullar-Strecker, T & McEntee, C (2009). Screws stay on public sector. Dominion Post. Retrieved from

Stalla-Bourdillon, S, Pearce, H & Tsakalakis, N (2018). The GDPR: A game changer for electronic identification schemes? The case study of Gov.UK Verify. Computer Law & Security Review, 34(4), 784–805.

State Services Commission (2001). Annual Report of the State Services Commission 2001. Wellington, NZ: Author

—— (2003). Annual Report of the State Services Commission 2003. Wellington, NZ: Author

—— (2005). Annual Report of the State Services Commission 2005. Wellington, NZ: Author

—— (2006a). Annual Report of the State Services Commission 2006. Wellington, NZ: Author

—— (2006b). Enabling Transformation: A strategy for e-government 2006. Wellington, NZ: Author

—— (2007). Annual Report of the State Services Commission 2007. Wellington, NZ: Author

—— (2008a). Annual Report 2008. Wellington, NZ: Author

—— (2008b). New Zealand E-Government 2007: Progress Towards Transformation. Wellington, NZ: Author

—— (2009). State Services Commission Annual Report 2009. Wellington, NZ: Author

—— (2011). Guidance for monitoring major projects and programmes. Wellington, NZ: Author. Retrieved from

—— (2018). Better Public Services 2012–2017. Retrieved from

State Services Commission & Treasury (2000). The Chief Executive Accountability Framework and Budget Process as they Relate to Information Technology Projects. Wellington: Author

State Services Commission & Treasury (2001). Guidelines for Managing and Monitoring Major IT Projects. Wellington: Author

Stoker, G (2006). Public Value Management: A New Narrative for Networked Governance? The American Review of Public Administration, 36, 41–57.

Sullivan, C & Burger, E (2019). Blockchain, Digital Identity, E-government. In R Beck & H Treiblmaier (Eds.), Business Transformation through Blockchain (pp. 233–258). Cham, Switzerland: Springer

Sun, R, Wang, W, Xue, M, Tyson, G, Camtepe, S & Ranasinghe, DC (2020). An Empirical Assessment of Global COVID-19 Contact Tracing Applications.

Treasury (2017). Managing Benefits from Projects and Programmes: Guide for Practitioners. Wellington, NZ: Author

Vassil, K (2015). Estonian e-Government Ecosystem Foundation, applications, outcomes. University of Tartu. Tartu, Estonia.

Walter, N (2009). The Walter Report. Wellington, NZ: State Services Commission Retrieved from

Williams, RJ (2020). Surmounting Boundaries: Closing The Governance Gap Governance Arrangements In Public Sector ICT Shared Services (DGovt). Victoria University, Wellington, NZ.