Daily Bulletin


The Conversation

  • Written by Dr Patrick Scolyer-Gray, Research Fellow, Cyber Security, Deakin University

The Australian government’s Digital Transformation Agency (DTA) has spent more than A$200 million over the past five years developing a National Digital ID platform. If successful, the project could streamline commerce, resolve bureaucratic quagmires, and improve national security.

The emerging results of the project may give the Australian public cause for concern.

Two mobile apps built on the DTA’s Trusted Digital Identification Framework (TDIF) have recently been released to consumers. The apps, myGovID and Digital ID, were developed by the Australian Taxation Office (ATO) and Australia Post, respectively.

Both apps were released without fanfare or glossy marketing campaigns to entice users. This is in keeping with more than five years of stealthy administrative decision-making and policy development in the National Digital ID project.

Now, it seems, we are set to hear more about it. An existing digital identity scheme for businesses called AUSkey will be retired and replaced with the new National Digital ID in March, and the DTA has recently put out a contract for a “Digital Identity Communication and Engagement Strategy”.

The DTA’s renewed investment in public communications is a welcome change of pace, but instead of top-down decision-making, why not try consultation and conversation?

We fear what we don’t understand

Ever since the Hawke government’s ill-fated Australia Card proposal in the 1980s, Australians have consistently viewed national identification schemes with contempt. Some have suggested that the DTA’s silence comes from fear of a backlash.

History provides insight into some, but not all, of the numerous potential reasons for the DTA’s strategic opacity.

For example, people do not respond positively to what they do not understand. Surveys suggest that fewer than one in four Australians have a strong understanding of digital identification.

The National Digital ID project was launched more than five years ago. Why hasn’t the public become familiar with these technologies?

What is the TDIF?

Australia's National Digital ID is here, but the government's not talking about it Part of an overview of the TDIF available on the DTA website. Trusted Digital Identity Framework (TDIF)™: 02 - Overview © Commonwealth of Australia (Digital Transformation Agency) 2019., CC BY

The TDIF is what’s known as a federated digital identification system. This means it relies on multiple organisations called Identity Providers, who act as central repositories for identification.

In essence, you identify yourself to the Identity Provider, which then vouches for you to third parties in much the same way you might use a Google or Facebook account to log in to a news website.

The difference in this case is that Identity Providers will control, store and manage all user information – which is likely to include birth certificates, marriage certificates, tax returns, medical histories, and perhaps eventually biometrics and behavioural information too.

Read more: 94% of Australians do not read all privacy policies that apply to them – and that’s rational behaviour

There are currently two government organisations offering Identity Service Providers: the Australian Tax Office (ATO) and Australia Post. By their nature, Identity Providers consolidate information in one place and risk becoming a single point of failure. This exposes users to harms associated with the possibility of stolen or compromised personal information.

Another weakness of the TDIF is that it doesn’t allow for releasing only partial information about a person. For example, people might be willing to share practically all their personal information with a large bank.

However, few will voluntarily disclose such a large amount of personal information indiscriminately – and the TDIF doesn’t give the option to control what is disclosed.

Securing sovereignty over identity

It might have been reasonable to keep the National Digital ID project quiet when it launched, but a lot has changed in the past five years.

For example, some localities in Canada and Switzerland, faced with similar challenges, chose an alternative to the federated model for their Digital ID systems. Instead, they used the principles of what is called Self Sovereign Identity (SSI).

Self-sovereign systems offer the same functions and capabilities as the DTA’s federated system. And they do so without funnelling users through government-controlled Identity Providers.

Instead, self-sovereign systems let users create, manage and use multiple discrete digital identities. Each identity can be tailored to its function, with different attributes attached according to necessity.

Authentication systems like this offer control over the disclosure of personal information. This is a feature that may considerably enhance the privacy, security and usability of digital identification.

Moving forward

Based on the idea of giving control to users, self-sovereign digital identification puts its users ahead of any institution, organisation or state. Incorporating elements from the self-sovereign approach might make the Australian system more appealing by addressing public concerns.

And self-sovereign identity is just one example of many technologies already available to the DTA. The possibilities are vast.

However, those possibilities can only be explored if the DTA starts engaging directly with the general public, industry and academia. Keeping Australia’s Digital National ID scheme cloaked will only increase negative sentiment towards digital identity schemes.

Read more: Why aren't more people using the My Health Record?

Even if self-sovereign identity proved appealing to the public, there would still be plenty of need for dialogue. For example, people would need to enrol into the identification program by physically visiting a white-listed facility (such as a post office). That alone poses several technological, economic, social and political challenges.

Regardless of the direction Australia takes for the Digital National ID, there will be problems that need to be solved – and these will require dialogue and transparency.

Government and other organisations may not support a self-sovereign identity initiative, as it would give them less information about and administrative control over their constituents or clients.

Nonetheless, the implementation of a national identity scheme by stealth will only give the Australian public good reason for outrage, and it might culminate in intensified and unwanted scrutiny.

To prevent this from occurring, the DTA’s project needs to be brought out of hiding. It is only with transparency and a dialogue open to all Australians that the public’s concerns can be addressed in full.

Authors: Dr Patrick Scolyer-Gray, Research Fellow, Cyber Security, Deakin University

Read more http://theconversation.com/australias-national-digital-id-is-here-but-the-governments-not-talking-about-it-130200

Writers Wanted

Hippocrates and willow bark? What you know about the history of aspirin is probably wrong

arrow_forward

My best worst film: She's The Man – Amanda Bynes shines in a hilarious commentary on gender

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Prime Minister Interview with Kieran Gilbert, Sky News

KIERAN GILBERT: Kieran Gilbert here with you and the Prime Minister joins me. Prime Minister, thanks so much for your time.  PRIME MINISTER: G'day Kieran.  GILBERT: An assumption a vaccine is ...

Daily Bulletin - avatar Daily Bulletin

Did BLM Really Change the US Police Work?

The Black Lives Matter (BLM) movement has proven that the power of the state rests in the hands of the people it governs. Following the death of 46-year-old black American George Floyd in a case of ...

a Guest Writer - avatar a Guest Writer

Scott Morrison: the right man at the right time

Australia is not at war with another nation or ideology in August 2020 but the nation is in conflict. There are serious threats from China and there are many challenges flowing from the pandemic tha...

Greg Rogers - avatar Greg Rogers

Business News

3 Ways to Keep Your Business Safe with Roller Shutters

If you operate your business in a neighbourhood or city that is not known for being a safe environment, it is not surprising if you often worry about the safety of your business establishments o...

News Co - avatar News Co

Expert Tips on How to Create a Digital Product to Sell on Your Blog

As the managing director of a growing talent agency, I use the company blog to not only promote my business but as a way to establish ourselves as an authority in our industry. You see, blogs a...

Adam Jacobs - avatar Adam Jacobs

How to Find A company with Tijuana manufacturing

If you have decided to launch a business in Tijuana, there is a need to know about the manufacturing companies. The decision to choose a manufacturing company is not so easy as it looks.   The rig...

News Company - avatar News Company



News Co Media Group

Content & Technology Connecting Global Audiences

More Information - Less Opinion