Australia’s new digital ID strategy calls for more biometrics, stronger data protection
Australia’s federal government has released what it calls a National Strategy for Identity Resilience, which outlines how state and territory governments should make their digital ID systems more robust and not prone to identity theft.
The plan was unveiled following a meeting of Data and Digital Ministers which took place on June 23.
The plan proposes the increasing use of biometrics with consent for online ID verification as it claims that biographical information alone and even passwords are not enough to offer adequate protection of people’s online ID.
To be implemented by the Department of Home Affairs in collaboration with states and territories, the plan also gives strong assurances for the protection of biometric data and privacy of all Australian citizens.
In a joint statement, Public Service Minister Katy Gallagher and her cybersecurity colleague of Clare O’Neil, highlight the importance of the digital ID resilience plan, saying it is part of government’s efforts to modernize ID management given that “as the digital economy accelerates and the world increasingly operates online, Australians’ identities are vulnerable in new ways.”
“We are committed to creating a secure and trusted digital environment for Australia that enables smarter, safer and more effective service delivery,” they say, as they hope to “build a more resilient identity to underpin the growth of Australia’s digital economy and help make Australia the most cyber secure nation by 2030.”
The plan, which replaces the 2012 National Identity Security Strategy, comes as identity crime is said to be costing the Australian government billions of Australian dollars in losses yearly, with the government losing AU$3.1 billion (US$2.1 billion) in 2018-19 alone.
Going by the plan, states and territories will seek identity resilience by working together on common objectives, standards and practices so that attackers do not target whichever is perceived to have vulnerabilities.
“Poor identity security practices in one jurisdiction can be exploited in all the others. Australian governments are committed to achieving consistent national standards across jurisdictions, to build trust and confidence in the identity system,” the plan says.
Overall, the plan outlines 10 shared principles which will guide the identity resilience strategy. Among them are digital ID inclusion, seamless interoperability, consistent high standards, ease of updating identity information across agencies, data collection and retention, data-sharing, and clear accountability and liability.
The plan also underlines the need for the federal government, states and territories to build on the work already done when it comes to digital identity, based on short, medium and long-term actions by all stakeholders involved.
Short term measures will require up to 12 months to implement, medium term ones would need one to three years, and those in the long-term will need between three and five years to be realized, the plan states.
The National Strategy for Identity Resilience comes not long after the Australian government also published a plan designed to reform the country’s digital payments landscape.