Australia’s national digital ID project may face more issues, expert says
Australia’s long-anticipated national digital identity system is finally moving forward after the government presented draft legislation and opened consultations on the system in September. But some experts are warning that the draft Digital ID Bill has a number of issues, while the ID project itself will have to tackle security challenges.
The country’s previous digital ID project, MyGov, is a good illustration of these challenges, says Erica Mealy, a lecturer in Computer Science at the University of the Sunshine Coast, in an article for The Conversation.
In 2020, security researchers warned the public against using MyGovID due to security flaws. Governments in Australia have a poor track record of securing information, as their systems have been hit with data breaches in the past, Mealy argues. Streamlining distributed identification systems into one digital ID could create an irresistible honeypot for hackers.
Australia currently runs several digital ID schemes. Aside from MyGov, these include myGovID and the NSW Digital ID piloted by the state of New South Wales. The new federally-backed digital ID plans to consolidate various services and ID documents into a single government-run identification platform.
Mealy warns that the country’s current privacy act has a loophole that allows some state and government authorities to remain exempt from compulsory data breach reporting. Australian legislators have also been introducing small changes to the laws, such as the Surveillance Legislation Amendment (Identify and Disrupt) Act in 2021, that could result in government tracking of users’ locations and interactions with public and private organizations.
“Perhaps most concerning is how closely the proposed scheme resembles government surveillance,” she says. “By linking all our personal identification data across federal and state jurisdictions, as well as private entities, we would be giving the federal government complete oversight of our lives.”
Australia’s Finance Minister Katy Gallagher said the legislation for the digital ID could be in place by mid-2024. Its rollout, however, could still be derailed by factors such as interoperability issues, local government pushback and even conspiracy theories.
The ID program, which came under the control of the Department of Finance in July this year, has spent over AUD600 million (roughly US$404 million) so far. According to the National Strategy for Identity Resilience, Australian digital ID systems should aim for more robust security by increasing the use of biometrics
Last week, the country also presented plans for a National Digital Skills Passport that would function as a digital ID for job qualifications.
What happens to old digital ID schemes?
As Australia rushes toward its digital future, other ID schemes may get left behind.
The NSW Digital ID pilot program is currently at a standstill with no new trials in sight, trade publication InnovationAus reports.
New South Wales launched a beta version of its own system called alongside several pilots with the first one kicking off in November 2022. In two of the three pilots conducted to date, less than 70 people have tested the NSW system.
The New South Wales government has also lowered the value of the contract for the Digital Identity and Verifiable Credentials (DIVC) platform with decentralized identity company Mattr, a subsidiary of New Zealand’s largest telco, Spark.
The government selected Mattr to issue verifiable credentials for its NSW Digital ID and Verifiable Credentials program, signing a deal for almost AUD29 million (US$18.4 million) in June. According to the government’s eTendering website, however, the project is now estimated to be worth AUD16.8 million (US$10.7 million).
The government has clarified that it plans to continue with the project. The change reflects the initial three-year term of the deal, rather than the full five years, while the “remaining contract value relates to future extension options as required,” the report notes.
The NSW Digital ID project was first kicked off by former New South Wales Digital Minister Victor Dominello in 2020.