FB pixel

Australia Digital ID Bill criticized for biometrics testing barrier, phased rollout

Australia Digital ID Bill criticized for biometrics testing barrier, phased rollout
 

National banks and a biometric testing provider have expressed concerns in submissions to parliament on the Digital ID Bill that will govern the Australian Government Digital ID System (AGDIS). BixeLab commented that the bill as it stands can hinder testing integrity. Banks and others have also argued the private sector should access digital IDs at the same time as state governments, rather than maintain its current multi-step plan, according to InnovationAus.

The Digital ID Bill was first introduced to Parliament in November and includes a number of rules referring to biometric testing. BixeLab submitted an inquiry to parliament supporting the oversight of accreditation by a regulator as outlined in the bill, arguing that it will facilitate change in response to the emergence of novel threats.

The company opposes that the bill leaves it up to the discretion of the regulator as to whether or not independent testing would be required. The committee should “consider an amendment … to make explicit that testing … may be prescribed to be independent of accredited entities,” the submission reads.

A clause in the bill bans the collection of racial or ethnic attributes, which hinders BixeLab and other testing providers from using such data to assess racial bias in biometric algorithms, it notes. Additionally, the bill as it currently stands limits the retention of biometric data for testing to 14 days.

The two-week timeframe “is not a sufficient period to complete testing and associated fraud investigations for more complex and novel threats and attacks,” says BixeLab. It suggests the maximum period for retaining data should be extended to at least 28 days, and preferably to 60 days.

BixeLab also says the three month accreditation period for testing entities could be extended.

The bill outlines which entities will be able to implement AGDIS in a series of phases but not when each phase is expected to begin. As the bill stands today, state and territory governments would have access in the second phase and citizens could use digital IDs to access private sector services in the third phase. The private sector, including current digital ID providers like IDVerse, will only be able to access government services in the fourth and final phase.

The Department of Finance argues that a phased-in approach will give the government a chance to see that the system is operating as planned before continuing to roll out digital IDs.

The National Australia Bank (NAB) argues that whether an organization meets security standards should determine when they can access digital IDs – not an arbitrary deadline.

“Accreditation should be the barometer of an entity’s maturity and applicability for joining the system – not an artificially constructed timeline which does not relate to an organization’s capability to satisfy the state requirements,” states NAB’s submission to parliament.

Australian Payments Plus (AP+), which runs the ConnectID digital ID system that Commonwealth Bank of Australia and NAB currently use, says that the government is prolonging national cybersecurity risks by dragging its feet on private sector access.

Equifax, one of the two largest private users of the government’s currently available identity verification services, says in its submission that delays in private sector access could “undermine consumer confidence in dealing with business and government” as digital identity fraud becomes more sophisticated.

Other submissions from civil rights groups call for stronger restrictions on law enforcement’s access to the system.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Who is looking out for your data? Security in an era of wide-spread breaches

By Vince Graziani, CEO, Idex Biometrics While some of the biggest businesses in the world now rely heavily on data, concern…

 

ITL’s Alerts App expands biometric portfolio to integrated venue management

Businesses from every sector all face access control challenges to ensure the security and safety of their staff and customers….

 

Best biometrics use cases become clearer as ecosystems mature

Biometrics are for digital identity, socio-economic development, air travel and remote identity verification, but not public surveillance, the most-read news…

 

UK Biometrics and Surveillance Camera Commissioner role survives as DPDI fails

UK parliament will not pass data protection legislation during the current session, following the announcement of the general election in…

 

EU watchdog rules airport biometrics must be passenger-controlled to comply with GDPR

The use of facial recognition to streamline air passenger’s travel journeys only complies with Europe’s data protection regulations in certain…

 

NZ’s biometric code of practice could worsen privacy: Business group

New Zealand is working on creating a biometrics Code of Practice as the country introduces more facial recognition applications. A…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events