In just a few months, Australians will have access to a new form of ID, which aims to make identification online much safer. It’s called the Digital ID, and it will form a cornerstone of the government’s strategy to improve the security of data for Australians online.
The Digital ID is the cumulation of a five-year, AUD $200 million (USD $134.18 million) investment as an effort to alleviate security concerns over the amount of data Australians give to companies to prove who they are online.
As a pilot and proof of concept, the Australian Taxation Office and Australia Post previously released smaller applications, but the Digital ID will go far beyond the scope of those and be an all-of-nation holistic approach to identity online. It will be a national identification tool that agencies and, eventually, private companies will use as a proof of identity verification without exposing users’ sensitive data to the organisation they’re interacting with.
Jump to:
- What information will be held behind the Digital ID?
- What Australian organisations and IT pros will need to do
- Concerns among Australia’s public persist
- Not long to go until launch
What information will be held behind the Digital ID?
The Digital ID will have several different levels of “strength,” depending on how much data is put behind it. Essentially, the Australian government intends to allow its citizens to put all forms of government-identifiable data behind the Digital ID. This will include birth certificates, marriage certificates, tax returns, medical histories, biometrics and passport and driver’s licence details.
SEE: Australia’s cyber shields strategy could depend on stringent data governance.
In the early stages, this will be a service for Australians to interact with government agencies with, but in the longer term, the plan is to open it up to the private sector too.
What Australian organisations and IT pros will need to do
The Digital ID system itself will be built in collaboration with the private sector. To be part of The Australian Government Digital ID System, Digital ID providers — such as the Australian Government’s Digital ID provider myGovID — must be accredited to demonstrate they meet high standards for privacy, cyber security, fraud control and more.
There also needs to be a commitment to maintaining privacy: Digital ID providers within the Australian Government Digital ID System can’t track which services individuals access — this is a privacy and security protection built into the Australian Government Digital ID System — and must ensure data is stored, transmitted and disposed of securely. Particularly once the Digital ID is opened up as a form of verification for private companies, the Government is committed to ensuring no one can use it to track a person’s digital footprint, so there will be tough structures implemented in that regard.
Organisations that are involved with collecting and verifying data through the Digital ID system will likely need specialists with training in policy, privacy and the security of the system to oversee its management. The regulatory requirements behind it are likely to be strict and carry substantial penalties for non-compliance.
Concerns among Australia’s public persist
There remain significant concerns among the public, despite the promises of security and privacy by the government.
Potential target for hackers
One of the main concerns is the potential for the system itself to become a target for hackers. Given the significant amount of data that’s going to be held to provide this service, there is a concern that the government is essentially creating a vast data lake and a single target to gain access to data on many, if not most, Australians.
SEE: Australian and New Zealand cyber security spending may not be enough to protect them from future threats.
Lack of public awareness
There are also concerns that the government hasn’t been consultative enough with the public, and the public is not properly aware of the scope, intent and way in which the Digital ID will be used. As noted on The Conversation, Australians reacted poorly to the Australian government when it floated the idea of a national identity card a few decades ago. This is currently the perception that this is the digital version of that exact initiative.
Potential misuse
And then there are ongoing concerns about the potential misuse of the Digital ID. Despite promises of privacy, it has already been mooted that the Digital ID is being considered for identification with adult websites. Australians are justifiably concerned that this does mean that there are potential political and social implications when using Digital ID.
Limited accessibility for alternative options
Given that Australians need to rely on phone or in-person interactions with government agencies if they don’t want to sign up for the Digital ID, it might not be as “voluntary” as the government is claiming. Many Australians increasingly rely on digital interactions with government services, and those people will be effectively required to have a Digital ID to continue to do so.
Not long to go until launch
With around six months until Digital ID is expected to formally launch, the Australian government has some work ahead of it to give Australians confidence that this is a superior solution that will benefit their privacy online and the security of their personally identifiable data. The idea of having a single national ID online so individuals no longer need to provide potentially compromising documents when using services online is, potentially, transformative in limiting the impact of cyber breaches to Australians.
It’s also inevitable, as there is broadly bipartisan agreement on Digital IT. For this reason, organisations that interact with identification and customer data will want to start understanding the implications of it for their businesses now.