Just as we need to protect Australia’s critical infrastructure ^[1]—our banking systems, power supplies, ports and roads—we must protect our digital information assets, particularly those that make us a nation legally, culturally, socially and historically.

Digital and digitised data is part of what makes us Australian. It underpins our democracy, our law, our society and how we see ourselves. It’s essentially the evidence of who we were, are and, probably, will be.

In early January, I started a project looking at the protection and vulnerability of Australia’s digital national identity assets. As part of a six-month fellowship with ASPI’s International Cyber Policy Centre, I’m asking:

• What, exactly, are those assets?
• What would happen if they were attacked, destroyed or manipulated?
• What impact would that have on the nation, and on you and me?

I’m currently in the research and discovery phase, talking with people to identify key digital assets and collections. Some critical assets are obvious: our registries of births, deaths and marriages; immigration data identifying who has entered the country, when and where from; information about who owns what; Hansard.

I focused first on ‘digitally born’ material, but I’m now considering historical print and other content that’s been digitised: cabinet records; court cases; the national and state archives and libraries; the archives of the ABC, the Fairfaxes, the Packers and the Murdochs; and the enlistment and service records of every Australian who served in World War I. There are many more.

In 2018, a record that isn’t digitised and online might as well not exist, and that brings authenticity and reliability into the frame. How do we know that a digital record is a true copy of the original? If a digital record were destroyed, it could be recreated if the original is intact, but what if that happens the other way round? What if the sole image of a destroyed record has been manipulated digitally and then presented as true? We live in the era of PhotoShop and fake news, so why not fake history?

In the archival world, we continually decide on the importance of information. Based on those decisions, we develop a hierarchy of value, deciding what needs to be kept and for how long. The values change over time—what was important or sensitive years ago might not be now (think of expletives in broadsheet newspapers), and what was unthought of years ago might now be accepted (think of same-sex marriage).

The digital assets that I identify won’t be a definitive list but will be a solid representation of Australia’s critical information infrastructure as it stands today.

In the next part of the project, I’ll identify the ways critical digital records could be destroyed or manipulated. Australia experiences 47,000 cyber incidents a year ^[2]. Who would benefit, and how, from targeting our digital heritage?

In a third and closely related element, I’ll explore the consequences. What would happen if any, some or all of those digital assets were destroyed? What would happen to our sovereignty, society, law, rights, entitlements and personal identity—who we are and what we own?

If we lost, say, our immigration and births, deaths and marriages data, how could you prove your citizenship? And what if that information were compromised and unreliable? What would then become the authoritative source of information about Australians and their citizenship? We could either throw our hands in the air and close our borders to all, or allow everyone in unless there’s some other proof that they’re not eligible to come.

Everyone I’ve spoken to so far, from heads of agencies to ASPI colleagues corralled in corridor conversations, has shown a genuine interest in and enthusiasm for my project. I have a wide remit, and I want to start a broader conversation about this issue and create awareness and understanding in different government and community sectors. Ultimately, we must get the protection of our critical data—just like our other critical infrastructure—onto the broader national agenda.

If you have further ideas or thoughts about my project, please contact me at [email protected] ^[3].