- The Strategist - https://www.aspistrategist.org.au -

Privacy and security at the heart of the government’s digital identity program

Posted By on November 8, 2018 @ 12:34



Australians have told us they want to do more of their business with government online.

They are also demanding the same levels of simplicity, security and convenience that they enjoy from their banks, airlines or retailers that help them manage their busy lives.

But up until now, governments have been unable to meet these expectations due to the difficulty of proving the identity of online users to an appropriate standard.

That is why we have developed a new digital identity solution, called myGovID. The system enables users to complete the digital equivalent of a 100-point ID check—unlocking easy access to a host of new and existing services.

myGovID will also do away with the need for users to have multiple logins for different departments, which can be a nightmare to keep track of and create headaches when passwords or usernames are forgotten.

The first pilot program using this new system started last week, enabling users to apply for a tax file number online.

Currently, if you need a TFN, you have to download a form from the ATO website, which you then have to take to a post office along with your passport and driver’s licence to prove that you are who you say you are.

The form is then posted to the tax office and you have to wait for a TFN to be generated and posted back to you within about 30 days.

Using myGovID, you will be able to complete the entire process online, using your mobile phone, at any time of the day or night, wherever you are. And, best of all, you can get your TFN within minutes, as opposed to having to wait a month.

While the system is still only a prototype, extensive work has been done to ensure that the privacy and security of users have been built into its very heart.

We have also worked closely with privacy advocates from the beginning to incorporate best practices in the standards, design and workings of the system.

For those reasons, I was extremely disappointed to read a report by ASPI’s Fergus Hanson, which threatened to undermine public trust in this new system by attempting to conflate it with the Australia Card issue.

I was also baffled by Hanson’s claims that myGovID could become a Chinese-style social credit system—a claim contradicted by his own report.

What Hanson demonstrated was a clear lack of understanding of both the technical aspects of our digital identity solution and the role that it fulfills.

His report also contains basic factual errors and self-contradictions and is not, in any way, an objective appraisal of the program.

This is even more disappointing given the substantial time my own Digital Transformation Agency spent with him, walking him through the program prior to his writing the paper.

The DTA also provided written feedback to a draft version of the report, highlighting the numerous mistakes. But that feedback was dismissed as a ‘difference of opinion’.

As an example, Hanson asserted that private-sector companies will somehow be able to harvest data from people using the system.

The reality is that the system is deliberately designed to prevent that from happening, by using privacy-protecting architecture. A ‘double blind’ identity exchange sits between the digital service and the identity provider, ensuring personal information cannot be shared and is not visible to service providers and that services being accessed are not visible to identity providers.

As a government, we are acutely aware that myGovID will only be successful if the Australian public can trust it.

That is why we have consulted with thousands of people during development of the system.

We have also made the system opt-in to give users a choice whether to use it or not and made the system a federated one, so there is never the possibility of a single identifier for Australians.

The digital identity program is aligned with the Australian Privacy Principles and the Privacy Code, the Information Security Registered Assessors Program, and the Australian Government Protective Security Policy Framework and Information Security Manual.

Hanson fails to mention these facts in his report.

I fully expect that we will face some disapproval from certain commentators as we move forward with this project over the next six months.

Every major government reform inevitably faces some level of opposition when challenging the status quo. In the case of technology initiatives, calls of ‘Big Brother’ are often associated with progress.

But if we were to continually yield to the views of the naysayers, we would still be lining up in queues at airports to have our passports checked, rather than breezing through using biometric SmartGates.

Out of interest, I went back and looked at media reporting from the mid-2000s when the merits of SmartGates were still being debated.

It was ‘Big Brother’ at its worst according to one commentator. Another claimed the technology would never work and was doomed to be an expensive failure.

History has proven the alarmists wrong. No doubt it will do so again when it comes to myGovID.

The benefits to the Australian public and the nation’s economic future are too great to allow important reforms such as this to be derailed by misinformation and misunderstanding.


Article printed from The Strategist: https://www.aspistrategist.org.au

URL to article: https://www.aspistrategist.org.au/privacy-and-security-at-the-heart-of-the-governments-digital-identity-program/

[1] report: https://www.aspi.org.au/report/preventing-another-australia-card-fail