The “quiet” rollout of two government-owned digital identity platforms is a signal we could soon see the launch of a National Digital ID, tech insiders say.
A national ID – digital or otherwise – is a dogged idea that’s been pushed by governments as far back as Bob Hawke’s in the 1980s, and is designed to act as an individual’s single-entry access to just about every government service you can think of, plus more.
According to cyber security research fellow Patrick Scolyer-Gray, the federal government’s Digital Transformation Agency has been silently beavering away at creating a National Digital ID – and they’re ready to bring it online.
The agency, or DTA, confirmed it has made two digital identities available through a system called the Trusted Digital Identity Framework, but stopped short of referring to it as a National Digital ID.
“The Australian government is delivering digital identity, a program that will allow government services to be easily available to people and businesses online at any time,” a DTA spokesperson told The New Daily.
“Creating and using a digital identity is voluntary, it is a personal choice.”
The spokesperson said there would be more identity providers entering the market in the future, including an AUSkey replacement, in March.
Doctor Scolyer-Gray says the agency, or DTA, has spent more than $200 million in five years building the platform.
“If successful, the project could streamline commerce, resolve bureaucratic quagmires, and improve national security,” Doctor Scolyer-Gray wrote in an article for The Conversation this week.
“The emerging results of the project may give the Australian public cause for concern.
“Both apps were released without fanfare or glossy marketing campaigns to entice users,” Doctor Scolyer-Gray went on to write.
“This is in keeping with more than five years of stealthy administrative decision-making and policy development in the National Digital ID project.”
The DTA rejects the “stealthy” adjective, and said there’s been four major reviews of the framework, with public consultation at each step.
A government institute researcher, who cannot be named, told The New Daily that because these apps had slipped into publicly downloadable domains, he believes an overarching National Digital ID is “well on its way” to becoming a reality.
What’s the issue?
There’s no country in the world that has successfully implemented a free market digital identity, industry specialist Stephen Wilson said.
To try and establish one in Australia would be to ignore 10-plus years of evidence, Mr Wilson told The New Daily.
Why would it fail so miserably? Mr Wilson says it comes down to the perceived monetary value of a digital identity, and that no one can seem to put a definite price on it.
Therefore, even if it’s created, it doesn’t get picked up by commercial partners and falls into the hands of the federal government to manage.
A consultant, analyst and global authority on digital identity and authentication, Mr Wilson has worked in the past with the DTA and said he’s found frustration that its thinking was “fundamentally stuck in the past”.
He said the idea of the authenticated digital identity was to streamline access to government services – much like one can use a social media account to sign into third-party sites or services.
However, he said, there needs to be serious consideration before removing “friction willy-nilly”.
“Yeah, it’s a pain in the arse to log in to all these different services,” Mr Wilson told The New Daily.
“But remove that friction and you’ve got to be careful … because friction is our friend, it helps remove the chance for fraud.”
Too many eggs in the same basket
The government institute researcher The New Daily spoke with said one of the fundamental problems with the way the possible National Digital ID appeared to have been developed was that it was too in-house.
The ID providers are both federal government agencies (ATO, Australia Post) but, more importantly, the agency that verifies/authorises the accounts is also part of the federal government, in the Department of Human Services, the researcher said.
When it’s the same software and the same governing agency submitting the information, it creates what they call a single point of fail.
“Another limitation is the fact that the user cannot select which attributes are disclosed to those who request it,” the researcher explained.
“For instance, would you be comfortable disclosing the same level of identity attributes between a financial service provider versus an ecommerce website?”