A national digital ID scheme is being proposed. An expert weighs the pros and (many more) cons
Retrieved on:
Montag, September 25, 2023
ACT, Optus, Department, Australian Information Industry Association, State, Private sector, MyGov, Honey, Accreditation, MyGovID, Speech, Internet, Tax, Identity theft, Finance, Australian Competition & Consumer Commission, Hope, Privacy, ID, Identification, Government, Competition, Medibank, Medicare, National Disability Insurance Scheme, Association, NSW, ABC, IDS, Australian Competition and Consumer Commission v Baxter Healthcare Pty Ltd, Federation, Department of Home Affairs (Australia), Office of the Australian Information Commissioner, National digital identity systems, Legislation, Mobile phone, Private investigator, Security printing, Medical device, Cryptocurrency
To address such costs, the federal government is proposing a national digital identity scheme that will let people prove their identity without having to share documents such as their passport, drivers licence or Medicare card.
Key Points:
- To address such costs, the federal government is proposing a national digital identity scheme that will let people prove their identity without having to share documents such as their passport, drivers licence or Medicare card.
- Finance Minister Katy Gallagher opened consultations for the draft bill last week, with plans to introduce the legislation to parliament by the end of the year.
What would change?
- The draft bill package includes strong updates to security requirements for how organisations store people’s IDs, as well as the reporting of data breaches and suspected identity fraud.
- In her speech to the Australian Information Industry Association, Gallagher outlined a four-phase rollout.
How would it work?
- To prove your identity to a participating organisation, you would log into the organisation’s website and select MyGovID as your verification method.
- You would then log into your MyGovID app and give consent for your identity to be verified with that organisation.
The upside of the proposal
- The Medibank, Optus and Latitude data breaches of 2022-23 have demonstrated the lack of regulation and enforcement of identity protection legislation in Australia.
- The bill also outlines minimum cybersecurity standards, and requires regular review of organisations dealing with identity data.
Unresolved MyGovID security flaws
- In releasing the draft bill, the government has highlighted a voluntary national digital identity – the MyGovID – which is already being used by more than 6 million Australians and 1.3 million businesses.
- In 2020, security researchers warned the public against using MyGovID due to security flaws in its design.
- According to Webber Insurance, 14 of the 44 recorded data breaches between January to June this year were reported by government authorities.
- More worryingly, the privacy act has a loophole which allows state and government authorities to remain exempt from compulsory data breach reporting.
A honey trap for hackers
- Also, streamlining distributed identification systems in this way will create an irresistible target for hackers.
- In cybersecurity this is called a honeypot, or honey trap.
- Just as honey is irresistible to bears, these data lures are irresistible to hackers.
What can you do?
- However, you don’t have much time to have your say: public submissions are being sought until October 10.
- This extremely short consultation period doesn’t provide much confidence a fit-for-purpose solution will be created.