Australia’s long-anticipated national digital identity system has taken a step forward with the government presenting draft legislation and opening consultations on the system in September. However, experts are sounding alarms about several issues within the draft Digital ID Bill, coupled with the looming security challenges the ID project must confront.
Erica Mealy, a Computer Science lecturer at the University of the Sunshine Coast, highlights the challenges Australia’s previous digital ID project, MyGov, faced in an article for The Conversation. MyGovID faced security concerns in 2020, warning the public about security flaws. Mealy points out that Australian governments have struggled with securing information, suffering data breaches in the past. Consolidating distributed identification systems into a single digital ID could potentially create an attractive target for hackers.
Currently, Australia operates multiple digital ID schemes, including MyGov, myGovID, and the NSW Digital ID pilot by the state of New South Wales. The new federally-backed digital ID intends to merge various services and ID documents into a single government-controlled identification platform.
Mealy also raises concerns about Australia’s current privacy act, which contains a loophole exempting some state and government authorities from mandatory data breach reporting. Changes in legislation, such as the Surveillance Legislation Amendment (Identify and Disrupt) Act in 2021, may lead to government tracking of users’ activities and interactions with public and private organizations.
She states, “Perhaps most concerning is how closely the proposed scheme resembles government surveillance,” expressing the worry that linking all personal identification data across federal and state jurisdictions, as well as private entities, would grant the federal government complete oversight of citizens’ lives.
Australia’s Finance Minister, Katy Gallagher, anticipates having the digital ID legislation in place by mid-2024. However, its implementation faces potential challenges, including interoperability issues, opposition from local governments, and even conspiracy theories.
The ID program, under the Department of Finance since July, has already incurred expenditures exceeding AUD600 million (approximately US$404 million). The National Strategy for Identity Resilience emphasizes strengthening security by increasing the use of biometrics in Australian digital ID systems.
In addition to the digital ID project, Australia has unveiled plans for a National Digital Skills Passport that will serve as a digital ID for job qualifications.
As Australia moves forward with its digital future, some existing ID schemes may become obsolete. The NSW Digital ID pilot program, for example, has stalled, with no new trials in sight. New South Wales launched its beta version alongside several pilots, but these initial trials involved fewer than 70 participants. The government has also reduced the value of the contract for the Digital Identity and Verifiable Credentials (DIVC) platform with Mattr, a decentralized identity company. Although the government intends to continue the project, the reduced contract value reflects the initial three-year term rather than the full five years.
The NSW Digital ID project initially commenced in 2020 under former New South Wales Digital Minister Victor Dominello.