This appeared last week.
Australia’s National Digital ID is here, but the government’s not talking about it
January 28, 2020 5.52am AEDT
Author
Research Fellow, Cyber Security, Deakin University
The Australian government’s Digital Transformation Agency (DTA) has spent more than A$200 million over the past five years developing a National Digital ID platform. If successful, the project could streamline commerce, resolve bureaucratic quagmires, and improve national security.
The emerging results of the project may give the Australian public cause for concern.
Two mobile apps built on the DTA’s Trusted Digital Identification Framework (TDIF) have recently been released to consumers. The apps, myGovID and Digital ID, were developed by the Australian Taxation Office (ATO) and Australia Post, respectively.
Both apps were released without fanfare or glossy marketing campaigns to entice users. This is in keeping with more than five years of stealthy administrative decision-making and policy development in the National Digital ID project.
Now, it seems, we are set to hear more about it. An existing digital identity scheme for businesses called AUSkey will be retired and replaced with the new National Digital ID in March, and the DTA has recently put out a contract for a “Digital Identity Communication and Engagement Strategy”.
The DTA’s renewed investment in public communications is a welcome change of pace, but instead of top-down decision-making, why not try consultation and conversation?
We fear what we don’t understand
Ever since the Hawke government’s ill-fated Australia Card proposal in the 1980s, Australians have consistently viewed national identification schemes with contempt. Some have suggested that the DTA’s silence comes from fear of a backlash.
History provides insight into some, but not all, of the numerous potential reasons for the DTA’s strategic opacity.
For example, people do not respond positively to what they do not understand. Surveys suggest that fewer than one in four Australians have a strong understanding of digital identification.
The National Digital ID project was launched more than five years ago. Why hasn’t the public become familiar with these technologies?
What is the TDIF?
Part of an overview of the TDIF available on the DTA website. Trusted Digital Identity Framework (TDIF)™: 02 - Overview © Commonwealth of Australia (Digital Transformation Agency) 2019., CC BY
The TDIF is what’s known as a federated digital identification system. This means it relies on multiple organisations called Identity Providers, who act as central repositories for identification.
In essence, you identify yourself to the Identity Provider, which then vouches for you to third parties in much the same way you might use a Google or Facebook account to log in to a news website.
The difference in this case is that Identity Providers will control, store and manage all user information – which is likely to include birth certificates, marriage certificates, tax returns, medical histories, and perhaps eventually biometrics and behavioural information too.
There are currently two government organisations offering Identity Service Providers: the Australian Tax Office (ATO) and Australia Post. By their nature, Identity Providers consolidate information in one place and risk becoming a single point of failure. This exposes users to harms associated with the possibility of stolen or compromised personal information.
Another weakness of the TDIF is that it doesn’t allow for releasing only partial information about a person. For example, people might be willing to share practically all their personal information with a large bank.
However, few will voluntarily disclose such a large amount of personal information indiscriminately – and the TDIF doesn’t give the option to control what is disclosed.
Securing sovereignty over identity
It might have been reasonable to keep the National Digital ID project quiet when it launched, but a lot has changed in the past five years.
For example, some localities in Canada and Switzerland, faced with similar challenges, chose an alternative to the federated model for their Digital ID systems. Instead, they used the principles of what is called Self Sovereign Identity (SSI).
Self-sovereign systems offer the same functions and capabilities as the DTA’s federated system. And they do so without funnelling users through government-controlled Identity Providers.
Instead, self-sovereign systems let users create, manage and use multiple discrete digital identities. Each identity can be tailored to its function, with different attributes attached according to necessity.
Authentication systems like this offer control over the disclosure of personal information. This is a feature that may considerably enhance the privacy, security and usability of digital identification.
Moving forward
Based on the idea of giving control to users, self-sovereign digital identification puts its users ahead of any institution, organisation or state. Incorporating elements from the self-sovereign approach might make the Australian system more appealing by addressing public concerns.
And self-sovereign identity is just one example of many technologies already available to the DTA. The possibilities are vast.
However, those possibilities can only be explored if the DTA starts engaging directly with the general public, industry and academia. Keeping Australia’s Digital National ID scheme cloaked will only increase negative sentiment towards digital identity schemes.
Even if self-sovereign identity proved appealing to the public, there would still be plenty of need for dialogue. For example, people would need to enrol into the identification program by physically visiting a white-listed facility (such as a post office). That alone poses several technological, economic, social and political challenges.
Regardless of the direction Australia takes for the Digital National ID, there will be problems that need to be solved – and these will require dialogue and transparency.
Government and other organisations may not support a self-sovereign identity initiative, as it would give them less information about and administrative control over their constituents or clients.
Nonetheless, the implementation of a national identity scheme by stealth will only give the Australian public good reason for outrage, and it might culminate in intensified and unwanted scrutiny.
To prevent this from occurring, the DTA’s project needs to be brought out of hiding. It is only with transparency and a dialogue open to all Australians that the public’s concerns can be addressed in full.
Reproduced per The Conversation License. Here is the link:
It seems that people have forgotten about the Individual Health Identfier (IHI) but I guess that is because it is an older and rather less trustworthy system.
However, I very much agree with the author that these systems should be much more open and better understood in general!
This is an interesting area which is rather under the radar at present and should not be!
David.
re "The DTA’s renewed investment in public communications is a welcome change of pace, but instead of top-down decision-making, why not try consultation and conversation?"
ReplyDeleteTo be fair, they did consult but mainly by invitation. I went to a number of sessions representing the Australian Privacy Foundation. The first was in October 2016.
On multiple occasions I asked for two things:
1. A system architecture.
2. A trust model.
Both were promised but, AFAIK, neither has ever been delivered, at least not externally. The latest copy of the documentaion I have is dated March 2019, version 1.5 (Incorporated feedback from public consultation). The previous version was 1.4 (Incorporated feedback from stakeholders). I don't believe any more have been released.
The word "trust" is not defined in the Overview and Glossary.
What they laughingly call an architecture is a mixture of decisions (such as The TDIF Architecture implements a federated model of identity") without explaining why or what that really means.
The word "problem" never appears, neither does "use case" or "scenario". Neither does "data flow"
There is mention of a trust model in the section on Attribute Binding "If the attribute binding process can be achieved to different levels of assurance then a trust model will need to be developed to describe and govern these additional attributes."
and that's it. I can find no document that describes/defines a trust model and it does not seem to appear in any of the technical documentation.
IMHO, if you don't understand and document your system architecture (which should have use cases/scenarios) especially the trust model, the problem has not been thought through.
What is delivered may work as expected, but that would be more by chance and luck.
The whole initiative is depressingly familiar.
But what was the quality of the font used in the PowerPoint presentations? Where the speech bubbles positioned to present a concerned government that meant business?
ReplyDeleteOther than that this like digital health has lost all grasp of architecture and what is actually requires