Wednesday, February 16, 2022

The Government Seems To Have An Insatiable Need To Number And Identify Us All!

This appeared last week:

National digital ID plan sparks ‘Australia Card’ warnings

The states and territories have agreed to work with the federal government on a national digital ID system, sparking fresh warnings from privacy advocates who have likened the proposal to the controversial ‘Australia Card’ plan of the 1980s.

A joint communique released this week outlined a proposed system that would allow Australians to create a verified online login that could then be connected to an array of state and federal services, potentially through platforms such as Services NSW, Service Victoria and the federal MyGov.

It could mean only one login would be required to prove a person’s identity, rather than supplying paper documents like a passport or birth certificate, when asking for a state service like a vehicle registration, a federal provision like welfare or potentially even when dealing with a business.

Federal authorities have been developing a digital identity system since 2015, and it is already in use for many Commonwealth services, but the communique issued this week from data and digital ministers confirms that states and territories are now involved in the process.

“Ministers agreed to work towards a world-first national trusted digital identity system,” the communique, which was sent on Tuesday but dated last Friday, reads. “An interoperable national system will enable citizens to quickly and easily verify their identity when accessing government services online, such as applying for a licence or Tax File Number.”

A draft federal law to enable much of the project, called the Trusted Digital Identity Bill, was unveiled for consultation late last year but has not yet been introduced to Parliament. Each state will ultimately decide how and if to integrate the system with their services, a spokesman for the responsible federal minister, Stuart Robert said.

Under the proposed scheme, Australians would have a choice of several ways of creating their digital ID, which could be through a federal agency, a state or approved private provider such as a bank. Users would then choose the services to use with their login.

Australian Privacy Foundation chair David Vaile said the plan deserves as much scrutiny as the Australia Card, which was proposed by the Hawke government but withdrawn in 1987 following a bitter public debate.

“There was a very bad lesson learned in the 1980s with the Australia Card. That was the last time a national ID card system was called by its name and addressed frankly with all of its issues,” Mr Vaile said. “Since then you’ve had attempts to [appear to] run a mile from the direction you’re heading in.”

But Mr Robert’s spokesman rejected comparisons to the Australia Card, saying the digital identity system was completely controlled by the user and did not come with a single identifier that could be used to track people.

The system was designed to ensure that whichever agency vouched for a user’s identity would not know what services they used, and those services would only get the necessary identity information. Privacy protections in the system been independently assessed and were backed by rules in the government’s bill, the spokesman said.

“With Digital Identity, only the information that is required is shared and it’s also clear what information is being provided to the service,” the spokesman said.

Privacy advocates are concerned that the proposal has the potential to create a lifelong store of data that governments could be tempted to link together, enabling discrimination or surveillance.

“A digital identity system, it has the highest risk of undermining the core driver of data protection regulation in the modern world, which is you can have personal info, use it, or even transfer it for the purpose it was collected,” said Mr Vaile. “But you can’t create a massive dossier of everything you’ve collected and use it for whatever you like.”

James Clark, the executive director at advocacy group Digital Rights Watch, agreed and said governments were “pushing ahead with a pretty fraught proposal without a proper debate”.

More here:

https://www.smh.com.au/technology/national-digital-id-plan-sparks-australia-card-warnings-20220209-p59v1t.html

The question for me with all this is not that a digital identifier is a good idea but how many we need These days we have the Individual Health Identifier, our Tax File Number, multiple financial system identifiers and so it goes on.

While I must be naïve it seems to me just one robust system should be enough and that the Government should choose just one and then just get on with it for access to all government services.

Of course it is no comfort that right now our most ignorant Federal Minister is leading the push – which would have me want to wait for a change of Government!

Is there any actual technical reason why just one robust and secure ID for Government Services and Access is not the right number? Of course whatever is chosen must be implemented with the best security and privacy controls as well as being optional for those at special risk.

The private sector can do as it pleases as what they offer should always be voluntary and cancellable!

Please explain why this is not the right way to go?

David.

 

2 comments:

  1. The addresses of more than 500,000 organisations including defence sites, a missile maintenance unit and domestic violence shelters were inadvertently made public in the first major breach of the NSW government’s massive trove of QR code data.

    Premier Dominic Perrottet said the information was uploaded in error and the bungle, which has alarmed privacy advocates and women’s safety advocates, “shouldn’t have happened”.

    Here we go again - move on nothing really, we do this so often it’s actually BAU

    ReplyDelete
  2. Sarah makes one of the reasons why a single source of information is always going to be a problem. Even if the government body in charge is competent, there are always going to be mistakes, errors, oversights, omissions and so on - it is human. Then there is the consequent problem that any such issue is more likely than not to have massive numerical impact, rather than with manual mistakes, which are most likely to more negligible numbers affected. Secondly, all data will become vulnerable to hacking, malware and such like, as time goes on, and it is very unlikely that Australia (with its very small software industry) will have the answers for proactive protection in all cases. Combine mistakes and vulnerability and you have a mess in the making, whatever the level of professionalism involved. Just give it time.

    ReplyDelete