A new report from ASPI’s Cyber Centre has identified major challenges with a new digital identity scheme that is about to be rolled out nationally.
“Taxpayers are now funding two schemes that will compete against each other. Neither is governed by
dedicated legislation, and inadequate controls mean the schemes could be exploited to build a Western
version of China’s social credit scheme” said the report’s author Fergus Hanson.
“Given the far-reaching implications of digital identity”, Hanson said, “it’s odd how limited communication
with the public has been”.
The new digital identity scheme, GovPass, secured $92.4 million in the 2018–19 Budget to create the
infrastructure that will underpin it and fund its initial rollout. The existing scheme, which is already
operational, was built by Australia Post at a cost of $30–50 million and is known as Digital iD.
Neither GovPass nor Digital iD is governed by dedicated legislation, beyond existing laws such as the
inadequate Privacy Act 1988, leaving Australians vulnerable to having their data misused.
The lack of clarity about how the private sector will and will not be able to use the schemes will
turbocharge the ability to gather detailed profiles of individual Australians. Controls are needed to prevent
a Western version of China’s social credit scheme emerging.
“Digital identity is a key enabler for a 21st century economy that will create efficiencies and improve
productivity, so it’s a shame poor implementation is going to jeopardise its success” said Hanson.
To help restore public confidence in digital initiatives after a string of failures, the report recommends the
government conduct a root-and-branch review of how citizen protections can be made fit for purpose in
the 21st century and of opportunities to take advantage of digitisation to simplify rules created for our
paper-based society. The review should look at reforms that provide citizens with easy and meaningful
control over their data.
The report recommends the roll-out of digital identity be accompanied by a major communications
campaign to explain the short and longer-term implications. It finds GovPass and Digital iD need to be
placed under legislative oversight and ideally should be joined to reduce duplication. Finally, tighter
regulation of the use of new biometric databases is needed to prevent likely overreach and resulting
community backlash.
The report by Fergus Hanson is “Preventing another Australia Card fail: Unlocking the potential of digital identity”.