A national digital identity is being prepared for all Australians for use at the end of next year.
It poses one of the biggest changes to Australia in its history and yet most people seem unaware, unconcerned, overwhelmed or distracted.
On one side, the public is being presented with claims to safety, convenience and use and, on the other, is facing an impending dystopia that will have a catastrophic impact upon our basic freedoms.
It is a complex and important issue that we have broken down into six short sections , each of which can be read separately.
_________________________________________________________________
Use Case
Australians seem convinced of the benefits of carrying their digital ID with them. Digital drivers’ licences, available in NSW, Queensland and South Australia, are useful for identification at the post office, to buy alcohol or get into a club. As a money-spinner, there doesn’t seem much in it.
This may change if concepts behind a modest pilot programme , conducted earlier this year, are used in the national digital identity proposed for the end of 2024.
As part of a series of programmes designed to launch NSW Digital, 36 people used a public-private system that provided them with sufficient digital identity to show proof of age and make a purchase of alcohol from online merchant Tipple.
In this particular transaction, the purchasers’ credentials- proof of age and a facial image- were drawn from the government database, verified by NSW Services, assembled into a digital credential and sent to the vendor via the identity exchange in Mastercard ID.
Tipple thus received confirmation of age without needing to check documents and could authenticate purchasers’ faces by matching them with the images supplied by NSW Services. The 36 individuals received a digital credential that could be stored for safe -and later use- in their own digital wallet.
Financially, the short-term benefits of the exercise to NSW Services were not clear as charging frameworks have been prepared but not released. Immediate benefits to purchasers and vendor were more immediately apparent and were duly communicated by the event’s administrators.
For NSW Minister for Services at the time, Victor Dominello, the pilot programme showed that
“ information could be shared but not overshared”. For his part, Mastercard Australasia president Richard Wormald noted how the system showed “a better way to provide quick and easy access to goods and services, without the hassle of sharing physical ID documents.”
What, as they say, is not to like?
_______________________________________________________________________
What
“There’s already pushback, and petitions circulating about what it’s not. We have seen this, particularly coming out of COVID, with conspiracy theories about what the government is trying to do, so we do need to be very clear in our communication“
“It’s not a card or a number, it’s really about citizens having control of their information that allows them to access government systems in a very easy, secure, voluntary and efficient way.”
-Finance Minister Katy Gallagher
Finance Minister Gallagher may suspect that quite a few people are not going to like the planned national digital identity system in Australia. Some opponents to the program are planning a nation-wide campaign to end it while others are pushing for a Human Rights Charter to change it.
The draft legislation is due to be released for public scrutiny in September. Details behind it have so far been fragmentary and vague but if anything this may have only fuelled some critics’ fears.
Earlier this year, Gallagher committed the government to the establishment of a national digital identity system that makes use of digital credentials and digital wallets. Media reports suggest that she was taking her cue from NSW where both components have now been piloted and deployed (as NSW Digital Identity and Verifiable Credentials and as NSW Digital Wallets).
Selling points presented by NSW Digital–an indication of what seems to await us at the federal level– focus on how much control individuals will gain by storing digital credentials in their own devices. Not only will individuals be able to carry their identities around, and show them when and where they want, but they will know which service is accessing their identity at all times– no ‘oversharing’ as former NSW Services Minister Dominello put it.
The offer improves with the promise of just one-time-only registration–and minimal sharing of data between services. There will be no more doubling up on ID passwords–one single digital identity to place the customer at the centre of a universe of services.
George Christensen, ex-One Nation Senator, and Alex Antic, Liberal Party Senator for South Australia, are not convinced and have both launched online campaigns that argue that the national digital ID system is the first step in achieving a totalitarian social credit system that will link all online behaviour to a centralised database–and thus modify it according to government wishes.
While Antic’s campaign focuses on its use as a tool of domestic political control, Christensen goes further upstream and argues that the national digital identity system is part of an attempt at establishing a centrally administered system of global governance (that is, government and finance included).
As indicated by the Minister, the government will be hoping to stop the spread of such fears by allowing individuals to opt in or out at the level they feel comfortable with and by providing them with alternative means of identification. Such measures will also have to satisfy criticism associated with broader human rights concerns.
Much of the focus of this criticism, from individuals such as official auditor of the current digital ID system, David Thody, or organisations such as the Electronic Frontier Association, has been on identifying important gaps in the system ( which is currently “operating without regulation“).
Trenchant criticism has also come from Angus Murray, Vice President of the Queensland Council for Civil Liberties, who argues the system should be suspended until an Australian Charter of Human Rights can be implemented. Digital Rights Watch Australia and the Electronic Frontier Association recently joined forces to launch a campaign also calling for this Charter, as well as a complimentary Charter of Digital Rights and Freedoms.
Sitting somewhere between the various strands of opposition–between broader human rights concerns or specific ones over a ‘Chinese-style social credit system’–is a related but mundane economic focus. What the government has not told the public yet is that digital credentials will build rich data sets that can be tracked–and monetised–over a ‘life long learning’ process.
That is, an individual’s behaviour, aspirations and achievements can be converted into metrics which open the door to ongoing revenue for corporations and behavioural insights for governments.
‘Accredible’, the ‘industry-leading full service digital credentialing solution’ (market value of $44 million in 2020) articulates the advantages from a corporate point of view:
‘Digital credentials open avenues to additional revenue, create access to new markets, provide additional marketing and distribution channels and improve internal efficiencies’.
Broad human rights concerns aside for a moment, we are entitled to ask how ‘market access’ and ‘additional revenue’ square up with the Ministers’ focus on convenience and use for the individual. Moreover, if digital credentials are a source of ongoing revenue they can also be defined as economic assets. Lots of identities together might even form a new asset class.
Where and what would be the market? Who would be the asset and who the investor?
_______________________________________________________________________
Who
The current version of digital identity has been in use in Australia for quite a few years now. Hotel bookings, postal deliveries, travel, banking and welfare and now shopping–the list of participating goods and services is growing exponentially. It’s just the way things are.
Or so they say.
Take, for example, the government ‘s Trusted Digital Identity Framework–a product of eight years of collaboration between five different departments that cost over $650 million. It details the key mechanisms and strategies for implementing the current national government digital ID system–many of which will undoubtedly remain in the next iteration.
Have a look at its 149- pages of legislative draft of oversight, accreditation, assurances and guarantees. If we contemplate the various administrative schema and technical diagrams, it is not hard to appreciate just how much trouble was taken to organise the way things are–and to see the importance placed on trust.
So far, at least one third of Australians have been able to put this trust to the test.
Of the six million subscribers to myGovID late last year, less than 60,000 actually used it – this after it was set up to provide convenient access to 80 services including such as Tax and Welfare. MyOptus, in contrast, reported in March this year that ten percent of its six million or so subscribers signed up for the digital identity service provided by Mastercard. Auspost claims to perform three million identity verifications per year.
The extremely naïve among us may need to be reminded that here increased trust has not been a question of greater human kindness but of a greater frequency of use in verified commercial activities.
Presumably, this frequency of use increases for those more strategic services such EFTPOS’ ConnectID–which is connected to BPAY and the Big Four banks–and MastercardID. Both entities are not only members of TDIF but of the private TrustID framework. Set up by the RBA and Australian Payments Network, TrustID includes some of the most powerful financial institutions in the country.
And this dynamic will continue–irrespective of legislative change–as these institutions start to use more recent online financial instruments such as open banking or NPP (‘fast payments’)or social impact investing. There may even come a day when global players such as JP Morgan, Chase Manhattan Bank or Bank of China will participate directly in the new digital identity system .
It’s a long way from Services Australia and being able to buy grog at 3.00 am in Maroochydore or checking welfare payments while in Wonthaggi. But, in the national digital identity system we have, one person’s service is another’s (ongoing) access to commercially valuable data.
The new national digital identity system will have to service groups and interests that are on a very different if not separate footing. How this might be done might well involve national security agencies and elastic definitions of law .
_______________________________________________________________________
How
Home Affairs may have a special role in providing your national digital identity. Earlier this year, Finance Minister Katy Gallagher alluded to the role of digital credentials in the upcoming system and at yesterday’s Government Services summit declared “that the technology was largely ready to get a national system running once legislation was in place”.
Under the previous government, the technology to provide facial images for these credentials would have come in the form of the National Drivers Licence Facial Recognition Solution (NDLFRS), in which various Australian States were to make copies of their drivers’ licences and submit them to a national database.
Although rejected in 2019 by a Joint Parliamentary committee, the government has updated the status of the plan as ‘consulting’ as recently as June this year. New infrastructure to store the NDLFRS was also deployed in February, 2022.
Currently, access to verified government documents, both biometric and non-biometric, falls within the remit of the Home Affairs’ Identity Matching Services (IDMS)–which has not participated in the TDIF and does not seem to be up for legislative review. The agency itself accesses drivers’ licences from the Austroad’s NEVDIS site.
Officially, IDMS states that only government agencies may access its Facial Verification Service or Facial Identification Service but adds that this may change in the future– ‘access may be made available to local government and private sector organisations in the future, but only with a person’s consent’.
References to the NDLFRS are still very much in the present and active case on the Agency’s website:
As most Australians know, all States are being introduced to digital drivers’ licences. The Identity Matching Service sees it this way:
Fears over the deployment of a centralised biometric database may well be exaggerated and what goes on in the Home Affairs blackbox is anybody’s guess.
But then again, a centralised database would act as a honey pot to draw the private sector into ‘interoperability’ with the public sector–a real productivity driver.
And as big players duked it out for control of our data, the government would have a last remaining instrument of leverage. Where would this battle take place?
_______________________________________________________________________
Where
Renewed attempts in Australia at creating a digital identity system also make a lot of sense within a global context. Due to scant discussion in the mainstream media, it seems a weird connection to make– part of a long-standing tradition in which we think it’s all got nothing to do with us.
It is a matter of objective fact, however, that Australia participates in some of the most powerful financial institutions in the world–such as the Bank of International Settlements, the United Nations and its affiliates the IMF and World Bank–and that these same institutions are driving towards a full reconfiguration of the international financial system.
Specific objectives of this drive seem exceedingly removed from local realities in Australia. Yet, concepts such as Central Bank Digital Currencies , open banking and tokenisation are at the centre of a series of international pilot programmes, policy papers and working groups–and all of them demand fully interoperable national digital identity systems.
Which runs in complete contradiction to the unremitting and enormously funded programmes from the highest levels who would have us believe the drive for digital identity around the world comes from the ground up.
For the World Bank ID4D working group, for example, the global uptake of digital identity is a fundamental matter of development–one driven by great humanitarian need in which up to one billion people require safe and convenient access to financial services.
And while the World Bank itself has a globally integrated strategy–spending over $1.2 billion USD for 45 countries in 2019–well-funded publicity campaigns echo across the private sector at all all levels.
ID4D, itself funded by a raft of private and public organisations, sees global digital identity as part of a critical infrastructure that will be ‘public but not public owned’
Who then will administer our digital identities?
Vice President of Digital Identity at Mastercard, Sarah Clarke, thinks the government and corporation can share roles, according to context:
“In most countries, the concept of a public-private partnership can really help accelerate this utility to the commercial market, because not all governments are necessarily equipped to be taking all of it on. I think that in some markets, citizens just don’t like the model .
So depending on what part of the world you’re in, the fear of government overreaching and tracking everything you do–even if that’s not true–makes it very, very hard for that [the introduction of digital ID] to be realistic. So strong public-private partnerships to help build this ecosystem tend to be a good model in a lot of places.”
How this plays out on the ground can be seen in the roll-out of Mastercard’s Farm Pass ID, a system that positions the company as a ‘commodity broker’ to the global poor and is on track to enrol 30 million people worldwide, including 15 million in the Asia Pacific region and Africa (including countries such as Egypt, South Africa, Namibia, Botswana, Guinea, Mozambique, Nigeria, Uganda, Zambia and Madagascar).
For Ivy Tsang, Tech Innovation Fellow from the University of California, these countries “are advancing into digital identities before building effective legal frameworks around data privacy.” Further evidence of the harms this can cause only have to look tremendous chaos and suffering endured by Indians under the Aadhaar system – as documented by Rita Banerji in her article last month for Umbrella.
Where does Australia’s new digital identity program sit within this larger picture of financial inclusion and global rollouts? Sarah Clark regards Australia as one of a range of “beachhead geographies”.
Maybe the Mastercard-NSW Services pilot programme was the equivalent of the landing of a digital Captain Cook and friends. Why should we welcome them?
_______________________________________________________________________
Why
In Australia, as elsewhere, discussions of human rights implications of digital identity systems are somewhat post-facto. Which does not in any way mean they should not be held.
In an official audit of the TDIF, David Thody, wrote:
“The use of digital identity and limited facial verification is accelerating without any dedicated legal safeguards or governance framework in place, leaving Australians vulnerable to security, privacy and other human rights violations. Establishing these legislative foundations, supported by a robust and effective governance and accountability framework, is now urgent.”
Angus Murray, Vice President of the Queensland Council of Civil Liberties is more specific as to the risks involved:
“I think Australians need to understand how and why they’re bargaining away their identity with Australian Governments,” he says. “I say governments because successive governments will have access to this same information. I don’t think the benefits and the potential risks have been clearly communicated to the general public.”
Murray gives Robodebt as an example of how far governments can fall short of the guarantees they give to the public:
“Robodebt was sold to the Australian community as being budget-saving and a more efficient way of dealing with welfare. Instead, it was a catastrophic failure that caused severe harm, including the loss of human life.“
Government claims that information would be used properly and assurances that ‘you can trust government’ proved to be baseless and show that TDIF “is founded on the basis of a trust that’s not been earned.”
Michelle Falstein, Assistant Secretary of NSW CCL, similarly finds that the system suffers from an unacceptable lack of enforceable definition:
“We need to have a lot of safeguards about the personal information that will be held. You may require it for most services. As there may be no alternatives, the notion of voluntary access will become meaningless. Furthermore, although the identity exchange doesn’t hold or store information, data will be passed on to private organisations that will keep it for seven years and we don’t know how safe these third parties are going to be.”
Neither does she see a need for information to be controlled by a centralised government body: “ there are ways we can control our own data and provide our own ID. It’s not necessary to have this government-created digital ID system at all.”
For Mr.Murray, human rights issues raised by the digital identity system find their most important expression in the current review, conducted by Parliamentary Joint Committee on Human Rights, of the Inquiry into Australia’s Human Rights Framework.
This review, Murray says:
“raises the question of whether Australia should introduce a human rights framework in a legislative sense rather than just in principle-based compliance, which is a very fuzzy and weak form.
In short, what is clearly long overdue in Australia is either a constitutional amendment that defines and guarantees human rights or a charter of human rights. At present it has neither. When they are not defined or protected, digital ID legislation that puts human rights at risk would seem premature at least.”
End
A new national digital identity system is being unrolled in Australia that proposes to make fundamental changes to the way we live.
While there are undoubtedly valid claims of convenience and ease for users, we have seen how these changes will have significant implications for our human rights.
Further debate is required over how our digital identities are made and, more importantly, to what extent controlled access to goods and services provides protection or is an end in itself.
Currently, the terms of this debate are being determined by consortiums of private organisations, institutions and governments at all levels– including the global–of society.
It may be that the ‘assetisation’ of digital identity amounts to nothing. Or that providing digital credentials through an interoperable and national data exchange system will somehow avoid using a centralised database. Perhaps such things are more due to populist fear and transient politicking than sinister intention.
But it is up to the government to demonstrate in the clearest terms possible that such fears are unjustified. The absence of such a guarantee would only confirm the suspicion–and then where would that leave us?
