In late January of this year, news bulletins included details about the just released user audit report into myGov: “the government’s front door for digital services and support”, or put more plainly, a digital platform that currently links users to fifteen government services, including Medicare and Centrelink.
“myGov is critical national infrastructure” was the key takeaway, which was reiterated throughout the media, along with the ever-increasing use of myGov warranting greater investment to improve it in terms of expanding available services and making them less fragmented online.
But what wasn’t so front and centre was a report recommendation calling for the acceleration of the “development of Australia’s national digital identity ecosystem”, and that this online scheme, which will involve biometric facial recognition technology, should perhaps be integrated into myGov.
That the proposal to link critical infrastructure that a growing number of us are using to an ID system played a less prominent role in the audit announcements was likely calculated, as, ever since the 1980s Australia Card fiasco, citizens have consistently rejected all-encompassing identity schemes.
And less than a month after the report release, a meeting of the nation’s data and digital ministers produced a 24th February communique that asserts an agreement had been made to develop a “voluntary” national digital ID system, which will eventually link to the entire economy.
Everything old is new again
“Government should prioritise digital identity as the primary way to sign into government digital services,” reads the inquiry report. “Government needs to urgently legislate for the digital identity framework and the safe use of one-to-one facial biometric matching.”
Prior to the meeting of digital ministers, Australian finance minister Katy Gallagher told the press that she wants to see legislation to facilitate the digital ID scheme tabled this spring. And the audit report emphasises that the scheme will incorporate both the public and private economic spheres.
Such legislation will likely receive bipartisan support as the online ID is the want of both major parties, with the Coalition having initiated the Digital Identity System in 2015, which, today, identifies users to departments using identification created and stored via the myGovID app.
The Morrison government released an exposure draft of its Trusted Digital Identity Bill 2021, but it was never progressed. And on the Digital Identity System site where this draft legislation can still be accessed, a page already exists for the current government’s draft bill to appear later this year.
The Coalition’s 2021 legislative proposal made clear that the national digital ID scheme it envisioned was “a whole-of-economy solution that connects local, state, territory, and private sector services, making a range of activities easier for individuals and businesses”.
“Expanding the system beyond Australian government services will increase the benefits across the entire digital economy,” the draft proposal continues, “providing significant economic opportunities and supporting national recovery into the future.”
Digital Australia Card
The Morrison government launched the myGovID app in October 2019. It allows users to set up a digital ID to identify themselves to departments and utilises biometric facial recognition technology, which is matched and verified against government-stored passport photos.
The January audit report, which was carried out by former Telstra boss David Thodey and a panel of experts, suggests either merging the front ends of the myGovID and myGov apps, or simply rebranding a consolidated system under myGovID.
myGovID can be utilised by individuals and businesses to prove who they are online, and it provides three identity strengths: basic, standard and strong. So, the more personal information a user loads onto the system, the stronger an ID becomes, which, in turn, leads to greater access.
So far, a myGovID is required for businesses to access online services, Access Manager, Australian Business Registry Services, the Australian Business Register, ABR Explorer and to apply for a departing Australia superannuation payment.
In spruiking the system, both the Thodey report and minister Gallagher have raised last year’s huge Optus and MediBank data breaches as key reasons why the digital ID scheme is necessitated.
However, having a centralised system storing key information about most of the constituency seems like the perfect target for hackers.
Voluntary fast becomes mandatory
“Schemes are always trumpeted as being voluntary at the beginning and are always designed on the assumption that they will become mandatory soon afterwards,” UNSW Visiting Law Professor Dr Roger Clarke explained recently. “In the private sector, this technique is called ‘bait-and-switch’.”
However, Sydney Criminal Lawyers is aware that at least one Australian workplace has suggested its employees might all be required to obtain a myGovID, as a new part of their roles will require them to personally enter information onto a digital platform accessed via the identity system.
And if one business is contemplating mandatory myGovID use, then others are likely doing the same.
Indeed, the Thodey report recommends incentivising government departments to use the digital identification system, and if the scheme is rolled out in a whole-of-economy manner, then its likely businesses will be encouraged to move onto it as well.
Such a scenario would lend itself to businesses then requiring employees to possess a myGovID, whilst such staff may not be aware they’re creating a digital ID that has much greater and ongoing implications for them, especially as many will simply consider myGovID is the same as myGov.
All-encompassing ID databases not only entice hackers, but they’re also open to the abuses of government, as has been seen with the metadata retention regime and state police systems, as unauthorised employees and departments have accessed information on these databases.
A national digital identification system that is used to access services could also be employed in a punitive way by governments in order to punish users for breaches, via such penalties as denial of services or funds.
And a further concern involves former NSW customer services minister Victor Dominello, who, as he was leaving government in March, was already on the way to establishing a state digital ID scheme based on NSW driver licences, which he envisaged could then be linked to the national system.
Yet, a system that integrates all state, territory and federal citizen identification photos to be used was a key component of the Coalition’s scheme to set up an exchange hub that could match ID images from these databases with stills from CCTV cameras in real time for investigative purposes.
The clear danger with the Dominello proposal is that once all these photo ID databases are linked, the facial biometric identification system, known as the Capability, would be half established by that point.
Clarke said that despite the intentions of government to impose a nationwide digital ID system, he’s not concerned it will come to fruition, as after years of campaigning, he has a lot of confidence in the citizenry knocking back the proposal, as it’s done with “each iteration of the Australia Card scheme”.
NSW Council for Civil Liberties (NSWCCL) assistant secretary Michelle Falstein expressed similar sentiment last month, whilst also setting out her privacy concerns about schemes like the digital ID, which bolster the centralised authority of government.
“I don’t think it’s a given,” Falstein said, in relation to a national digital ID scheme being rolled out. “When you look at the history of the Australia Card, that was also quiet at first and didn’t have full support in both houses, but it wasn’t something people were aware of.”
“However, it then became extremely unpopular when attention was drawn to the consequences and alternatives that existed,” the civil liberties advocate added. “So, it’s a matter of people acting diligently and paying attention to what this means to their autonomy and their privacy.”