Australia’s new digital ID scheme falls short of global privacy standards. Here’s how it can be fixed

0
86
Australia’s new digital ID scheme falls short of global privacy standards. Here’s how it can be fixed


Credit: AI-generated image

Australia’s new digital ID system promises to transform the way we live. All of our key documents, such as driver’s licenses and Medicare cards, will be in a single digital wallet, making it easier for us to access a range of services.

The federal government is still developing the system, with a pilot expected to run next year. Known as the “Trust Exchange,” it is part of the Trusted Digital Identity Framework, which is designed to securely verify people’s identities using digital tokens.

Earlier this year, in a speech to the National Press Club in Canberra, Federal Minister for Government Services Bill Shorten, called the new digital ID system “world leading.” However, it has several privacy issues, especially when compared to international standards like those in the European Union.

So how can it be fixed?

What is Trust Exchange?

Trust Exchange—or TEx—is designed to simplify how we prove who we are online. It will work alongside the myID (formerly myGovID) platform, where Australians can store and manage their digital ID documents.

The platform is intended to be both secure and convenient. Users would be able to access services ranging from banking to applying for without juggling paperwork.

Think of the system as a way to prove your identity and share personal information such as your age, visa status or license number—without handing over any physical documents or revealing too much personal information.

For example, instead of showing your full driver’s license to enter a licensed premises, you can use a digital token that confirms, “Yes, this person is over 18.”

But what will happen to all that behind the scenes?

Falling short of global standards

The World Wide Web Consortium sets global standards around digital identity management. These standards ensure people only share the minimum required information and retain control over their digital identities without relying on centralized bodies.

The European Union’s digital identity system regulation builds on these standards. It creates a secure, privacy-centric digital identity framework across its member states. It is decentralized, giving users full control over their credentials.

In its proposed form, however, Australia’s digital ID system falls short of these global standards in several key ways.

First, it is a centralized system. Everything will be monitored, managed and stored by a single government agency. This will make it more vulnerable to breaches and diminishes users’ control over their digital identities.

Second, the system does not align with the World Wide Web Consortium’s verifiable credentials standards. These standards are meant to give users full control to selectively disclose personal attributes, such as proof of age, revealing only the minimum personal information needed to access a service.

As a result, the system increases the likelihood of over-disclosure of .

Third, global standards emphasize preventing what’s known as “linkability”. This means users’ interactions with different services remain distinct, and their data isn’t aggregated across multiple platforms.

But the token-based system behind Australia’s digital ID system creates the risk that different service providers could track users across services and potentially profile their behaviors. By comparison, the EU’s system has explicit safeguards to prevent this kind of tracking—unless explicitly authorized by the user.

Finally, Australia’s framework lacks the stringent rules found in the EU which require explicit consent for collecting and processing biometric data, including facial recognition and fingerprint data.

Filling the gaps

It is crucial the federal government addresses these issues to ensure its digital ID system is successful. Our award-winning research offers a path forward.

The digital ID system should simplify the verification process by automating the selection of an optimal, varied set of credentials for each verification.

This will reduce the risk of user profiling, by preventing a single credential from being overly associated with a particular service. It will also reduce the risk of a person being “singled out” if they are using an obscure credential, such as an overseas drivers license.

Importantly, it will make the system easier to use.

The system should also be decentralized, similar to the EU’s, giving users control over their digital identities. This reduces the risk of centralized data breaches. It also ensures users are not reliant on a single government agency to manage their credentials.

Australia’s digital ID system is a step in the right direction, offering greater convenience and security for everyday transactions. However, the government must address the gaps in its current framework to ensure this system also balances Australians’ privacy and security.

Provided by
The Conversation


This article is republished from The Conversation under a Creative Commons license. Read the original article.The Conversation

Citation:
Australia’s new digital ID scheme falls short of global privacy standards. Here’s how it can be fixed (2024, October 30)
retrieved 30 October 2024
from https://techxplore.com/news/2024-10-australia-digital-id-scheme-falls.html

This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.





Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here