Australia's new digital ID scheme falls short of global privacy standards. Here's how it can be fixed

The federal government is still developing the system, with a pilot expected to run next year. Known as the “Trust Exchange”, it is part of the Trusted Digital Identity Framework, which is designed to securely verify people’s identities using digital tokens.

Australia’s federal government is developing a new digital ID system, known as the “Trust Exchange”, which is designed to simplify the way we prove our identities online. The system will work alongside the myID platform, where Australians can store and manage their digital ID documents.

The Trust Exchange is part of the Trusted Digital Identity Framework, which is being developed by the federal government to securely verify people’s identities using digital tokens. The tokens will contain a person’s key digital identity documents, such as their driver’s licence and Medicare card.

When a person wants to access a service, such as banking or applying for a government service, they will be able to use a digital token to prove their identity and share personal information, such as their age, visa status or licence number — without handing over any physical documents or revealing too much personal information.

For example, instead of showing a full driver’s licence to enter a licensed premises, a person will be able to use a digital token that confirms, “Yes, this person is over 18”.

The system is designed to be both secure and convenient. However, it has several privacy issues, especially when compared to international standards like those in the European Union.

The World Wide Web Consortium sets global standards around digital identity management. These standards ensure people only share the minimum required information and retain control over their digital identities without relying on centralised bodies.

The European Union’s digital identity system regulation builds on these standards. It creates a secure, privacy-centric digital identity framework across its member states. It is decentralised, giving users full control over their credentials.

In its proposed form, however, Australia’s digital ID system falls short of these global standards in several key ways.

First, it is a centralised system. Everything will be monitored, managed and stored by a single government agency. This will make it more vulnerable to breaches and diminishes users’ control over their digital identities.

Second, the system does not align with the World Wide Web Consortium’s verifiable credentials standards. These standards are meant to give users full control to selectively disclose personal attributes, such as proof of age, revealing only the minimum personal information needed to access a service.

As a result, the system increases the likelihood of over-disclosure of personal information.

Third, global standards emphasise preventing what’s known as “linkability”. This means users’ interactions with different services remain distinct, and their data isn’t aggregated across multiple platforms.

But the token-based system behind Australia’s digital ID system creates the risk that different service providers could track users across services and potentially profile their behaviours. By comparison, the EU’s system has explicit safeguards to prevent this kind of tracking – unless explicitly authorised by the user.

Finally, Australia’s framework lacks the stringent rules found in the EU which require explicit consent for collecting and processing biometric data, including facial recognition and fingerprint data.

It is crucial the federal government addresses these issues to ensure its digital ID system is successful. Our award-winning research offers a path forward.

The digital ID system should simplify the verification process by automating the selection of an optimal, varied set of credentials for each verification.

This will reduce the risk of user profiling, by preventing a single credential from being overly associated with a particular service. It will also reduce the risk of a person being “singled out” if they are using an obscure credential, such as an overseas drivers licence.

Importantly, it will make the system easier to use.

The system should also be decentralised, similar to the EU’s, giving users control over their digital identities. This reduces the risk of centralised data breaches. It also ensures users are not reliant on a single government agency to manage their credentials.

Australia’s digital ID system is a step in the right direction, offering greater convenience and security for everyday transactions. However, the government must address the gaps in its current framework to ensure this system also balances Australians’ privacy and security.

The above is the detailed content of Australia's new digital ID scheme falls short of global privacy standards. Here's how it can be fixed. For more information, please follow other related articles on the PHP Chinese website!