{"id":76602,"date":"2022-11-17T06:00:17","date_gmt":"2022-11-16T19:00:17","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=76602"},"modified":"2022-11-16T18:39:19","modified_gmt":"2022-11-16T07:39:19","slug":"the-future-of-digital-identity-in-australia","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/","title":{"rendered":"The future of digital identity in Australia"},"content":{"rendered":"<figure><img loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"625\" class=\"alignnone size-full wp-image-76604\" src=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/11\/iStock-1173458630_low-res.jpg\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/11\/iStock-1173458630_low-res.jpg 1000w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/11\/iStock-1173458630_low-res-205x128.jpg 205w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/11\/iStock-1173458630_low-res-768x480.jpg 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><\/figure>\n<p>It seems that hardly a day goes by without news of another Australian organisation being hit by a data breach. While the underlying causes and the actions we need to take to prevent them are many and varied, one question to ask is whether all these organisations need to collect and store all this data.<\/p>\n<p>In the case that started the recent tsunami of breaches, Optus, the company was obliged by legislation to verify the identity of its customers. Certainly, verification is important in preventing and detecting other crimes that might be perpetrated using telecommunications networks, but what if there was a way of doing this without every new customer needing to hand over details of their identity documents, which then have to be verified and stored for audit purposes?<\/p>\n<p>Digital identity systems provide exactly such a solution. A digital identity system enables individuals to prove their verified identity (and potentially other personal details) online. Properly designed, it provides people with the ability to control exactly what is shared with whom, and ensures that only the minimum necessary data is shared.<\/p>\n<p>To its credit, the Albanese government appears to have realised this and plans to revive the proposed \u2018<a href=\"https:\/\/www.digitalidentity.gov.au\/\" target=\"_blank\" rel=\"noopener\">Digital Identity System<\/a>\u2019, which has largely lain dormant since the previous government published draft legislation at the tail end of last year. The concept of digital identity has been around for many years; the first iteration of the government\u2019s \u2018<a href=\"https:\/\/www.digitalidentity.gov.au\/tdif\" target=\"_blank\" rel=\"noopener\">Trusted Digital Identity Framework<\/a>\u2019 was drafted in 2015. Budget data shows that more than $600\u00a0million has been spent since then on the nascent system, yet most people\u2019s interactions with it occur at most once a year, when filing their tax returns. To be an effective tool to facilitate and secure digital transactions, a digital identity system needs to be something that a large number of people use regularly.<\/p>\n<p>Our <a href=\"https:\/\/www.aspistrategist.ru\/report\/future-digital-identity-australia\" target=\"_blank\" rel=\"noopener\">latest research at ASPI<\/a> has shown that there are several barriers that are making state governments, businesses and customers reluctant to join the government\u2019s proposed system. If it doesn\u2019t achieve a critical mass of participants to make it worthwhile for people to engage with it, it will fail. As the federal government moves forward with proposed legislation, it will need to address these barriers in order to build confidence and drive take-up.<\/p>\n<p>Obviously, given recent events, security is a major concern. To supplement the current framework for accrediting organisations using the system, a transparent process needs to be established to allow researchers to report vulnerabilities and for them to be addressed. We also need well-resourced monitoring systems that can quickly detect any illegitimate activity, and robust processes to fix any incidents of stolen identity so that the impact on the people affected is minimised.<\/p>\n<p>Any digital identity system will build on our existing underlying identity systems. The fallout from the Optus data breach has shown some of the limitations of the current patchwork of systems across states and federal government departments. We need common standards and safeguards; otherwise, criminals will find and exploit systemic weaknesses.<\/p>\n<p>Another equally important factor is privacy. Recent cyber breaches have raised public awareness of the data that companies collect and hold. To gain acceptance, we need to ensure that a digital identity system doesn\u2019t have the unwelcome side effect of further enabling the rise of \u2018surveillance capitalism\u2019. We need to avoid a dystopian future where the profiles already built up by Facebook and others are linked to verified personal details, which would make them even more valuable and increase the incentives for intrusiveness. This will require a combination of regulations that govern how data can be used and technical measures that limit the personal data shared with organisations.<\/p>\n<p>Sometimes, the requirements for security and privacy need to be balanced. For example, the system is designed to allow individuals to set up multiple identities. This is intended to preserve privacy\u2014for example, allowing someone to separate their business and personal transactions. However, it raises an obvious question about how to build effective safeguards to detect fraudulent duplication of identities.<\/p>\n<p>Governance arrangements will also need to be addressed. If the federal government effectively owns the system and has decision-making powers over detailed technical standards, this is unlikely to give the states and territories, or commercial organisations, the confidence to make long-term commitments to the system. If all players decide that the only way to have control over the systems is to build their own, such fragmentation would probably be fatal.<\/p>\n<p>A better idea would be to hand over ownership and control of the system to an independent entity governed by representatives from all stakeholders, with the federal government\u2019s role limited to setting the regulatory environment. Examples such as the bank payment system provide a potential model.<\/p>\n<p>Finally, Australia doesn\u2019t operate in a digital vacuum. When developing digital identity systems, we should aim to align as much as possible with international partners. This will not only encourage participation by multinational companies\u2014which will be reluctant to develop bespoke systems for each country\u2014but also could unlock additional benefits in facilitating digital trade.<\/p>\n<p>Digital identity systems offer opportunities to reduce the cyber risks posed by the sharing of personal identity information, and to unlock economic benefits by building trust and reducing friction in the digital economy. The estimated annual microeconomic benefits are $11 billion, which could finally justify the significant costs to date.<\/p>\n<p>However, to be successful, the system needs to reach a critical mass of organisations and users and become part of everyday digital life. The government has an opportunity to reset the approach and focus on the issues that could impede take-up, engaging with stakeholders and making them part of the journey. The time to do this is now.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It seems that hardly a day goes by without news of another Australian organisation being hit by a data breach. While the underlying causes and the actions we need to take to prevent them are &#8230;<\/p>\n","protected":false},"author":979,"featured_media":76604,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[416,2138,1799,750,2362],"class_list":["post-76602","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-australian-government","tag-cybersecurity","tag-data-breach","tag-data-retention","tag-digital-identity"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The future of digital identity in Australia | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The future of digital identity in Australia | The Strategist\" \/>\n<meta property=\"og:description\" content=\"It seems that hardly a day goes by without news of another Australian organisation being hit by a data breach. While the underlying causes and the actions we need to take to prevent them are ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-16T19:00:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-11-16T07:39:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/11\/iStock-1173458630_low-res.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"625\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Rajiv Shah\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rajiv Shah\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/11\/iStock-1173458630_low-res.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/11\/iStock-1173458630_low-res.jpg\",\"width\":1000,\"height\":625,\"caption\":\"Artificial intelligence concept of big data or cyber security. 3D illustration\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/\",\"name\":\"The future of digital identity in Australia | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/#primaryimage\"},\"datePublished\":\"2022-11-16T19:00:17+00:00\",\"dateModified\":\"2022-11-16T07:39:19+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/3def05952f118aabebffcfc7995bc633\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The future of digital identity in Australia\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/3def05952f118aabebffcfc7995bc633\",\"name\":\"Rajiv Shah\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4dd3f3db75e372dfd31d34b9170d0733?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4dd3f3db75e372dfd31d34b9170d0733?s=96&d=mm&r=g\",\"caption\":\"Rajiv Shah\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/rajiv-shah\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The future of digital identity in Australia | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/","og_locale":"en_US","og_type":"article","og_title":"The future of digital identity in Australia | The Strategist","og_description":"It seems that hardly a day goes by without news of another Australian organisation being hit by a data breach. While the underlying causes and the actions we need to take to prevent them are ...","og_url":"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2022-11-16T19:00:17+00:00","article_modified_time":"2022-11-16T07:39:19+00:00","og_image":[{"width":1000,"height":625,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/11\/iStock-1173458630_low-res.jpg","type":"image\/jpeg"}],"author":"Rajiv Shah","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Rajiv Shah","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/11\/iStock-1173458630_low-res.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/11\/iStock-1173458630_low-res.jpg","width":1000,"height":625,"caption":"Artificial intelligence concept of big data or cyber security. 3D illustration"},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/","url":"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/","name":"The future of digital identity in Australia | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/#primaryimage"},"datePublished":"2022-11-16T19:00:17+00:00","dateModified":"2022-11-16T07:39:19+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/3def05952f118aabebffcfc7995bc633"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/the-future-of-digital-identity-in-australia\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"The future of digital identity in Australia"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/3def05952f118aabebffcfc7995bc633","name":"Rajiv Shah","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4dd3f3db75e372dfd31d34b9170d0733?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4dd3f3db75e372dfd31d34b9170d0733?s=96&d=mm&r=g","caption":"Rajiv Shah"},"url":"https:\/\/www.aspistrategist.ru\/author\/rajiv-shah\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/76602"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/979"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=76602"}],"version-history":[{"count":3,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/76602\/revisions"}],"predecessor-version":[{"id":76606,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/76602\/revisions\/76606"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/76604"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=76602"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=76602"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=76602"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}