Australia’s new digital identity plan falls short of global privacy standards. Here’s how to fix it

Australia’s new digital identity system promises to transform the way we live. All our important documents, such as driver’s licenses and Medicare cards, will be in one digital wallet, making it easier for us to access various services.

The federal government is still developing the system in a pilot expected to run next year. This is known as the “Trust Exchange”. Trusted Digital Identity FrameworkIt is designed to securely verify people’s identities using digital tokens.

Earlier this year, in a conversation Speaking to the National Press Club in Canberra, Federal Government Services Minister Bill Shorten described the new digital identity system as “world-leading”. But there are a few privacy issuesespecially when compared to international standards such as those in the European Union.

So how can it be fixed?

What is Trust Change?

Trust Exchange or TEx is designed to simplify the way we prove who we are online. Will work with myID (formerly myGovIDThe platform where Australians can store and manage their digital identity documents.

The platform is intended to be both safe and useful. Users will be able to access a variety of services, from banking to applying government services without dealing with paperwork.

Think of the system as a way to prove your identity and share personal information like your age, visa status or license number without providing any physical documentation or revealing too much personal information.

For example, instead of showing your full driver’s license when entering a licensed premises, you can use a digital token that confirms “Yes, this person is over 18.”

But what will happen to all this? sensitive data behind the scenes?

Falling behind global standards

World Wide Web Consortium It sets global standards in digital identity management. These standards ensure that people share only the minimum necessary information and maintain control over their digital identities without relying on central institutions.

The European Union’s digital identity system The regulation is built on these standards. It creates a secure, privacy-focused digital identity framework across its member states. It is decentralized and gives users full control over their credentials.

But Australia’s digital identity system, as proposed, falls short of these global standards in many important respects.

First of all, it is a central system. Everything will be monitored, managed and stored by a single government agency. This will make it more vulnerable to breaches and reduce users’ control over their digital identities.

Second, the system is not compliant with the World Wide Web Consortium’s standards for verifiable credentials. These standards aim to show only the minimum personal information required to access a service, giving users full control over selectively disclosing personal characteristics such as proof of age.

As a result, the system increases the likelihood of over-disclosure of information. personal information.

Third, global standards emphasize preventing what is known as “connectivity”. This means that users’ interactions with different services remain distinct and their data is not collected across multiple platforms.

But the token-based system behind Australia’s digital identity system creates the risk that different service providers could track users across services and potentially profile their behaviour. By comparison, the EU’s system has clear security measures to prevent such tracking unless expressly authorized by the user.

Finally, Australia’s framework lacks the strict rules found in the EU that require explicit consent for the collection and processing of biometric data, including facial recognition and fingerprint data.

fill in the blanks

It is critical that the federal government address these issues to ensure the success of the digital identity system. Our award-winning research It offers a way forward.

A digital identity system should simplify the verification process by automating the selection of the most appropriate, diverse set of credentials for each verification.

This will reduce the risk of user profiling by preventing a single credential from being overly associated with a particular service. It will also reduce the risk of a person being “singled out” if they use ambiguous credentials, such as an overseas driver’s license.

More importantly, make the system easier to use.

The system should also be decentralized, similar to that in the EU, and give users control over their digital identities. This reduces the risk of a centralized data breach. It also ensures that users are not dependent on a single government agency to manage their credentials.

Australia’s digital identity system is a step in the right direction, offering greater convenience and security in daily transactions. But the government needs to address gaps in its current framework to ensure this system also balances the privacy and security of Australians.

This article is republished from: Speech It is under Creative Commons license. Read original article.