Digital Transformation Agency Australia |
Digital Transformation Agency Australia: Australia and Digital Identity
The world is changing quickly, it’s becoming smaller and bigger at the same time, with the importance of safe, simple and secure digital services never more important.
Using biometrics as a default means to access services would have been unthinkable only a few years ago but with technological advances and social adoption, it is now second nature to verify a transaction with a tap of a finger.
People are engaging online at unprecedented rates, accelerated by the COVID-19 pandemic—even for activities like telehealth and remote employee onboarding. At the heart of these traditional in-person services is identity, needing a way to securely prove who you are online.
The shift to online has brought communities closer together while opening up a whole new world of risk and reward for us to navigate. Including privacy concerns, the need for businesses to keep up, as well as new opportunities engage, transact, and grow our economy.
Governments and the private sector need to focus on how identity is perceived, it’s critical to build trust in the technology, ensure consumers are protected, and have strong policies that set the foundation for change.
Digital Identity underpins the Australian government’s Digital Economy Strategy that will allow Australian businesses, and in particular small business, to capitalise on the opportunities that digital technologies are creating, enabling them to grow and create jobs as part of Australia’s economic recovery following the COVID-19 Pandemic.
Following an inquiry into the financial sector in 2014, the Australian Government took the first steps towards a national approach to digital identity to support our country’s economic growth.
The objective was to develop a national federated Digital Identity Framework, which would guide the development of a world class solution that could improve digital transactions across Government and the broader economy. To achieve this, we looked at international best practise and consulted extensively on the policy underpinning the Australian Government’s Digital Identity System (the System).
Our guiding principles are privacy by design, putting the user first and taking an iterative approach in everything we do to make sure Digital Identity not only meets but exceeds community expectations.
Putting people first, we also need to consider and ensure that in-person services remain for those in our community who can’t or don’t have access to engage online. Inclusive system design is crucial to support as many people as possible to access online services with a digital identity.
Central to our System is the Trusted Digital Identity Framework or TDIF. It sets the standards, rules and guidelines for usability, accessibility, privacy protection, security, risk management, fraud control for Digital Identity providers. Anyone who participates in the System must meet these strict requirements.
The high standards set out in the TDIF allow for a true whole-of-economy digital identity system where people can have complete trust that their security and privacy is protected when using the System to access services.
This is especially crucial when they’re asked for their biometric information.
When we talk about biometrics in the context of our System, we refer to the method of access and face verification for remote onboarding. “Biometrics” refers to a full breadth of measures to verify someone’s identity and it can be a confronting concept. It’s important to understand that with Digital Identity we’re simply verifying that the photo taken by a person on the end of the phone (or device) matches their photo ID. In the future, this may extend to other biometrics to suit the appropriate use case.
Face verification is only required for people to access higher risk or higher value transactions—like those that currently require you to prove your identity in person at a government shopfront or service centre.
The key privacy features we’ve implemented for Digital Identity face verification and use of biometrics are express consent, one-to-one matching only, no central data base for storing images, and images are not shared across the System.
This means that any data that is required to prove your identity will need your express consent before it’s shared. This is a principle that applies to the whole System.
Face verification is only used for ‘one-to-one’ matching. This means the System matches a photo you take of yourself with a photo you have provided as part of your identity verification. This very important security and privacy principle ensures the System only collects the information needed to establish and maintain a digital identity.
This is an important distinction from ‘one-to-many’ matching which matches a person’s face against many images stored in an identity database and then adds that photo to the database.
And there is no central database where data will be stored for the System. Once a person’s photo has been used for its consented purposes—including where you’ve consented to it being used for quality assurance testing and fraud detection—it will be deleted.
It’s important that we ensure this system is secure and as robust as possible. We’re working to enshrine these principles, the TDIF requirements, and strict security and privacy standards including protections around the use of biometrics in legislation, giving the Australians trust and confidence in Digital Identity.
Privacy is important to Australians, and to us, and we need a digital identity system that Australians can trust. A consent-based, regulated system will support people to do their business, big and small, online without compromising their security or their privacy.
Australia already performs well in government service delivery relative to other countries—ranking second for E-Government in the IMD’s 2019 Digital Competitiveness and fifth in the UN’s 2020 E-Government Survey. But there is more to do. Our goal is to provide safe, secure and convenient government services online. The Australian Government Digital Identity System will change the way that Australians and Australian businesses engage with the government services they need, and with each other, online.
Australian Digital Transformation Agency
Jonathon Thorpe
Jonathon.thorpe@dta.gov.au
Director, Biometrics Institute
Applications and use cases | Privacy and policy | Research and development | Technology innovation