The concept of Digital ID is not a new one, in Australia,1 or globally,2 but it is likely that Australians will be hearing more about it in coming months as the Government debates proposed new laws for a Digital ID framework.
Research from NAB shows 1 in 2 (46%) Australians overall said they were “very likely” (14%) or “likely” (32%) to sign up for a bank verified digital ID. Around 4 in 10 (38%) however were undecided, while 15% were “unlikely (7%) or “very unlikely” (8%) to do so.
While this research is encouraging, there is work to do to demystify some of the key concepts underpinning Digital ID systems and the developments happening in this space in Australia and internationally.
What is Digital ID?
Australia’s proposed Digital ID Bill defines a digital ID of an individual as a ‘distinct electronic representation of the individual that enables the individual to be sufficiently distinguished when interacting online with services.’3 Whilst this definition is helpful, it does not necessarily tell the whole story about Digital ID and its potential privacy benefits.
Did you know that Digital ID could also assist to minimise the collection and sharing of your data?
Another way to think about Digital ID is an electronic record comprising a collection of ‘attributes’ or ‘credentials’ about an individual or an entity, which can be selectively disclosed to minimise data sharing. These credentials are designed to be cryptographically secure and tamper proof, ensuring the information can be trusted by parties that need proof of identification. In the case of a private sector identity service provider, such as NAB, these attributes are typically maintained as part of an existing customer record held (and therefore do not create a new collection or store of data). This could help in situations including proof of age.
Digital ID in practice
To be able to purchase certain goods or services online, individuals may be asked to prove that they are over 18 years of age. Without a Digital ID solution in place, the current method used by many companies is to collect copies of an individual’s drivers’ licence, or passport. These identification documents contain troves of personal data, which in most cases the organisation does not need to collect. By over-collecting personal data, there’s an increased cyber risk to companies, and identity theft and fraud risks to individuals.
One promise and potential for Digital ID technology, therefore, is to minimise unnecessary data collection and sharing. By using digital ID, we can reduce the cyber and privacy risks to companies and individuals alike.
With Digital ID in place, a company could validate that an individual is over 18 years’ old without having to collect and store identification documents.
The road ahead
In the context of rising online fraud and scams, there is a sense of urgency to find a solution to mitigate the risks of identity theft associated with over sharing of personal data throughout the economy and Digital ID is a key pillar of the Government’s cyber resilience strategy.4
Of course, implementing Digital ID in and of itself will not be a magic bullet. A ‘culture shift’ is necessary. This shift is needed to change attitudes and behaviours associated with over-collection, over-sharing, and over-retention of personal information. To be successful, the change needs to be backed by clear and strong regulation and enforcement.
It’s also important to note that Digital ID systems are not risk free and there is widespread recognition from across public and private sector and civil society groups that Digital ID systems must be underpinned by principles of:
- genuine voluntariness
- choice; and
- inclusivity.
Implementing Digital ID in Australia is a collaborative effort between government, the private sector and community led organisations, each playing a key role in ensuring the Digital ID framework and infrastructure is resilient, meets community needs and is fit for purpose.