Ministers from Australia’s federal government have agreed to a deal with their state and territory counterparts to include digital credentials in the new national digital identity system, reports the Australian Financial Review.
The agreement paves the way for driver’s licenses and occupational credentials to be recognized across the country, and to store their credentials in a digital wallet, all based on international standards.
“The move to bring identity and credentials together is world leading,” NSW Digital Minister Victor Dominello told AFR Weekend. He credits federal finance minister Katy Gallagher for bringing the sides together.
Gallagher said that while the states wanted digital credentials to be included in the scheme, it is also important for those who chose not to participate to have an alternative method of sharing their credentials available.
The new digital identity scheme is expected to make it easier for businesses to verify customer identities without collecting excess personal information.
The federal government is expected to introduce legislation on the scheme by the end of 2023.
“There is a lot more work to be done and plenty of consultations to undertake, but we understand that as we increasingly rely on digital technology as part of our everyday lives, the government has a responsibility to ensure we can offer a digital ID system that is voluntary, efficient and meets people’s needs and most importantly offers the highest security for their personal information,” Senator Gallagher told AFR for a report in the run-up to the meeting with states and territories.
Australian Payments Plus Connect ID Managing Director Andrew Black emphasized the importance of consumers being able to chose between public and private-sector provided tools. Mastercard, which has also been piloting its digital identity verification service in Australia, also expressed support for the proposed system.
Digital identity system vulnerable
Services Australia says it has found several vulnerabilities, one of them “high-risk,” with the identity exchange it operates for the government.
iTnews reports that the Office of the Australian Information Commissioner disclosed the findings after beginning an assessment in February, 2022.
Among the issues identified are the lack of penetration tests and mandated annual assessments. Service Australia now has a ‘pentest’ planned for the first quarter of 2023, and its privacy policy has been updated since the assessment was concluded. Four “medium” privacy risks were identified, and five recommendations made.
In light of multiple recent high-profile hacks in Australia, and the amount of sensitive data being digitized, the government is also planning to upgrade public sector cybersecurity programs, reports The West Australian.