State and territory governments have agreed, with the Commonwealth, to increase their use of biometrics for identification in a bid to make the federated ID scheme more resilient to fraud and identity theft.
Identification services are spread across the states and territories, that are in charge of driver licences and birth certificates, and the Commonwealth that controls passports.
This dispersed system means any weakness – or delay in updating information – in one segment can be exploited by the others, according to the newly-released National Strategy for Identity Resilience.
“We want Australians’ identities to be hard to steal and, if stolen, easy to restore,” Finance Minister Katy Gallagher and Home Affairs Minister Clare O’Neil said in a joint statement.
“Recent cyber incidents have demonstrated that there is more work to be done when it comes to protecting Australians and their identities.
“Each year, identity crime impacts around one in 20 people, with an estimated cost in 2018-19 of $3.1 billion. Initiatives like Digital ID can protect people and their personal data from identity crime and misuse.”
Last year’s major Optus and Medibank data breaches made a compelling case for improving identification across the country. Millions of people suddenly found their passport or driver licence numbers had been exposed, leading to a flood of applications to renew their ID documents.
The need to get different ID services working together during those attacks were cited during last week’s announcement that Australia was getting a National Cyber Security Coordinator, Air Marshal Darren Goldie.
What have the states and territories agreed to with the Commonwealth?
For starters, there’s a set of 10 principles about how ID services ought to operate across the country.
This includes agreeing to a seamless Digital ID that will work for various verification services, reducing the need to share sensitive information like passport numbers with financial companies, for example.
Other principles involve inclusivity (giving people the option not to use digital IDs), allowing for clear data sharing arrangements, and letting people update information (like a change of address) easily across government agencies.
Greater use of biometric data is also something the states, territories, and Commonwealth agreed to, saying that “where appropriate, and with an individual’s consent, Australian governments will use biometrics to make it harder for criminals to misuse identity credentials”.
Along with the principles, the government representatives agreed on a series of initiatives to bolster identity services.
Within the next 12 months, there will be an update of the National Identity Proofing Guidelines along with some more education and awareness programs.
Over the medium term (one to three years), the federal government will improve on its recently implemented Credential Protection Register that flags exposed documents (like driver licences and passports) so they can’t be used for verification.
It will also build out a mobile phone trust score system to mitigate the use of mobile phone verifications for fraud.
Longer term, the ID strategy aims to reissue digital credentials through digital wallets, as NSW has already done with digital tradesperson credentials linked to the Service NSW app.
There are also plans to implement a ‘no wrong doors’ approach to remediation that will ideally let people fully recover their identity and credentials by interacting with any government agency whether it be Commonwealth or state and territory.