Biometric identity: Please explain
Digital identity: Who knows where this is going to land in relation to biometrics
A digital identity platform is absolutely essential if the government’s grand vision of streamlined, digital-delivered services is ever to be fully realised. But it needs to be properly explained, and a compelling argument made for its adoption.
The government has yet to grapple with the challenge of convincing the nation about the need for such a digital identity framework underpinned by biometrics.
The outline of the framework was originally slated to be released for discussion on 29th August. Instead the government released the beta version of its Digital Marketplace that day, and has yet to indicate when it will unveil more details about the identity framework, although the Digital Transformation Office’s original plan was to have a beta version out in the market next July.
While the digital identity service is intended to be opt-in, to access the Government’s emerging digital services people will have little alternative but to use it.
It will be a challenging sell to a general public which is still coming to terms with the imposition of meta data collection; with the opacity of the ABS which said it didn’t – then admitted it did – keep name and address data; and the Census debacle which left many ordinary Australians concerned about the Federal Government’s ability to manage and secure their personal data.
The Digital Transformation Office’s head of identity Rachel Dixon is slated to speak at this week’s Sinet 61 security conference. She is on a panel being moderated by her boss, Paul Shetler CEO of the DTO, which will explore “how confidentiality and privacy are maintained across exceptional cyber technologies and processes and how they are enabling trust in a digital society.” Hopefully a little more detail about the framework will emerge.
When Ms Dixon stood in front a roomful of digital identity specialists in Sydney last month, she told them she felt she had a tabula rasa – a blank slate – regarding digital identity.
But the blank slate really was never that blank. Australia has already had a couple of cracks at this – once with the Australia card and then with Joe Hockey’s proposed Access Card a decade ago. Both proposals crashed and burned.
The Australian Privacy Foundation was founded in 1987 expressly to fight the Australia Card proposal, and so far it is not pleased at all with the way the government is going about developing a digital identity framework. It remains unconvinced that the opt-in nature of the programme will be any salve.
We’ve seen evidence already of Government opt-in identity programs turning into opt-out platforms. The Personally Controlled Electronic Health Record, for example, was originally opt-in and secured little interest. Since renamed the MyHealthRecord, a couple of successful opt-out trials have been run and are intended as the precursor to a wider opt-out regime.
The Australia Privacy Foundation fears similar bracket creep with the digital identity framework.
Ms Dixon acknowledged last month that her current role is; “Probably the most complicated job I have ever done,” and said she understood that it would be difficult even without the political hurdles.
The political hurdles are, however, a real and present concern – especially as the verification framework is designed to leverage biometrics. The DTO itself won’t collect or store biometrics, but its digital identity framework will use them for verification.
It’s unlikely the framework would leverage the existing passport biometric as not everyone has one; more likely is it will leverage the voice biometrics already deployed at the ATO to identify callers. By the beginning of this year more than 1.5 million Australians had already stored a voice print with the ATO to use as their biometric identifier.
And here’s the key issue; biometrics are probably the most effective and efficient way to demonstrate identity. They are widely deployed around the world, and have been embraced by Australia’s travelling public using the biometrically underpinned passport.
When securely stored and unobtrusive, biometric data can streamline identification and deliver efficiency and security.
There is also growing user acceptance among a post-Australia Card generation of smartphone users, comfortable with the idea of using a fingerprint or iris scan to unlock their devices.
This is good technology. Digital and streamlined government services are a good idea.
What’s lacking is the supporting narrative. The private sector can drop technological change from a great height and people can choose whether to accept or reject it. Don’t like Apple’s new iPhone and cord free earphones? Buy something else. Don’t want to access your smartphone via a retina scan? Buy something else.
Don’t want to access Australian Government services? As if.
The ABS never convincingly explained why it needed to keep our names and addresses along with census data. It lost credibility.
The government has to explain clearly and carefully why we need a digital identity framework, and why biometrics as an anchor makes sense, or this risks being an Australia Card issue all over again.