The Digital Transformation Agency’s plan to use its digital identity for age verification in accessing porn is an “own goal” that “hurts the credibility” of the program, according to the former CEO of the agency.
In a submission to the House of Representatives Standing Committee on Social Policy and Legal Affairs into age verification for online wagering and online pornography, the DTA offered up GovPass, its whole-of-government way to verify identity.
“The DTA believes that the digital identity program could be used to reduce technological barriers in achieving stronger age verification requirements by providing a convenient alternative for users to verify their age,” the DTA said in the submission.
The digital identity service could be used to verify identity attributes like age for users trying to access online pornography or gambling, it said.
“Digital identity does not involve a unique identifier, nor does it allow tracking of online activities. Instead, it provides a means for a person to authenticate their identity online. Furthermore, identity providers in the digital identity system must meet the strict privacy and security requirements,” the DTA said.
Former Digital Transformation Office chief executive Paul Shetler, who worked on the early stages of the digital identity project from 2015, said this potential use case is the “exact opposite” of what the original purpose of the program was.
“We were speaking with all kinds of organisations, with people who had lobbied very strongly against the Australia Card and lots of NGOs, and giving all these iron-clad assurances that it was going to be based on consent and only for government services, and that data wouldn’t be shared anywhere,” Mr Shetler told InnovationAus.com.
“And now they’ve come out with something like this. It’s so incredibly bad. It’s made liars out of us and they’ve turned everything I’ve said on its head.”
The suggestion to use the service for online porn age verification would damage public perception of the program, Mr Shetler said.
“It trivialises it. It’s supposed to be about government services, but they can’t deliver that. They don’t seem to be able to define how it’s going to be used, and they can’t seem to get states to work with them, so they’re going to use it to keep track of people watching porn,” he said.
“This hurts the credibility of the program, and it diminishes the agency’s involvement. It just shows a complete inability to learn from the past. We thought we were showing the government had learnt and it hasn’t.”
In the submission, the DTA said that the participating sites would only receive the information required to confirm the user’s age, and any other information provided would be consent-based.
“We would expect that it would only be one of a number of potential pathways that individuals may use to undertake age verification,” the agency said.
“The DTA recommends that if digital identity is used to provide a verified age for online wagering and online pornography, it should be an optional choice for users,” it said.
But Mr Shetler said the general public is unlikely to be reassured by technical explanations of security and privacy measures.
“This is going down the rabbit hole. Any paranoia that people have about government tracking them is going to be exacerbated,” he said.
“No-one is going to listen to the technical explanations saying we don’t do that – that’s not the headline, I don’t know what they were thinking, it’s an own goal.”
“We talk about designing around user needs, but I don’t think anyone has come to the government and said this is a need. Everything about it is wrong and it contradicts everything we said we were going to do. It’s a desperate move to get people to use it.”
If the government was going to opt to use the DTA’s digital identity project for online age verification, it would have to extend the Trusted Digital Identity Framework – a set of policies that organisations have to be accredited against to participate in the scheme – to the private sector, and there would need to be a set of legislative and technological changes.
In the submission, the DTA admitted this is still “some way down the track”.
The Department of Home Affairs also wants to use its facial recognition technology for online age verification for pornography and gambling, offering up its Face Verification Service in a separate submission to the inquiry.
This service is also not fully operational and reliant on legislation that was recently outright rejected by the powerful national security committee.
Recent focus group testing on the DTA’s digital identity project revealed that about two-thirds of Australians won’t use the service unless there is a major public awareness campaign, and that more needs to be done to improve privacy and security.
Politicians at a recent Senate Estimates hearing also raising concerns of low levels of awareness of the digital identity project, with many participating senators not having heard of it.