The road to decentralised digital ID in NSW


With a string of recent data breaches turning the spotlight on the fragility of physical identity credentials, finding a secure, privacy-enhancing method of verifying identity in an increasingly digital world has become the holy grail.

In New South Wales, the government appeared – at least on the surface – ready and waiting with the answer, announcing a pilot of its digital identity system less than two months after the damaging loss of credentials at Optus.

But in reality, work has been humming away in the background for at least the past two years, stemming from the need to find a solution for organisations like banks to accept the New South Wales digital driver licence (DDL).

Efforts gained pace late last year, when Customer Service and Digital Government Minister Victor Dominello outlined the government’s decentralised digital identity vision to hand back control of sensitive personal information to the customer.

Since then, the team behind the Digital Identity and Verifiable Credentials (DIVC) program at the Department of Customer Service, has been focused on standing up the platforms and frameworks necessary to conduct pilots that will inform a future rollout.

The program has been split into three ‘horizons’. The first of which involved building the digital identity hub and wallet for the decentralised digital identity, now known as NSW Digital ID, at an initial cost of $16 million.

“We spent the entire last year setting up foundations, testing and doing procurement for different vendors we needed in order to uphold the platforms,” Identity.NSW executive director Lenka Bradovkova told InnovationAus.com.

“We are building out the foundations and rolling out 10 different pilots to test that we’ve built a good, robust product. As we go and thoroughly test those pilots, we’ll then be combining them into this single digital identity housed within the Service NSW app.”

The first of the six pilots for the NSW Digital ID, which allows customers to renew their Working with Children Check, began last month, with the aim of testing the underpinning photo verification technology.

The technology being tested is provided by Melbourne-based technology company BRYK Group, InnovationAus.com can reveal. A FaceTec product was chosen after testing and evaluation against several other products by biometrics assurance laboratory, Biometix.

Like the solution embedded in the federal government’s myGovID credential, FaceTec will allow users to take a selfie and conduct a one-to-one match of their image against a file photo. Once the person’s identity has been verified, the image is discarded.

It is one of two major platforms that make up the digital identity hub and wallet, the other being a verifiable credentials platform that will have a look and feel similar to the existing wallet in the Service NSW app but have additional functionalities.

“What we’re aiming to do is to replicate the same type of customer service that you’re experiencing from Service NSW service centres — the no wrong door approach, one point of contact, where you can go into the centre and do various transactions,” Ms Bradovkova said.

“We’re trying to replicate and allow people to do it from the comfort of their home. We’re trying to digitise that proof of identity process that people currently need to attend a service centre for, and facilitate the ability for them to do that online, securely and… with their consent.”

Ms Bradovkova, who joined the department in February 2022 after five years at TPG Telecom and seven years at Ernst & Young, said three of the pilots are focused on digital identity, with the remainder focused on verifiable credentials.

She said this is where the New South Wales government approach diverges from the federal government; “They have done the who am I. We are taking it a bit further with the verifiable credentials, with what you’re entitled to”.

“So, providing not only who you are but what you’re entitled to. Providing whether you’re entitled to a discount, for example with your seniors card, and being able to combine the two in a single, very simple transaction format,” Ms Bradovkova said.

Horizon two of the DIVC program, which will kick off in January, will be focused on scaling the capabilities built in horizon one, as well as investigate integration with the private sector.

A third horizon slated to begin in 2024 will then incrementally enable more trusted credentials and allow trusted private sector organisations and government agencies to “verify an identity, credential or document”.

“Once we’ve tested it – starting with government transactions first – and once we’re sure its working as we expect, then we will see how many use cases we can roll out into the commercial sphere, and whether there’s interest,” Ms Bradovkova said.

A future rollout and expansion to the private sector will, however, rely on the success of the pilots and “legislative backing”. Legislation is currently being drafted by the department, and will sit alongside separate laws at the federal level.

Minister Dominello has already indicated that law enforcement access to the scheme would be limited to “instances of very serious crime only” under any future laws.

The entire ecosystem being built by the New South Wales government is also “plug and play” with the federal system, Ms Bradovkova said, allowing the two systems to align seamlessly when the federal government’s digital identity system eventually progresses further.

The federal system has stalled in recent months, with legislation to enshrine privacy protections and expand the program to the private sector still waiting to be introduced to Parliament.

Laws that would pave the way for a highly controversial facial recognition database, but which would also enable businesses to further reduce the collection of information by using government systems like the facial verification service, are also still awaiting changes after more than three years.

A 2019 identity protection and management arrangements review that was shelved by the federal government until a Freedom of Information request earlier this year recommended an overhaul of identity verification, including greater use of biometrics.

Do you know more? Contact James Riley via Email.

1 Comment
  1. Digital Koolaid 2 months ago
    Reply

    I’m sure it’s not the job of the state to “verify” identity – to reduce (they say) the risk to the private sector – for free – at citizens’ expense. I remember a “user pays” concept. Should we let the user pay? I would.

Leave a Comment

Your email address will not be published.

Related stories