As more countries move to adopt digital ID programs, such efforts are attracting the interest of other players in the larger identification ecosystem.
Australia is one of the most recent examples of this, with Mastercard and Thales each taking steps to become more prominent digital ID players in the region.
The payment card network reportedly has launched a digital ID pilot program in Australia with “to develop a new system to verify a person’s identity immediately, safely and securely in both the digital and the physical world,” according to a recent report.
The pilot program will test a new way for people to prove their identity without having to carry multiple documents; instead, using owner data at the heart of the system.
The first part of the pilot included student volunteers from Deakin University testing an identity verification process for student registration and digital exams at the Burwood and Geelong campuses in Victoria.
The general idea of the program involves not only the data that resides on a person’s smartphone or other mobile devices but also uses information from that person’s financial accounts or other sources to bypass the need for what the report called a centralized identity database.
The first part of the pilot included student volunteers from Deakin University “testing an identity verification process for student registration and digital exams at the Burwood and Geelong campuses in Victoria,” the report says.
As Mastercard gears up to further test its digital ID capabilities in Australia, other news has also recently emerged that France-based Thales has won a contract from Queensland to help craft and deploy that state’s mobile driver’s license program.
In addition to digital driver licenses, Thales said the smartphone app will be designed to host a range of other digitized official documents including photo ID cards, marine licenses, vehicle registration, as well as provide access to the Department of Transport and Main Roads’ online services, the report noted.
The app will also include technology from Thales-owned Gemalto — specifically, its Digital ID Platform and Wallet technology.
In 2019, Australia’s nationwide digital identity program took a significant step forward when The Australia Post, the country’s postal service became a trusted provider of a digital proof-of-identity service under the framework administered by the federal Digital Transformation Agency, two years after introducing its Digital iD service.
The digital ID offering from Australia Post was launched in 2017, but it only recently became the second digital identity service provider to receive the trust-mark this week, with the Digital ID system joining the Commonwealth’s myGovID product, which is in a trial phase.
Not only that, but Australia Post reported it is the first organization this is not wholly within government to receive that mark from the Digital Transformation Agency.
The Australia Post is proposing a solution that puts the user in control of their identity and attributes.
Protecting citizen data
According to an earlier OpenGov Asia report, The Australian Strategic Policy Institute (ASPI) released a report on the country’s national records and the important role the records play as the collective digital identity of the nation.
The ASPI report explains how an attack on these records could disrupt the day-to-day functioning of society and why more should be done to protect them.
These records are accurate, confidential and not to be tampered with. Living in the digital era means having these digital identity records transformed into electric data and stored virtually in cloud servers.
These servers act as the memory centre of the nation, preserving Australia’s unaltered history. All this digital information may be referred to as “digital identity assets”.
Since these are important for the government to function and are a legacy for future generations, the records are worth protecting.
They collectively embody who and what Australia is as a nation, its journey, as well as its time and place in history.
Any form of theft, manipulation, destruction, or deletion of digital identity can be problematic as courts may not function without the relevant digital records.
Moreover, manipulated property deeds can create legal challenges. Problems in verifying and issuing of passports and visas may also be encountered. Plus, historic records might be tampered with or forged.
The responsibility of protecting national records is too big and too important for the government to do alone.
Historical societies and charitable organisations may need to store hard and soft copies of the same records all over the country.
Relevant laws must mandate cybersecurity situational awareness for telecommunications companies, ISPs, computer emergency response teams, law enforcement and security agencies, but clearly and responsibly.
A legal mandate that is largely based on past incidents may not be an effective strategy to prevent dynamic hybrid threats.