The Digital Identification Bill 2023 is intended to establish a nationally consistent framework for digital identity in Australia. The bill would also create a new government agency, the Office of the Digital Identity Commissioner, to oversee the implementation of the digital identity system.
The bill follows legislation on an identity verification service being introduced and then abandoned by the Morrison government in 2019 after a parliamentary joint committee recommended the laws be reviewed for having insufficient privacy safeguards.
The new bill is currently being considered by the Senate and is intended to:
legislate and strengthen a voluntary Accreditation Scheme for digital ID service providers that wish to demonstrate compliance with best practice privacy, security, proofing and authentication standards
legislate and enable expansion of the Australian Government Digital ID System for use by the Commonwealth, state and territory governments and eventually private sector organisations
embed strong privacy and consumer safeguards, in addition to the Privacy Act to ensure users are protected
strengthen governance arrangements for the Accreditation Scheme and the Australian Government Digital ID System, including by establishing the Australian Competition and Consumer Commission as the Digital ID Regulator, and expanding the role of the Information Commissioner to regulate privacy protections for digital IDs.
In October 2022 experts in cybersecurity and digital identity were critical of the proposed changes to Australia’s identity system, warning that such a framework would bring its own weaknesses and would not function as a secure form of ID authentication.
Digital identity and privacy consultant, Stephen Wilson, questioned the digital ID system being used as a replacement for verifying identity, instead of just being used as a single login point for government services:
“They aimed to give citizens a single key to access all federal government accounts, starting with tax, Medicare and Centrelink. The key proves you’re a citizen known to the ATO.”
Professor Vanessa Teague, a cybersecurity researcher, voiced concerns in the early days of the systems development warning that there were still areas at risk in the event of a cyber breach. She also questioned the level of tracking within the system:
“There’s no reason that the authority that issued your digital ID should get a constant update every time you log in.”
Concerns have also been raised regarding government and personal information being intermingled. Senator Malcolm Roberts has also fiercely criticised the proposed legislation making equivalences to Soviet Russia and suggesting that the digital identification system would turn Australia into a “digital prison.” Mr. Roberts also suggested that the identification framework will increase the likelihood of cyber hacks against Australians:
“The effect of this bill is to tie every Australian to a digital identity that unlocks services necessary for life. This bill does not make identifying oneself online easier. It will facilitate making a digital identity check mandatory. That onerous measure comes at the price of putting identifying information for every Australian in the one spot and emits a giant, flashing, neon sign above everyone, saying, 'Hack me.'“