Telcos queue for identity document vetting system

The DVS, first trialled in 2006, enables Government agencies to check with the relevant issuing authority whether a document that a person gives them as proof of identity is real and that the details on it are up-to-date and correct.

It is currently only available to key Federal, State and Territory agencies, but the private sector has always been a target for potential expansion.

"We need to consider how to expand the capacity of DVS," said Jonathan Curtis, assistant secretary of the identity security branch of the Attorney-General's Department.

"We've seen quite a bit of demand for the expansion from the banking and finance and the telecommunications industries."

Curtis also said the A-G's Department is focused on developing standards and frameworks to improve agency enrolment procedures - essentially to improve processes at the point of identity information capture.

"The clear message is that an identity management system is only as good as its enrolment system," Curtis said.

"Inaccuracies not only undermine the system but have flow-on effects for all the agencies that rely on the credentials issued by that authority. This is the strength and weakness of the federated identity management system in this country."

Currently, agencies who enrol individuals for the purpose of issuing government documents that can be used to establish proof-of-identity are required to adhere to a "gold standard" approach [Word Doc] specified in the National Identity Security Strategy (NISS) scheme.

NISS was created following a Council of Australian Governments (COAG) special meeting on counter-terrorism in 2005.

Curtis said there is a cooperative development process underway to create a broader based registration framework to underpin both physical and online enrolment procedures.

In addition to enrolment procedures, the Department is also undertaking works to build on the overall integrity of identity data holdings, Curtis said.

"For example, standards for dealing with lost or stolen documents vary wildly across agencies. What we're trying to do is build an Australian version of the system used by Interpol [in this regard]," he said.

"We've also been looking at data matching techniques to find inconsistencies and anomalies across data sets. We've produced some data matching system techniques in cooperation with various agencies."

These agencies could include the likes of state-based road authorities, registries for births, deaths and marriage, the Australian Department of Foreign Affairs and Trade, and the Department of Immigration and Citizenship (DIAC), all of whom have roles in NISS as enrolment and document issuing authorities.

Curtis also used his address at the 10th Biometrics Institute conference in Sydney to call on agencies to understand the limits of biometrics in wider identity management systems such as NISS.

"This shouldn't be taken to suggest that I don't think biometrics is important - it's a fantastic crime fighting tool, among other things," Curtis said.

"There's some risk in biometrics being seen as the silver bullet for identity management. Biometrics should be adopted with a clear understanding of what it can and can't do in enhancing an identity management system or strategy."