ASPI’s Hanson claims DTA misled on digital ID concerns

When it comes to the mysterious art of cyber diplomacy and citizen surveillance, it seems there are some contentious issues government agencies will admit in public ... and others they won't.

That's the take of the head of international cyber policy centre at the Australian Strategic Policy Institute, Fergus Hanson, who says serious concerns he expressed over the the potential for social surveillance under the federal government’s digital identity scheme were acknowledged in private despite being publicly rejected by the Digital Transformation Agency.

The comments reignite a spat that started last year after Hanson penned a withering analysis brief that urged the government to enshrine the privacy protections behind Australia’s two main digital identity schemes in law to avoid the emergence of what he said amounted to a Chinese-style social credit system.

The comparison to the Chinese system raised the ire of the DTA, which accused Hanson of misrepresenting the digital identity program and claimed his report was “inaccurate and contained many factual errors”.

“The association of China’s social credit system and the Australia Card with Australia’s new digital identity program has no basis,” the DTA said in a statement at the time.

“Nor do claims that private sector companies will be able to harvest user data. These demonstrate a clear misunderstanding of how the digital identity system is intended to work.”

But speaking at the Technology in Government summit in Canberra this week, Hanson stoked the coals by suggesting the DTA had privately acknowledged the concerns were real.

“Now I wont tell you about some of the private communications we received, but what emerged from this process was truly bizzare,” he said.

“A private acknowledgement [that] the concerns raised were real, but a public pretense they were manufactured.”

Hanson also used the occasion to reiterate calls for “dedicated legislation” to govern both the government’s digital identity system, dubbed myGovID, and Australia Post’s separate digital ID platform.

It comes just weeks after the myGovID system - essentially a digital equivalent of the 100 point ID check that allows Australians to log into online government services - moved to the public beta stage of testing and appeared on Apple’s App Store.

Hanson said that introducing legislation would go some way to strengthening protections for individuals in the schemes, instead of relying on the “very inadequate Privacy Act”.

However, he also went further, calling for a root and branch review of digital identity protections and the Privacy Act, which was first introduced in 1988.

A privacy impact assessment of the trusted digital identity framework (TDIF) underpinning the national federal identity model has also urged that privacy protections behind the myGovID system be enshrined in law to avoid function creep.

“Confidence in the privacy standards would be boosted by some form of legislative backing to ensure that participants are bound to the key privacy standards, and that the standards will not change without public scrutiny,” the PIA states.

ID history still a concern for government

Hanson also took direct issue with the government’s public communications approach for the scheme, which he said had largely left the public in the dark.

“Instead of asking Australians if they want to opt-in to having their government photo ID repurposed for a new biometric scheme, which would have been consistent with the Privacy Act, the government just went ahead and did it,” he said.

Hanson put the government’s limited communication about the scheme down to the failed attempts to introduce national identity schemes in the past, namely the Australia Card and Access Card.

While the myGovID credential is opt-in, which the DTA was keen to point out in its broadside of Hanson last year, citizens have no control over the government re-purposing their government photo.

However Hanson ultimately believes there is “a lot of opportunity for digital identity in Australia - with the proviso we need to get it right”. 

“In Australia, with good digital identity, we’re going to basically see a whole suite of micro convinces that in totality make like a lot easier and quicker and easier, while at the same time reducing transaction costs and actually enhancing our privacy,” he said.

“Done well, digital identity has the potential to be the biggest micro economic reform we’ve seen in Australia for quite a while.”