Australian Information Commissioner John McMillan has warned the Government it should prepare to have the ‘Australia Card’ debate all over again if it plans to go ahead with a recommendation to make the myGov web portal opt-out rather than an elective process.
The Australia Card, an attempt by the Hawke government to install a single identifier for all citizens in 1986, remains the benchmark for privacy outcry in Australia, after opposition to the policy pushed the Parliament to a double dissolution election and eventually saw the idea abandoned.
McMillian told delegates at this week’s CeBIT conference the myGov proposal had the potential to re-light this flame.
“One anxiety that will grow soon, for example, is the question of whether this an Australia Card by default?" he said.
“If the only way of dealing with government is having a certified address through a myGov account, are we really just reigniting an old debate in a new form?"
The myGov web portal is run by the Department of Human Services and is used to provide online transactions for DHS agencies like Medicare and Centrelink, as well as the Department of Health and Australian Tax Office.
The National Commission of Audit, released last week, recommended myGov be made the default platform for engaging with government, meaning citizens would need an account in order to fill in their tax or claim a Medicare refund.
McMillan declined to comment further, other than to say that such a move would have “quite far reaching implications beyond just the efficiency of interaction between government and the customer”.
“A site like this will increasingly accumulate a valuable storehouse of administrative data about the population, about their health, about their finances, about their transactions,” he said.
But privacy advocate and security consultant Stephen Wilson was not so circumspect.
“I would have real concerns about any single sign-on system for transacting government business,” he told iTnews.
“If the Government wants us to believe they really have no interest in tracking us then they should be looking to break myGov into multiple IDs for different services, and allowing the use of anonymised IDs.
“We should be able to maintain different identities for our different walks of life rather than being forced to join them all up."
The current version of myGov does allow users to create different accounts to access each of the different services covered by the portal - if they are willing to invest the extra time into creating them.
Still, Wilson suggested the Government consider technologies like digital wallets that could store different secure keys on a smartphone to access different accounts.
He said grave concerns that he already held with myGov - which is accessible though a single factor authentication process - would only intensify if the data it processed grew on the scale suggested by the Commission of Audit.
“It is only a matter of time until over-collected information is leaked or hacked,” he said. “The first rule of security is if you don’t need to collect it then don’t.”