Service NSW created the state government’s first bug bounty program as part of the development of the NSW digital driver’s licence, Customer Service Minister Victor Dominello has revealed.
Dominello told a packed Australian Information Industry Association event in Sydney on Wednesday the program was established to weed out security vulnerabilities in the opt-in electronic vehicle licence.
The digital pass – which launched just over a week ago and has so far seen 680,000 downloads by NSW drivers, up from 600,000 on Monday – is underpinned by a range of different platforms, including blockchain and AWS.
“The bug bounty program ... allows independent security experts to get hands on with the underlying code and get rewarded for finding areas where the security of our platforms can be further improved,” he said.
Dominello said although bug bounties were “commonplace in the technology industry”, the program is one of the first rollout out by any government in Australia.
“To my knowledge, no one in government has done it,” he said.
Dominello thanked Yaakov Smith, a white hat hacker, who he said came forward to help with the security on the digital licence.
The program is now expected to “become part of [the government’s] design moving forward in relation to particularly digital services delivery”.
“Ultimately, it means the people and businesses of NSW get safer access to government services,” he said.
Dominello said the program was just one of the reasons the electronic vehicle licence – which also uses a passcode and a device’s biometric functionality – is more secure than a physical licence.
“We take cyber security very seriously in NSW. The digital licence has been through multiple rounds of security testing and audits, including by our own Cyber Security NSW team,” he said.
Some of these audits are understood to have been undertaken after the government pushed back the original state-wide rollout of the digital pass due to stability issues.
The government also completed three privacy assessments throughout the alpha and beta phases for the program, and worked with the NSW Privacy Commissioner to design key elements.
“We’ve put privacy first in the design of the verification process – when your licence is checked, you don’t need to give your phone to the checker or police,” he said.”
“Not only is this in the design, it’s the law.”
Dominello envisages single licence future, channels Marie Kondo
With the number of digital driver’s licence downloads now just shy of Service NSW’s conservative estimates for the first 12 months, Dominello said the government was now looking to ensure NSW citizens can use the digital pass across the state’s border.
“We’ve already started engaging with other states and territories on inter-state acceptance of the NSW digital driver’s licence,” he said.
“Once NSW amends its legislation, I’m confident that interstate acceptance of the DDL for proof of age and permission to drive will follow shortly thereafter.”
The government is also looking to bring more licences onto the platform, with trade licences the next to be digitised next year.
But Dominello also envisages a time when NSW simply has a single, multi-purpose licence for citizens, in line with the government’s vision for a “tell us once” approach to digital services.
“In the future, we won’t be talking about ‘our driver’s licence’. We will be talking about our NSW Licence – full stop,” he said.
“One digital licence that shows your permission to drive - tick, permission to work with children - tick, permission to sell alcohol, and so on.”
“When your details change, you can tell government once and it be updated everywhere. When you apply for an additional permission to be added to your licence, your details are filled automatically.”
Channelling renowned anti-clutter guru Marie Kondo, Dominello said the government wanted to ensure NSW’s various plastic licences weren’t just replaced with digital equivalents.
“Marie Kondo would not want a whole lot of different paper licences to be replaced with a whole lot of different plastic licences - to be replaced with. For Marie Kondo, digital clutter does not spark joy.”
“To make Marie Kondo happy – and I want to make her happy – not only will we harmonise, we will synthesize.”
Real-time insights
While the Service NSW app faced initial stability issues when the digital driver’s licence went live associated with the rush of motorists, Dominello said real-time data had allowed devs to quickly fix issues as they emerged.
In some cases, this meant the Service NSW team was “up at night solving the problems”,
“All the way through the last week, we’ve had to-the-minute data (i.e real-time) on adoption and feedback across the state,” he said.
“This means that we have engineers making adjustments throughout the night as the real time feedback was coming in.”
“This real time feedback and the agility it provides is cutting edge for the private sector, let alone for a big government like NSW.”
