The government’s proposed new digital ID where a mobile phone will replace physical documents has sparked widespread concerns from security experts and non-Labor MPs.
Government Services Minister Bill Shorten announced on Tuesday a $11.4million trial of a QR code mobile phone application that would replace a driver’s licence card or passport to verify a person’s identity.
The Trust Exchange, or TEx program, will link to a person’s myGov wallet, or the upcoming digital ID, to verify who a person is and provide requested information, such as proof of age to gain entry to a pub or club.
Mr Shorten said TEx could be used to confirm a hotel reservation without the customer having to hand over a licence or other form of ID, and such uses could reduce the amount of information private businesses collect.
In the case of someone needing to prove their age, the TEx could show the user was over 18 without revealing details like a home address.
The technology could store and divulge information such as someone’s date of birth, address, citizenship, visa status, qualifications, occupational licences or working with children check, and any other information held by the government.
While Mr Shorten hailed it as a ‘world-leading’ means of identification when he addressed the National Press Club address in Canberra, others have fears over a person’s entire identity being accessible on one device.
Cyber-security expert Shara Evans said it could be risky putting ‘all eggs into one basket’.
Cyber-security expert Shara Evans issued a number of warning about putting too much data in one place
‘I do like the idea of making it easy to verify identify without giving away personal sensitive details and having this sensitive data stored all over the place,’ she said.
‘However, this needs to be thought out very carefully with plans in place for full rapid identity renewal in the event of a data breach/compromise/lost consumer device.’
‘I am always a bit concerned whenever a great deal of sensitive information is stored in a single place, irrespective of who is doing the collecting and monitoring, because there are just so many nefarious ways that information can be compromised.’
Others raised privacy concerns, the relative ease of creating fake credentials on a screen versus a physical document, and what happens to those who want to opt out.
However Mr Shorten was very positive about the new digital IDs.
‘An ID as a Verifiable Credential would be a secure and very efficient way for a business to be certain of someone’s ID,’ she said.
‘It will save businesses money as it will significantly reduce their customer on-boarding procedures and their data storage requirements.’
Mr Shorten assured his audience it would be an ‘opt-in’ system where ‘you choose what is shared, you consent to what is being shared and you can trust it is shared safely’.
Government Services Minister Bill Shorten is trialling a new Government app that will verify identity without handing over a driver’s licence or other such documents
‘Whatever the case, online or in person, you choose what is shared, you consent to it being shared and you can trust it is safe,’ he said.
He said the proof-of-concept trial had already been approved with ‘in principle support’ by the Tech Council of Australia, the Commonwealth Bank, and employment platform, SEEK.
‘Once it is in place, TEx will have countless applications,’ Mr Shorten said.
‘It has the potential to unleash innovation across our economy, creating opportunities in all sectors as well as for small businesses.’
‘We’re getting this moving and it is on track to happen by the end of 2024.
Liberal backbencher Russell Broadbent, who was a vocal critic of the Albanese government’s digital ID legislation, which was rammed through parliament earlier this year, said he feared an invasion of privacy.
The Trust Exchange, or TEx program, will link to a person’s myGov wallet, or by year’s end the upcoming digital ID,
‘His advisors would be telling him this is the future, this is the way to go,’ Mr Broadbent said.
‘Is he checking for unintended consequences? Issues around freedom of choice, freedom of information, freedom of association?’
Mr Broadbent worried that using QR codes to enter venues, as was used by governments that issued Covid vaccine passports during the pandemic, could lead to people being tracked against their will.
‘We are being subject to an invasion into our privacy that is unprecedented,’ he said.
‘It will be a further invasion into our privacy because they connecting all the information around an individual into one spot, which is acknowledged in his press release.
‘If they are holding it all in one space then you’ve only got to crack that one space from a scammer or a hacker’s point of view and you’re into everything.’
Mr Broadbent pointed out that despite giving assurance all information from the Covid apps would not be used for anything but tracking cases Western Australian police on two occasions used QR check-in data in their investigations.
‘It’s a complete violation of human rights,’ Mr Broadbent said.
Liberal MP raised concerns over whether the government’s new tool could be used to track movements
One Nation leader Senator Pauline Hanson said she was opposed to the new verification tool, which she called a ‘dumb idea’
‘Has Bill Shorten taken into account the full ramifications of human rights in this new process?
‘We are not even in a pressure cooker at the moment.
‘What if we went into a war situation, wouldn’t they be allowed to check under wartime conditions anything? Any data that’s available?’
One Nation leader Senator Pauline Hanson also told Daily Mail Australia she opposed the move.
‘One Nation has always opposed a national digital ID system and I’m also against this latest idea,’ she told Daily Mail Australia on Tuesday.
‘There’s no guarantee about the security of this data. There have been countless data breaches this year alone, including the Medisecure data breach involving the personal details of almost 13 million people.
‘What’s stopping a clever person from creating a convincing QR code loaded with false data?
‘What’s stopping someone using someone else’s phone? I don’t see how this protects hospitality venues from fake IDs or from prosecution from serving alcohol to an under-age patron.’
Senator Hanson said handing over a driver’s licence was ‘no less convenient to show a venue than holding a phone up to a QR code reader’.
‘I think this is just another dumb idea putting Australians’ personal data at risk, and another unnecessary cost to the taxpayer,’ she said.
Daniel Lewkovitz, who runs Sydney security business Calamity, said he was ‘very cynical’ toward any government claim that the measure will remain ‘voluntary’.
‘The government will keep talking about safety and protecting people but I would prefer they did a better job of enforcing our existing laws before introducing more legislation that will impact law-abiding citizens.’
Mr Lewkovitz was also very sceptical about some of the measures claimed benefits.
‘The funniest part of this is the suggestion it will prevent underage drinking,’ he said.
‘It’s much easier to fake an image on your phone than it is to fake a plastic ID card and whilst security mechanisms may be built in to prevent this (as is the case with the already existing Service NSW Digital Driver Licence) I have observed that neither private security or police use these tools to verify the authenticity of the licence.’
Mr Shorten in a Wednesday interview on ABC Radio National said that in order to build confidence in the took he asked the agency to use ‘open source’ coding.
‘We will allow people to see what is the code that we’ve used to produce the software,’ he said.
‘Services Australia will still do the coding, I want to be clear about that, but I think it’s important if we’re building trust and that the consumer or the citizen feels they have control.
‘It’s about them that it’ll be open source and that people can, with technical understanding, will be able to look under the hood and clarify that the system is working as we’re describing.’
***
Read more at DailyMail.co.uk