While the government and private sector argue the toss over how the nation can create a secure digital identity for every citizen, Australian Privacy Commissioner Timothy Pilgrim shares the worry of many Australians as to what happens when something goes wrong.
Speaking at the recent Digital Identity roundtable co-hosted by The Australian Financial Review and Australia Post, Pilgrim asks how hard is it going to be for an individual to get their identity back in this new world if it’s compromised.
“One of the biggest problems people have at the moment is rebuilding their identity if it’s lost,” he says. “So we have a system where we have a digital identity created – it could be through the Digital Transformation Office [DTO] or a private-sector organisation but if that’s lost, should the individual try and retrieve the identity or re-establish who they are?”
NAB Labs executive general manager Jonathan Davey agrees it’s a big issue and a lot more work needs to be done when it comes to the issue of potential stolen identities.
Head of agency services and RealMe at Kiwibank, Mandy Smith, also agrees there is still a lot of work to be done around identity authentication and cites the potential of biometrics in creating a more frictionless form of identity verification.
For Australia Post’s executive general manager of trusted e-commerce solutions, Andrew Walduck, the real issue is we still have an identity system based on physical forms of identity.
“The 100-point check is a whole lot of physical documents and if they all add up we assume it must be you,” Walduck says. “As that check is being digitised, the barriers to identity theft that exist in the physical world – it’s in my wallet and I carry it with me and you actually have to take it off me physically – change. We share that information online, it gets stored in different places, it becomes harvestable by people who want to come and take it.
“There are failings in digitising the physical system. We have to move to the basis of using biometric-based information that could be far more unique in providing proof of someone being who they say they are.”
Managing director of national identity theft support service iDcare, David Lacey, agrees the problem of identity theft occurs because of our current environment where we cannot distinguish between the physical and online worlds.
“I can pinch your wallet and enrol a digital identity, or I can hack your emails and enrol a digital identity. The balance of compromised identities is roughly 50/50 between physical and online.”
He says cyber criminals are doing either one or two things – they’re setting up a new digital identity, with government or with particular social media accounts, or they’re altering an existing digital identity in government or in those social accounts.
Australia Post’s Digital Delivery Centre general manager Cameron Gough suggests the digital world opens up a whole new realm of possibilities to identify an individual.
“The first one is just checking back to source, which would be similar to checking if a driver’s licence is valid, but the other realm of interaction might be social activity which could be used to reinforce the veracity of someone’s claimed identity.”
Gough suggests social interactions could be used because someone could vouch for your identity. They will have known you for many years and it would mean putting their own identity at risk to vouch for your identity.
“You create this web of people that reinforce the identities of other people. And so, if one of those identities is compromised, it kind of affects the integrity of the others, so people will be very careful about who they vouch for.
For NAB Labs Jon Davey the idea of multiple attributes and multiple data sources to verify identity makes complete sense.
“Maybe verification in the short term will be with driver’s licences and then, ‘By the way, have you been authenticated by NAB and have you done such and such’ and if you get a yes to those three data points, then my level of confidence in who you say you are has just increased.”