myGov report warns against digital ID fragmentation – Strategy – Security


The federal government’s slow movement on digital ID risks creating “digital rail gauges … where a credential issued by one jurisdiction won’t be accepted in another,” a review of myGov, which also covered digital identity, has warned.

The report, in two volumes, [pdf] and [pdf] highlights how slow decision-making at the federal level, along with a lack of legislative support for digital ID, have left Australians vulnerable.

It also tackles clunky processes, lack of inclusion, and fragmentation of digital ID, which it said created confusion for agencies on which to adopt, and for citizens on which to use.

The report found that even among myGov users, digital ID usage lags: “Whilst 2.4 million myGov accounts have been linked to a digital identity, actual usage is low: on average less than 8000 users choose digital identity to sign in each day, which equates to around one percent of total sign-ins,” it said.

The report also points to usability challenges, and calls for improvements – such as having myGovID appear as a popup when identity verification is required within myGov, and ensuring users don’t “get stuck when encountering errors”.

Inclusion failures

The report also highlighted that digital identity is far from inclusive: 48 percent of Australians don’t hold an Australian passport, and are thereby excluded from getting a digital ID to Identity Proofing Level 3 (IP3) – necessary for digital access to welfare services or a tax file number, for example.

The report adds that around 200,000 First Nations people can’t reach Identity Proofing Level 2 (IP2, for obtaining utility services, for example) because they lack birth certificates; while people cannot use myGov at all if their identity documents don’t match, or if they lack their own mobile. device.

The government needs to act to make digital ID more inclusive.

The panel recommended the government commit to offer all Australians an IP3 identity, with in-person verification with Services Australia as an option.

It should also be easier to recover an existing myGovID to set up a new device, without providing all identity documents again.

The report also calls for pilots of how to use myGovID without a dedicated mobile device, “including the use of cloud-based passkeys and physical security keys.”

Fragmentation

Governments have dragged their feet on providing legislative support for both the digital identity framework and biometric matching, the report stated.

It’s now urgent for legislation to catch up, the report said, because while legislation is lacking, the “use of digital identity and limited facial verification is accelerating without any dedicated legal safeguards or governance framework in place, leaving Australians vulnerable to security, privacy and other human rights violations.”

The lack of identity providers onboarded with the federal government – myGovID is currently the only one – also limits who can get an IP3 digital identity, the report said.

The lack of Commonwealth legislation has also led to states and territories going their own way.

“There is a publicly stated aspiration to align,” the report said, “but the risk of national fragmentation inches ever higher as some states and territories look to imminently introduce their own legislative frameworks.”

The report also noted the popularity of states’ offerings such as digital driver’s licences, because they’re easy to use, offer good privacy for users, and can be verified without needing a central exchange.



Source link