The social impact of digital ID
A national, government-regulated digital ID scheme will undoubtedly have its benefits. It will make it easier for us to verify our identities online, and we will need to share our personal information with fewer organisations.
But at what long-term cost?
Michelle Falstein, a lawyer and an executive member of the NSW Council for Civil Liberties (NSWCCL), has some concerns.
“By linking personal identities across federal, state and local governments and the private sector, the federal government will have complete oversight of the lives of Australians,” Falstein says.
“The COVID pandemic ushered in a period of rapid normalisation of the sharing of personal information by Australians. Australians surrendered, and continue to surrender, their data, enabling mass collection, linking and storage of sensitive data by Australian governments and other online organisations …
“Australians will now have to trust that government will use that information wisely and for their benefit.”
‘Datafication’ of lives
The digital ID scheme is part of a broader trend of data centralisation and the increasing ‘datafication’ of Australians’ lives, Falstein says.
“This trend raises concerns about the concentration of power and information in the hands of government or corporate entities, with potential implications for democracy, autonomy and individual rights.
“The NSWCCL emphasises the need for responsible data governance frameworks that prioritise privacy, security and ethical use of data.”
While the NSWCCL welcomes the codification of the Australian Government Digital Identity System (AGDIS), it says the proposed digital ID scheme falls short when it comes to protecting people’s rights.
Falstein calls for more robust safeguards, including strong data protection measures, clear consent mechanisms, independent oversight and avenues for redress in case of data breaches or misuse.
The use of biometric technology should be avoided if possible, she says.
“Entire segments of the Australian population have every right to be fearful that this technology could have significant implications for their welfare, privacy and security. Biometric information can’t be easily replaced or managed if compromised in a data breach and is fodder for identity fraud.”
Developing an ID scheme that protects civil liberties would be easier if we had an agreed baseline to begin with, the NSWCCL says. The bill should not be passed until a revised Privacy Act is enacted. And what Australia really needs is an enforceable human rights framework, such as a Bill of Rights.
Other OECD countries implementing digital identity systems have one but we don’t, Falstein says. “Australia is the only liberal democracy lacking such a framework.”
Groups at risk
The digital ID scheme is intended to protect people from financial exploitation. But one group that it may not be helped in that regard are victims of domestic violence and financial coercion.
Melissa Cuturich, the founder of Diva Financial, which helps women recover from financial abuse, says: “One of the most problematic aspects of the proposed digital ID framework is the lack of safeguards against coercion and abuse.
“For women in volatile domestic situations, the requirement to share access to their digital identity could easily become another tool of entrapment and control, making it even harder to prove intent when and if they do escape.
“The centralisation of sensitive personal data also raises serious concerns about vulnerability to cyber attacks and breaches. Even with the best intentions, organisations can fall victim to increasingly sophisticated hackers, and a single breach could expose victims’ information to their abusers.”
The proposed ID scheme lacks adequate protections and reporting mechanisms for domestic violence victims, Cuturich says.
“What’s needed is a more holistic solution that addresses the full cycle of abuse – one that empowers regulators to take meaningful enforcement action, provides transparency into who accesses personal data and why, and enables individuals to retract access as needed.
“I urge policymakers to seize this opportunity to set a new standard in digital ID frameworks – one that prioritises the safety and autonomy of our most vulnerable citizens.”
Falstein says several other groups in society might also have reasons to be concerned about the introduction of digital ID: those facing barriers to accessing and managing their digital identities, leading to potential exclusion or exploitation.
These include the homeless, refugees, the Indigenous population, people with limited digital literacy, those in regional areas with limited internet infrastructure, and those already at risk of discrimination or surveillance.
“Attaining a digital identity can’t be a precondition to accessing basic services and rights,” she says.
Law enforcement concern
Sarah Sacher, a policy specialist with the Human Technology Institute (HTI) at the University of Technology Sydney, says that on the whole the HTI is happy with the privacy protections and potential for redress mechanisms that are provided by the digital ID bill and its amendments.
When it comes to biometrics, the fact the digital ID bill only allows one-to-one matching (in which your face is matched with a pre-existing ID document) rather than one-to-many matching, in which your face is matched against big databases of images (potentially less accurate and more concerning from a rights and discrimination perspective), is reassuring, Sacher says.
Large sections of the public are suspicious about the sharing of their biometric and other data. But Sacher believes the government is on the right track to winning them over.
“With the digital ID bill, there is a legislative basis, there are protections in place, there are safeguards in place, there’s oversight mechanisms in place, and that should go a long way to building that trust.”
However, one aspect of the proposed scheme is concerning, she says: the potential for mission creep in the form of unnecessary surveillance, particularly by law enforcement.
“The purpose of digital ID should be just to verify people’s identity, and not for other purposes, like pursuing fines and so on,” Sacher says. “That’s something that has to be mitigated through legislation.
“Our recommendation is that there should be no access by law enforcement unless they have a warrant related to a serious crime or if there is a quite a serious fraud related to the scheme itself … the way that it currently is, is a little bit broader than that.”
Protecting privacy in the digital ID age
- Move over big data: Data inventories are the next big thing
- Access to information: The $100m question
- Avoiding bias in automated decision-making
- The logical step towards reducing digital vulnerabilities
- What Australia can learn from Finland’s AI disaster
- Digital ID laws usher in quiet revolution
- Privacy by design: It’s soccer, not golf
- The social impact of digital ID
- ‘Attributes’ that could determine regulatory success
- Why Estonia leads the way in digital identity
- Australia’s overdue digital IDs will help fight online fraud