fbpx
Politics

How NSW is building the nation’s digital spine

- March 3, 2023 8 MIN READ
Victor Dominello
Victor Dominello demonstrates the NSW Digital ID project on his phone
Australia needs to grow a backbone. In the information age, this spine must be digital.

It must empower the individual with more control and protections over their privacy and security.

This spine by nature must be customer centric. However because Australia is a federation – the spine doesn’t look like a single column. Its appearance is more akin to a double helix.

In many countries around the world they have a unitary identity system allocated to a single card – a number. In Australia we have multiple identity systems. Many would fairly describe it as an identity crisis.

Our primary identity document at the federal level is the passport. This contains a photo and is recognised internationally. However before federation we had state colonies. They issue the first identity document – the beloved paper birth certificate. Thankfully we are now digitising this.

The second identity state based document is your driver’s licence. Until the 1960s the driver licence was in the form of a paper certificate which listed a person’s age, hair and eye colour, height and complexion. That was until the advent of the trusty, wallet friendly plastic card, replete with a mugshot.

The plastic driver licence quickly became accepted as the state based national de facto identity card. It is used by governments, banks and pretty much every organisation that requires proof of who you are.

Identify grafts

However passports and driver licences and other credentials used to help establish identity are simply poor identity grafts. They are unquestionably unsuitable in the digital age. Like a novice poker player, they give too much information away.

When you show your drivers licence to a burly bouncer in a nightclub, why do they need to know your exact date of birth or your address? All they need to know is that I am over the age of 18. When you provide a copy of your passport or birth certificate to a real estate agent for the purposes of renting a property, why do they need to know your passport number – are they calling home affairs to validate your number ?

When it comes to a birth certificate, why do they need to know details of your mother’s maiden name? Is this really relevant to a rental application?

Here is another example. I visited Parliament House in Canberra for a meeting earlier in the week.

After passing through all the high-tech security, I was required to write my full name and mobile number on a sign-in sheet of paper. Not only is this sign-in process unnecessary, it’s also unreliable – because I could easily write Mickey Mouse and give a fake phone number – but it’s also not secure to be collecting and storing all this personal information on reams of paper sign-in sheets.

I could also see the names and phone numbers of the 20 people who signed in before me. So much for privacy.

With recent high profile data breaches, with inevitably more to come, Australians are demanding more control and protections around their personal information and privacy. Organisations are equally demanding a modern solution to a modern problem.

Contingent liability

Industry realises that every time they are required by regulation to take a copy of your passport or licence or birth certificate or medicare card, they are at risk. Potentially high risk.

If an organisation is sitting on files that contain thousands of passport PDFs, that are not protected with robust cyber security, then arguably this could be recorded as a contingent liability.

Moving forward this will pose significant questions around corporate reporting obligations, disclosure and directors duties. Decentralised Digital ID is a modern solution for the problem of oversharing in the digital age. In Australia, we are building this double helix looking decentralised ID.

Double helix

In terms of big picture, the side rails of this double helix will be the Digital Identities. The side rails have to be anchored to the source.

The only 2 credentials that have this feature are passports and driver licence (photo card).

These are the only credentials that can give you a level 3 proof of identity. Other identity styled documents that are issued under the Trusted Digital Identity Framework are simply derivatives of these. Hence, the left side rail of this double helix is the federal MyGovID.

The right side is the state based NSW Digital ID. The rungs are the credentials. The drivers licence, the passport, the birth certificate, the veterans card, the Medicare card etc.

In NSW, these rungs are seamlessly dovetailed into the side rail. However as the excellent Thodey review into MyGov revealed, the federal credentials are bound to the side rail with rope. It is not a seamless experience.

On the issue of credentials, it is super important that they adopt a nationally and internationally consistent standard.

A big shout out to Ministers and officials who make up the Data Digital Ministers Meetings, chaired by Katy Gallagher. In the meeting held last week we agreed to progress the National roadmap around digital identity.

Critically, we also agreed to adopt internationally used and widely recognised standards around credentials. Without standards, we are going to have a modern equivalent of the rail gauges debacle of centuries past. Without standards our digital spine will develop severe scoliosis.

NSW pivot

For example, in 2019, NSW became one of the first jurisdictions to roll out digital drivers licence. When creating the digital driver licence there were very few predominant and prevailing standards within Australia.

Our focus at the time was on the most common use case – making sure that police officers could rely on this digital credential as proof of authority to drive in lieu of your plastic card, for example if you were pulled over for a speeding offence or stopped at a random breath test. But due to lack of common standards it stopped short of wider acceptance.

Therefore, when we commenced procurement of the Verifiable Credential platform 15 months ago, the key consideration was for the platform to create and store any credentials in the W3C standard which was and still remains the predominant world-wide open standard.

The international community, particularly Europe, have since started to embrace International Standards Organisation (ISO) standards to ensure interoperability, adoption and acceptance between their member states.

Queensland is about to roll out their digital drivers licence based on the ISO standard. We understand that we must constantly evolve and upgrade our technology to stay current and provide the best possible services for our people.

Therefore one of my last acts as a Minister for Digital, was to pivot to ensure NSW now also adopts the ISO standard for specific primary credentials, thereby making it aligned with Queensland.

By Q3 this year Services Australia and Service New South Wales will enable the interoperability of the digital Medicare card and digital drivers licence under their respective apps. All opt in.

So the customer remains in control of the place or places they would like their digital credentials stored.

Federal leadership

I give credit to Minister Shorten for driving this federal-state integration. At our last Ministers Meeting, he made a powerful observation around adoption.

The Feds and NSW have already or are well into the process of building out their side rails. However In NSW, the design is to seamlessly interconnect it with the rungs thereby significantly enhancing the user experience.

As Minister Shorten said, other states and territories are at different stages of their digital maturity. So instead of building out their own digital ID, they could plug into the federal side rail.

This means the other jurisdictions would only need to digitise their credentials, in accordance with the agreed national standard and then plug them into the national side rail.

This is the right vision and something I encourage and applaud.

Once this digital spine is established – new businesses can establish, innovate and grow by providing derivative identity offerings around POI 1,2 and 2 plus.

General business will have a less risky data landscape as they will not be holding all of this personal information.

In July last year I gave a speech to the Government Services Summit in Canberra, where I referenced the trust trinity of the who, the what and the why.

The side rails are the who.

The rungs are the what.

The why are the features that make the digital spine trustworthy; inter alia, it enhances your privacy, your security, your control over your personal information.

As it is opt in, it also empowers you with choice.

Value proposition

When we rolled out the digital drivers licence in 2019, the use case was that police could rely on it as proof of authority to drive in lieu of your plastic card.

Its use case was extended to proof of age in licensed venues. It’s fair to say that adoption beyond these 2 use cases has been fairly patchy. Then why has the digital driver licence achieved 80% adoption.

The use cases are not high in terms of frequency, that is, hopefully you are not getting randomly stopped by police everyday, nor are you challenged on your age as you enter a nightclub. However the value proposition is convenience. Once the driver licence was digitised, for many it was the last remaining reason to carry a wallet.

It joined the long list of digital products that now live on your phone.

Similarly, whilst the use cases for digital ID will take some time to radiate out, the value proposition is immediate and powerful. Namely, individuals will have significantly enhanced control and protection over their personal information and security. Consider the use case of renters.

In NSW there are over two million renters. At some point they will need to complete a rental application. Inevitably this will require copies of passports, drivers licences, photocards, birth certificates etc to be provided to real estate agents or their intermediaries.

I recently convened a round table with the rental industry which included representatives from the Tenants Union of NSW and the Real Estate Institute of NSW.

Both readily acknowledged the high value proposition of the NSW digital ID.

Renters would no longer be required to provide copies of their credentials, thereby significantly protecting their personal information.

Real estate agents would no longer have to store and dispose of these credentials, thereby avoiding the honeypot risk of a cyber attack. Both renters and landlords see the value proposition. Banks, clubs, car rentals, utilities – essentially every organisation that is required to sight and store a credential will benefit from a decentralised digital id.

It was recently reported that cyber crime costs Australian businesses over $33 billion each year. I am confident this is a conservative figure.

Cyber attacks don’t just potentially shut a business down. They result in deep reputational damage particularly when it results in the disclosure of personal information. The imperative for businesses to guard against cyber attacks is absolute.

A trusted digital identity will not only prevent the over sharing of personal information, it will remove the risk and cost from businesses that are required to gather and store this personal information. As you can see, building out this digital spine is significant micro economic reform in every sense of the word.

Decentralised

Let’s unpack why decentralised ID is a critical trust design feature. When people speak of decentralisation, they normally interchange it with blockchain.

However in the context of digital identity, decentralisation for me means that the ID is not an end to end product of one central agency. For example in Estonia and many other countries around the world, they essentially have an old fashioned Australia Card. Whereby a single agency issues you with a number.

NSW digital ID is fundamentally different. The ID is established on the back of 3 foundation credentials, each from different agencies. The driver licence – Transport for NSW. The passport – Department of Foreign Affairs and Trade. Medicare Card – Services Australia.

NSW digital ID also has a 2 lock system. The lock on your device and the lock on the foundation credential in the department. Both locks are required to access the information, which means the customer always remains in control.

These design features are critical to empowering individuals in a democracy and building trust.

Conclusion

The single most powerful unit in a democracy is the individual.

When we empower the individual, we strengthen our precious democracy. In an information age, we must empower the individual with more control over their identity and their data.

Creating a trusted, individual empowering digital ID, is the digital equivalent of the moon landing. I am proud to say in NSW we are there.

  • This was NSW Customer Service, Digital Government, Small Business, and Fair Trading Minister Victor Dominello’s final speech as a minister before the government went into caretaker mode ahead of the NSW state election on March 25, prepared for The Tech Council of Australia. He didn’t read it, instead speaking off the cuff about his passion for digital transformation and its potential to benefit all.
2024 Startup Daily Best in Tech Awards - nominations open