Friday, 19 October 2018 05:09

DTA, cyber expert at odds over GovPass analysis Featured

DTA, cyber expert at odds over GovPass analysis Pixabay

The author of a detailed analysis on the Federal Government's proposed identity scheme, GovPass — a trial of which is scheduled to begin this month — says he worked closely with the Digital Transformation Agency while preparing it, but ultimately disagreed with the agency on its implications.

Fergus Hanson's report "Preventing another Australia Card fail" appears to have riled up the DTA which issued a long note of protest on Thursday evening, citing what it claimed were mistakes and incorrect conclusions.

But Hanson, the head of the International Cyber Policy Centre at the Australia Strategic Policy Institute, told iTWire that he had worked closely with the DTA, the Ministry of Home Affairs and Australia Post to write his detailed analysis.

"They [DTA, Home Affairs and Australia Post] had the opportunity to review multiple drafts," he said. "In the end, there were some disagreements with DTA over the implications of the scheme. I heard what they said, but ultimately disagreed with their assessments."

Briefly put, his write-up criticised the creation of two systems for identity verification — the Australia Post system known as Digital iD and the DTA-managed GovPass — neither of which was governed by dedicated legislation.

Hanson said that the DTA had done a poor job of telling the public about the safeguards — if any — to guard against such schemes hoovering up too much data and preventing "a Western version of China’s ‘social credit’ scheme emerging".

Another key point Hanson made was that there was a danger of conflating two biometric services – the Face Verification Service, used for digital identity, and the law enforcement biometric enabler, the Face Identification Service.

"The FIS lacks adequate safeguards and in its current form is likely to attract public opposition far exceeding that directed towards the My Health Record scheme," he commented in his paper.

The DTA statement, attributed to its media team, made a blank assertion: "The report was inaccurate and contained many factual errors. It was not an informed or objective appraisal of the program." But thereafter, the statement did not provide detail to back this up; it appears that some of Hanson's characterisations got up the noses of people at the agency.

"The association of China’s social credit system and the Australia Card with Australia’s new digital identity program has no basis," DTA said. "Nor do claims that private sector companies will be able to harvest user data. These demonstrate a clear misunderstanding of how the digital identity system is intended to work."

And it added: "Another key assertion is that two digital identity systems are being built, which will compete against each other. This is incorrect. The digital identity federated model allows for multiple identity providers, but only one system. This means people using the system will be able to choose to set up their digital identity with their provider of choice."

A third objection was: "The digital identity program will not issue identifiers or cards. It will use a ‘double blind’ architecture where the identity exchange sits between the digital service and the identity provider. This protects a person’s identity by making sure that no identity provider can see the services being accessed, and services cannot see the personal information from the identity provider."

Hanson told iTWire: "My point was not that GovPass would create a honey pot of data that could be on-sold as part of a social credit scheme. The DTA scheme actually has good protections to prevent this.

"The point I make is that the scheme lacks controls that would prevent those who use it from harnessing the scheme to build verified profiles of Australians. Australia Post's scheme also allows this. That's why they both need to be brought under legislative oversight."

He said the schemes would compete against each other, DTA's protestations notwithstanding.

"DTA claims they won't compete because Australia Post is considering joining their scheme as an identity provider. Australia Post is considering this, but there will still be two separate schemes — GovPass and Digital iD — that will compete against each other and both of which taxpayers funded," he said.

Hanson has suggested the following changes to the ID schemes:

  • Accompany the introduction of digital identity with an overhaul of online citizens’ and consumers’ rights.
  • Communicate with the public about the schemes and the accompanying rights overhaul.
  • Place both Digital iD and GovPass under legislative oversight and protect both schemes from overreach. Expressly prohibit ‘social credit’ schemes that are facilitated by government-enabled digital identity checking.
  • Explore options to join the schemes.
  • Apply stricter and clear limits on the use of biometrics at the federal, state and territory levels.
  • Establish a national taskforce.

DTA had tied up with ASD-certified cloud provider Vault (formerly Vault Systems) to provide cloud services for the GovPass trial but then abruptly terminated the arrangement.

The agency then tied up with Microsoft's Azure cloud for its own corporate use, but has so far made no announcement as to who would provide the cloud services for the GovPass trial which is being run jointly by the Australian Taxation Office and the Department of Human Services.


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments