Home Government Tech Policy DTA, cyber expert at odds over GovPass analysis
DTA, cyber expert at odds over GovPass analysis Pixabay Featured

The author of a detailed analysis on the Federal Government's proposed identity scheme, GovPass — a trial of which is scheduled to begin this month — says he worked closely with the Digital Transformation Agency while preparing it, but ultimately disagreed with the agency on its implications.

Fergus Hanson's report "Preventing another Australia Card fail" appears to have riled up the DTA which issued a long note of protest on Thursday evening, citing what it claimed were mistakes and incorrect conclusions.

But Hanson, the head of the International Cyber Policy Centre at the Australia Strategic Policy Institute, told iTWire that he had worked closely with the DTA, the Ministry of Home Affairs and Australia Post to write his detailed analysis.

"They [DTA, Home Affairs and Australia Post] had the opportunity to review multiple drafts," he said. "In the end, there were some disagreements with DTA over the implications of the scheme. I heard what they said, but ultimately disagreed with their assessments."

Briefly put, his write-up criticised the creation of two systems for identity verification — the Australia Post system known as Digital iD and the DTA-managed GovPass — neither of which was governed by dedicated legislation.

Hanson said that the DTA had done a poor job of telling the public about the safeguards — if any — to guard against such schemes hoovering up too much data and preventing "a Western version of China’s ‘social credit’ scheme emerging".

Another key point Hanson made was that there was a danger of conflating two biometric services – the Face Verification Service, used for digital identity, and the law enforcement biometric enabler, the Face Identification Service.

"The FIS lacks adequate safeguards and in its current form is likely to attract public opposition far exceeding that directed towards the My Health Record scheme," he commented in his paper.

The DTA statement, attributed to its media team, made a blank assertion: "The report was inaccurate and contained many factual errors. It was not an informed or objective appraisal of the program." But thereafter, the statement did not provide detail to back this up; it appears that some of Hanson's characterisations got up the noses of people at the agency.

"The association of China’s social credit system and the Australia Card with Australia’s new digital identity program has no basis," DTA said. "Nor do claims that private sector companies will be able to harvest user data. These demonstrate a clear misunderstanding of how the digital identity system is intended to work."

And it added: "Another key assertion is that two digital identity systems are being built, which will compete against each other. This is incorrect. The digital identity federated model allows for multiple identity providers, but only one system. This means people using the system will be able to choose to set up their digital identity with their provider of choice."

A third objection was: "The digital identity program will not issue identifiers or cards. It will use a ‘double blind’ architecture where the identity exchange sits between the digital service and the identity provider. This protects a person’s identity by making sure that no identity provider can see the services being accessed, and services cannot see the personal information from the identity provider."

Hanson told iTWire: "My point was not that GovPass would create a honey pot of data that could be on-sold as part of a social credit scheme. The DTA scheme actually has good protections to prevent this.

"The point I make is that the scheme lacks controls that would prevent those who use it from harnessing the scheme to build verified profiles of Australians. Australia Post's scheme also allows this. That's why they both need to be brought under legislative oversight."

He said the schemes would compete against each other, DTA's protestations notwithstanding.

"DTA claims they won't compete because Australia Post is considering joining their scheme as an identity provider. Australia Post is considering this, but there will still be two separate schemes — GovPass and Digital iD — that will compete against each other and both of which taxpayers funded," he said.

Hanson has suggested the following changes to the ID schemes:

  • Accompany the introduction of digital identity with an overhaul of online citizens’ and consumers’ rights.
  • Communicate with the public about the schemes and the accompanying rights overhaul.
  • Place both Digital iD and GovPass under legislative oversight and protect both schemes from overreach. Expressly prohibit ‘social credit’ schemes that are facilitated by government-enabled digital identity checking.
  • Explore options to join the schemes.
  • Apply stricter and clear limits on the use of biometrics at the federal, state and territory levels.
  • Establish a national taskforce.

DTA had tied up with ASD-certified cloud provider Vault (formerly Vault Systems) to provide cloud services for the GovPass trial but then abruptly terminated the arrangement.

The agency then tied up with Microsoft's Azure cloud for its own corporate use, but has so far made no announcement as to who would provide the cloud services for the GovPass trial which is being run jointly by the Australian Taxation Office and the Department of Human Services.

47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

· Sydney 29-30 November
· Brisbane 3-4 December
· Melbourne 6-7 December

Register now for YOW! Workshops

· Sydney 27-28 November
· Melbourne 4-5 December

REGISTER NOW!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect