Australia buries Digital Identity

It appears that Australia has killed off “digital identity”. Australia’s proposed Digital ID legislation is actually not about digital identity — it’s about proving you have been identified.

What’s the big deal? Identity and identification are different things. Identification is about establishing enough facts about someone in a specific context that you can deal with them; identity is bigger, more amorphous, and usually more personal.

So I am delighted that the term “digital identity” is no longer used in the draft Digital ID Bill 2023 (PDF) or explanatory materials. This is a significant shift in framing, and it will simplify what has been a very tricky problem space.

We can reform identification without disrupting identity. We can make identification resilient against fraud in the wake of data breaches, without introducing any novel new “digital identity”. The concept of digital ID is closer to mundane functional identifiers and does not affect the cherished sense of personal identity we have in the analog world.

The Digital ID Bill heralds a uniform approach in Australia to digital and data governance across open banking, open data, and digital ID.

We are seeing a transition from plaintext identification to device-assisted identification. Instead of presenting weak plaintext copies of ID numbers or whole ID documents, the proposed Australian Government Digital ID System (AGDIS) will enable individuals to use digital ID as a proxy for their existing verified analog IDs.

The previous government’s legislation was going to be called “Trusted Digital Identity”. The new draft bill drops that flowery wording. But we wonder where this leaves the existing Trusted Digital Identity Framework (TDIF)?

TDIF was based on a centralised identity exchange architecture. This is fine for the government single sign-on systems, myGov and myGovID, but this architecture is a poor fit for decentralised verifiable credentials.

Now the AGDIS anticipates a raft of Digital ID Data Standards to be developed, providing an opportunity to rethink the centralised exchange. The new Digital ID Regulator can also reconsider the state of the art in authentication and authorisation technologies.

We look forward to the Australian digital ID system making good use of verifiable credentials, phishing resistant mobile technology, and data signing.

Lockstep’s Data Verification Platform is a scheme to rationalise and organise data flows between data originators such as government and the risk owners who rely on accurate data to guide decisions. Join us in conversation.

If you’d like to follow the development of the Data Verification Platform model, please subscribe for email updates.​