The Australian parliament is working on the government’s Digital ID Bill 2023. After passing the lower house, the Bill has been considered by a senate committee inquiry, which included hearing a day’s worth of expert testimony. The committee’s report has now been tabled.
The committee recommended that the senate approve the Bill, but as usual, a number of opposition politicians wrote dissenting reports.
Two sorts of objections are worth correcting because they reflect serious misunderstandings of the Digital ID Bill and of the whole field of digital identity.
The Digital ID Bill has no new ID
The Coalition Senators’ Dissenting Report at paragraph 1.16 alleges:
“It seems that [the government] has decided on a more syndicated model that centralises Digital ID in government hands, disregarding the Murray Review’s warnings. By departing from a truly federated approach to Digital ID, Labor is risking the integrity of the entire premise of such a framework.”
I will come back to the Murray Review shortly. For now, I only want to stress that the Digital ID Bill is not a “syndicated” model of digital identities. It is not any sort of model of digital identity.
The Digital ID Bill introduces no new IDs whatsoever. The whole point of the legislation is to conserve existing IDs and make them more reliable in digital form.
Federated identity has been tried and tried
The Coalition Senators are much attached to federated identity. They call out the 2014 Murray Inquiry into the Financial System which recommended a public-private federation of trusted digital identities. And they’re obviously proud of the public sector Trusted Digital Identity Framework (TDIF) launched in 2018.
Yet the dissenting report doesn’t mention the private sector trust framework effort.
Following Murray, the government worked on TDIF while the Australian Payments Council took on a parallel financial services trust framework called TrustID. After many years work, the TrustID working group was unable to reach consensus on use cases for banking digital identities, and the framework was quietly dropped.
In my view, more attention should be given to the impasse on TrustID use cases when digital identity is thought to be so urgent. That’s quite a paradox!
The fact is that federated identity has been tried over and over in Australia, and in comparable economies, and it has proven to be a market failure. Many commercial Identity Providers have launched in Australia but not one has built a sustainable business. As for TDIF, it’s solitary measure of success is the rush of identity service providers seeking accreditation in anticipation of business expected to come.
We should listen to the market. The idea of free market federated identity provision, reusable across banking and government, has proven plainly not to be viable.
It seems to me the government has heeded 15 years of experience of a stagnant digital identity market. With its fresh new Bill, the Australian government has progressed beyond the past idealism of reusable “digital identity”. The Digital ID Bill doesn’t use the term anymore, and instead focuses on digitising the many trusted IDs we already have, so they are more reliable online.