The Federal Government has unveiled its new digital identity and credential project that will leverage the existing Digital ID and myGov infrastructures to develop a third-party-shareable verification system.
Government Services Minister Bill Shorten announced the project, titled Trust Exchange (TEx), in his National Press Club (NPC) address on Tuesday, telling attendees that the “brand new and world leading” initiative would unlock the potential of myGov as “the gateway to Australia’s… secure, inclusive and exciting digital future” that is currently “underutilised”.
The TEx project, Shorten said, is also a collaboration with Minister for Finance, Senator Katy Gallagher, who has carriage of Digital ID, and Assistant Treasurer and Minister for Financial Services, Stephen Jones.
“TEx will not duplicate Digital ID, but builds upon the investments already made in that system, including all the consultation and the digital ID infrastructure,” he said in his NPC speech.
“The strength of this tech trifecta has the potential to give Australians control of their data that will rival the gold standard, General Data Protection Regulation in Europe but without the regulation and complexity.
“It is a secure means by which to exchange with a third party ‘who you are’ – your identity – or ‘what you can do’ – your credentials.
“Services Australia is partnering with other government systems to develop TEx to give Australians the ability to verify their identity and credentials based on official information already held by the Australian Government.”
Shorten also confirmed that $11.4 million has been dedicated as part of the Digital ID project in the Federal Budget which will complete the proof of concept by January next year with the “the ability to issue a verified credential, the ability to selectively share information, and the ability to prove your identity without sharing any information”, as well as the addition of Medicare, Department of Veteran Affairs (DVA), Organ Donor and Concession cards.
“This new digital infrastructure can drive progress that lets individuals control their own data while creating opportunities for productivity gains and economic progress,” Shorten said.
“Whatever the case, online or in person, you choose what is shared, you consent to what is being shared and you can trust it is shared safely.
“TEx will have a range of uses, from government to business and business to government; from consumer to government and government to consumer; and from consumer to business and business to consumer.
“The beauty of TEx is that it is part of the broader interoperable Digital ID system – and that means reducing the collection, storage and sharing of data across the economy.”
Shorten also said the TEx project comes at an opportune time in which society has had to grapple with “high profile, significant cyber incidents and data breaches in recent times”, which have only proven why “things [need to be done] differently”. He also confirmed that the system will be opt-in for users.
“As we know from [the Optus] incident – many businesses store Government produces documents, such as licenses and passports, as a way of proving they know their customers. An ID as a Verifiable Credential would be a secure and very efficient way for a business to be certain of someone’s ID,” he said.
“It will save businesses money as it will significantly reduce their customer on-boarding procedures and their data storage requirements. As we see the results of the TEx Proof of Concept, I will need to work with my ministerial colleagues, to consider how might we be able to update regulation to take advantage of this advancement.
“Each time a breach happens it harms Australians’ confidence in digital technologies and given the importance of digital technologies in improving people’s lives, it is important that the Australian government helps to build trust.
“With TEx, data will be secure. TEx will be time saving. And it will be money saving. It will be a decentralised model which reduces the replication of information and has privacy by design as its foundation.
“If we let private industry carry out their business needing to store less and less personal information then, through a different mechanism, we will have achieved some of the best aspects of the GDPR.”
In his NPC speech, Shorten also explained several scenarios in which the TEx system would be used to securely prove one’s identity without sharing private and personal information.
“You need a service – let’s use getting a hotel room as an example. When you check in, the hotel requests your personal information (attributes) – often that’s your driver’s license or passport.
“With TEx, instead of handing over those documents to be copied in some form, you would scan a QR code on the front desk – or use technology similar to tap-to-pay machine – that digitally ‘shakes hands’ with your myGov wallet.
“You choose only the information you wish to share with the hotel from your digital wallet and consent to its use. You will have a record in your myGov wallet of what you shared and with whom you shared it.
“Take the case of someone going to the local RSL and wanting to prove they’re over 18. The plan with TEx is that they’d just hold their phone to a tap-to-pay style machine and a digital token will be sent to the club vouching for their identity and that they’re over 18.
“Not even their actual age is disclosed, merely that they are over 18. The token will be a valuable promise to the club, but of zero value to a cybercriminal because the confirmation token will not contain any personal information.
“It is a bit of an abstract concept at this point but once it is in place, TEx will have countless applications.
“It has the potential to unleash innovation across our economy, creating opportunities in all sectors as well as for small businesses.”