One of Australia’s most technology savvy political figures warns the country is in “an identity arms race” against cybercriminals intent on stealing people’s identities and money.

Victor Dominello is a former NSW Government Minister who is assisting the federal government roll out its new digital ID system. He is now a professor at UNSW, leads the Trustworthy Digital Society Hub, and is a board member of the Tech Council of Australia.

He says digital ID will put “a big dent in their business model” of cybercriminals, but warns the system needs to keep improving to stay ahead.

The country is moving from the 100-point check where you produce a passport, driver’s licence and other documents to establish your identity. This is being replaced by a new digital ID system that uses code generator apps and checks biometrics: fingerprints and face recognition. The roll out is nominally July 1.

The 2022 Optus and Medibank breaches both saw the identity documents and personal information of about 10 million Australians stolen, a precursor to criminals seizing control of victims’ bank accounts and taking out loans in their names.

Victor Dominello displays the advanced functionality of the Service NSW app during the pandemic.

Victor Dominello displays the functionality of the Service NSW app available during the pandemic.

Department of Finance officials last week briefed ChannelNews Australia on how the digital ID system would thwart hackers’ plans.

A digital ID provider would check the identity of a customer or client signing up to a service and tell the organisation whether the ID check had passed.

They say most businesses and organisations wouldn’t need to store any identifying documents whatsoever. There would be no ID documents for hackers to steal.

“Typically, the only information digital ID shares with a business is name, date of birth and email address,” an official says.

Some services had record keeping requirements, such as those under anti-money laundering and counter-terrorism financing laws.

They would need express consent from both customers and an oversight authority (here the Australian Competition and Consumer Commission) to keep required records.

Personal records held by digital ID providers would be encrypted using the latest cryptographic algorithm set by the Australian Signals Directorate, the official says.

“Using digital ID means that businesses, big and small, don’t need to store copies of their customers or their employees’ ID documents. Having less copies of your sensitive information out there means less risk of data theft.”

The official did warn that digital ID wouldn’t eliminate the risk of data theft altogether.

In the case of the Medibank data breach, hackers obtained records of health claims, including for terminating pregnancies and mental health support.

Mr Dominello defends the government’s plan for multiple digital ID providers and dismisses the view that this is unnecessary duplication.

NSW, Queensland and Victoria are understood to be all developing parallel digital IDs to the commonwealth’s based on the MyGov system. Other states may also come aboard.

The government also has announced a structure for private organisations to be digital ID providers with Australia Post, MasterCard and OCR Labs the first to be accredited. They must offer the same three levels of security as government digital IDs – basic, standard and strong.

“A regulated ecosystem is always better than having a monopoly,” Mr Dominello says. “When you provide people with choice, you’re less prone to complete system failure. Having alternative players in the market is generally healthier for the ecosystem.”

Mr Dominello says that as NSW Minister for Customer Service, he found people would adopt technology if it’s safe, trustworthy, offers functionality and has a value proposition.

He points to an almost 85 percent take-up of the NSW government’s digital driver’s licence introduced in 2019. Other states are following suit. 

Recreational fishing licences, responsible service of alcohol and responsible conduct of gambling competency cards were available through the Service NSW app eight years ago.

Mr Dominello also offered QR-code activated vouchers for discounts at restaurants and entertainment venues via the Service NSW app. The move bolstered business patronage during the pandemic.

He acknowledges that some Australians might not have the necessary documents to establish a digital ID. Others may simply refuse to create one; a digital ID is not compulsory.

“If you want to make a system trustworthy, you’ve got to be inclusive,” he says. “You’ve got to provide traditional channels for those that simply, for whatever reason, cannot or will not opt in for a digital ID. So traditional channels have to exist. That’s non negotiable.”

No witnessing for commonwealth statutory declarations 

Mr Dominello fervently supports the federal government’s release this week of a digital statutory declaration that doesn’t require a witness.

It is found in the “forms and applications” section of the services tab in the MyGov app.

The digitally signed statutory declaration doesn't need a human witness.

The digitally signed statutory declaration doesn’t need a human witness.

The digitally signed declaration doesn’t need a human witness. The app creates a signed .PDF document you can download, print or send electronically. Declarations contain a QR-code that lets a receiver check with MyGov that the declaration’s contents exactly match what you wrote initially.

Statutory declarations are the first witness-less document in the app. Documents from a variety of government agencies are expected to be added over time.

Other agencies that are digital ID providers would likely apply the system to their forms, for example banks.

Mr Dominello was scathing at the concern that abolishing witnessing will impact the businesses of actuaries and e-signature providers.

“If this is a Luddite argument, then I don’t buy it,” he told ChannelNews Australia.

“Technology is always going to produce disruption. That’s just part of life. If we don’t accept that well then, I shouldn’t be talking to you on this phone. I should be sending you hand signals.

“Instead of doing the dopey dumb work that automation, or smart automation can do, we apply our minds to more creative and more empathetic channels. This is my strong view.”