In the wake of the massive cyberattack against Australian telecom Optus, government officials in the country are considering the development of an expanded digital ID and authentication system for use across the nation.
Optus reported the attack in September, disclosing that the data of up to 9.8 million customers – representing 37 percent of Australia’s population – might have been compromised. That included Personal Identifiable Information (PII) like email addresses and dates of birth, and possibly even driver’s license and passport numbers.
Now, a government spokesperson has indicated that authorities will look into the idea of using existing e-government login platforms – myGov or myGovID – in a centralized digital identity system. As The Guardian reports, that effort will be led by David Thodey, the former head of another telecom, Telstra. Thodey had been appointed to lead an audit of myGov after the election of Prime Minister Anthony Albanese in May of this year, and his remit will now be expanded to review how myGov might be used more widely for authentication across the country, not just by government agencies but by private businesses.
“Within the audit’s remit is to consider how myGov can deliver seamless services that will frequently involve private enterprise service providers,” explained the spokesperson. “This would prevent the need for citizens to provide sensitive data multiple times to multiple entities.”
Meanwhile, Finance Minister Katy Gallagher has reportedly been exploring the idea of reconsidering digital ID resurrection from Australia’s previous government that had been abandoned after the election. Officials recently scheduled the first Digital and Data Ministers’ Meeting in six months, with Gallagher explaining that it would focus on discussions of “how we can ensure that Australians can access safe, secure and trusted government services online.” That meeting is slated for November.
The activities point to the potential development of a broad, centralized digital ID program in the country, an ambition that had been harbored under the previous government. Just this past March, the Digital and Data Minister and the Minister’s state-level counterparts held meetings in which they agreed to explore the development of a trusted, federated ID for use when dealing with both public and private sector organizations.
If the new political leaders end up reviving that ambition, it will put Australia back on track to join a global trend toward digital ID programs, with numerous countries around the world now pursuing their own such projects. But it will require a conscientious approach to security, with some cybersecurity experts already pointing out that a centralized digital ID system would simply put access to more Australians’ PII into a single target for interested hackers.