Concerns Raised by Senator Regarding Potential Centralization of Data through National Digital ID
In a recent Senate Committee hearing, Australian Senator Matt Canavan expressed his concerns over the federal government’s proposed national digital ID scheme. He highlighted the risks of centralizing personal data, particularly biometric information, which could potentially be leaked in a mass way. Senator Canavan questioned whether it would be more sensible to decentralize this type of data rather than incentivizing its centralization in one location.
These concerns were directed to Jordan Newnham, the executive director of corporate affairs at CyberCX, a major organization that supports the digital ID scheme. Mr. Newnham assured that the proposed federated architecture of the system would ensure the security of personal data, including highly sensitive biometrics. CyberCX, along with other organizations like the Commonwealth Bank, Westpac Bank, and Woolworths, does not express concerns about data centralization.
Senator Canavan further questioned the need for centralization, pointing out that companies like Apple already have access to Australians’ biometric data. He argued that the digital ID scheme would centralize things even more by limiting access to accredited individuals. Mr. Newnham responded by stating that the current ad hoc model of providing identification documents carries a greater risk than systematizing the entire process. He emphasized that the current approach widens the attack surface for threat actors to find the weakest link.
Concerns over data centralization were also raised to the Department of Finance by Senator Jess Walsh, chair of the Committee. The department assured that there is no intention to store data collected by private sector digital ID providers for their customers. The government’s digital ID scheme seeks to limit the amount of information stored solely for identification or verification purposes with the individual’s consent.
The government officials further confirmed that additional safeguards under the bill would allow Australians to deactivate their digital ID if desired. There are prohibitions and restrictions on sharing certain sensitive information, the use of biometrics is only for verification, and there are limitations on the use of personal information for direct marketing.
However, Digital Rights Watch has warned against the potential repurposing of personal data for surveillance. They emphasize that the digital ID system must be genuinely voluntary, with practical non-digital alternatives available for Australians.
In conclusion, the concerns raised by Senator Canavan regarding the potential centralization of data through the national digital ID scheme have sparked a debate about the security and privacy implications of such a system. While organizations like CyberCX support the scheme and assure its security measures, Digital Rights Watch advocates for a genuinely voluntary system with alternative options. The government officials responsible for the bill emphasize that there is no intention to centralize all digital ID information and highlight the additional safeguards in place to protect personal data. As discussions continue, it is crucial to find a balance between convenience and privacy in implementing a national digital ID scheme.
