A clear industry consensus in favor of government-backed digital ID has emerged in submissions to the government’s revised cyber security strategy consultation. This consensus includes major banks, consulting firms, and technology companies.
One of the major reasons for the support of strong digital ID is the desire for a zero-knowledge proof of identity. This means that businesses would only need to know that an individual is over 18 years old without collecting any actual date of birth details, reducing the risk of data security breaches.
The Australian Banking Association believes that a digital ID capability could be the foundation for a new, secure--design approach to cyber resilience. Deloitte adds that traditional knowledge-based methods of enrolling or authenticating users, such as passwords and security questions, are no longer reliable due to large-scale data breaches. This shows that a better digital identity regime is necessary to protect against identity fraud and cybercrime.
However, there are concerns about public trust in a digital ID system. EY warns that nearly 30% of Australians are still uncomfortable with the concept and suggests that the government should start with a voluntary system to build public trust. Additionally, an independent governance authority should be established to ensure the security and integrity of the system.
In terms of implementation, AWS and Optus suggest that multi-factor authentication should be a key component of a national digital ID solution. They emphasize that multi-factor authentication is one of the simplest and most effective protections against password leaks and social engineering.
Overall, the industry consensus supports the implementation of a government-backed digital ID system in Australia to improve cyber security, protect against identity fraud, and establish a secure--design approach to cyber resilience.
– Digital ID: A unique identifier for individuals or organizations in the digital realm.
– Zero-knowledge proof: A method that allows one party to prove knowledge of specific information to another party without revealing the actual information.
– Multi-factor authentication: A security measure that requires users to provide multiple forms of identification to access a system or digital service.
– NAB Submission: pdf
– ANZ Banking Group Submission: pdf
– Australian Banking Association Submission: pdf
– Deloitte Submission: pdf
– EY Submission: pdf
– AWS Submission: pdf
– Optus Submission: pdf