This transcript has been edited for clarity.
HOST, Ron Hotchin: Hi, Sally, how are you?
HOST, Sally Mackenzie: Good Rob, how are you?
Rob Hotchin: Excellent, Thank you. Excited to be talking to you today.
Sally MacKenzie: Me too.
Rob Hotchin: As this is our first episode, tell the people a little bit about yourself.
Sally MacKenzie: I'm Sally Mackenzie. I'm the founder and managing director of Delta Advisory. So I work with businesses and not for profit and industry associations that want to understand what decisions government is making that influences their business or organization, [we] help them take [the] problems that they might have to government [to] help solve [it] together. So I really love working with Privy on Digital ID, because it's a really exciting development. But enough about me, Rob. Let's tell the audience about you.
Rob Hotchin: I am Rob Hotchin. I am the Australian country manager for Privy. Privy are a Digital ID company. We've got over 50 million users of our digital identity, 3500 customers, people like AXA, Allianz through to Pizza Hut and Nestle being used around the world, but we have just landed in Australia, so we are figuring out the landscape here and how we help bring digital ID to Australia. So Sally, what is Digital ID?
Sally MacKenzie: It's such a good question, Rob, and I think if you ask 10 different people what Digital ID is, you would get 10 different responses. But for me, Digital ID is a way for you to verify who you are or other important bits of information online without having to physically hand over documents like your passport or your driver's license.
Rob Hotchin: I always use the analogy of like a square peg, round hole: [you’ve] got a physical ID in a digital world. It just doesn't work like that. So the concept is, how do we build a Digital ID for the digital world?
Sally MacKenzie: So how would you describe Digital ID?
Rob Hotchin: It's really hard, considering this is literally my job to go and describe Digital ID. I struggle to explain it to businesses, consumers, family members. And I think the easiest way of really getting someone to understand what Digital ID is, is understanding what it could be if you think about all the different use cases, the first one is whenever you use the word ‘verifying yourself’. So those real life use cases of verifying would be applying for a credit card or a mortgage, or it could be the other side, applying for opening an Iconic account, or checking into a hotel, or all of those different examples that today is laborious [of] because of two things: One, you have to supply a load of details, and then the other aspect of is it safe? Is it secure? Do you trust someone when they take your driving license, they make a photocopy and put it in the filing cabinet. Do you trust them?
Sally MacKenzie: No, I don't. I definitely don't.
Rob Hotchin: Like where's that going? Is it locked? And I think that one of the main use cases is a making it easier click to apply so I don't have to go and download my Telstra or AGL bill. I'd love it if they were going to go and pay the bill for me, but they're not so not having to do that part, the laborious kind of collecting that information and sending it across, and then the safety element of, what are you doing with that data? Is it safe and secure.
Sally MacKenzie: And presumably like a relief for businesses as well? Because I reckon half the businesses that have to collect this data are terrified they're going to be hacked, or it's going to be leaked.
Rob Hotchin: You know what, it's really funny, because back where I was working cloud, and this thing called big data came out, it was all about as much data as you can collect. Collect data about all your users and consumers. Collect everything. And everyone kind of lauded, look how much data we've got. We've got a data lake full of this data. And then suddenly someone went, That's a liability. And everyone went, oh, how do I get rid of this data now? And, now, no one wants it, right? So now, there's this law in place saying I have to collect the data and keep it for seven years.
There's a lot of misunderstood people thinking it's law, that I have to take data. But the organizations don't want it. They don't want the liability of collecting the data. It's also effort. And you go to a real estate agent, they go and photocopy it. Do you think the real estate agent really wants to go and get your passport and photocopy it? And no, they just want to go and sell you a house. They don't want to either. So that's why this is a win win, right? People are winning on both sides of the coin.
Sally MacKenzie: Good for consumers who don't have to kind of take, you know, using blindly, trust exactly, and good for businesses as well.
Rob Hotchin: Absolutely. And the other element is control of your identity. So when the internet came up in the mid 90s, whenever it became popular, you've been given your identity out, be that your name, date of birth, address, whatever that is. And over those years, you've created what you call an identity sprawl. And your identity is everywhere. And if you're anything like me, I have no idea who those businesses were 10,15, 20 years ago, who I gave my name and date of birth to. I'm not gonna be able to go back and get that now.But in a digital ID world, I will have a list of every organization who has received my tick to say, this is Rob Hotchin, and at any point I can say I don't want you to have that anymore. And, I can retract it and I liken it to like iTunes.
Sally MacKenzie: It’ll be like, settings on your iPhone, right, where you can go in and say, I don't want notifications from this. You could do that to control your who has your ID, right?
Rob Hotchin: Yeah, so you've got consent. Let's say someone sign up for a phone contract, and they're gonna ask for XYZ. I can consent Telstra to have these bits of information, but I don't need these. They don't need my passport number. Consent is a really important thing.Like your settings, but also a case of, if I'm no longer doing business with this company anymore, they shouldn't have any of my data, and I should be able to request that back. I think you'll be able to control it like that is important, but also the management of it as well. So, if I move house, instead of having to call up the credit cards, call up the bank go into my Amazon account, go into my iconic account, go into all these different accounts and change my address and everything. Just do it in my Privy app, or whoever your Digital ID provider is, and it pushes that update to all of these providers who legitimately need your address to be able to post you stuff. But it means again, the ease of use for you as a consumer so much easier.
Sally MacKenzie: It is sounding really exciting, and I can't wait to learn more over the next few episodes of this podcast. But we should get our first guest in today, shouldn't we Rob?
Rob Hotchin: Absolutely, we should.
Sally MacKenzie: I'm really pleased to introduce our guest today, John Shepherd. John is the First Assistant Secretary for Digital ID and Data Policy Division in the Department of Finance. This division includes the Digital ID Taskforce, which is really important. Leading the work to develop a comprehensive economy wide system for Digital ID, including the introduction of legislation and rules and the establishment of a regulator. John is a very experienced public servant, having held a range of senior positions in the Commonwealth public service, including at the Australian Tax Office and the Australian Bureau of Statistics, where he was awarded a public service medal in the 2022 Australia Day Honors list for his work on single touch payroll. John is in his spare time also a passionate Movember community ambassador and fundraiser for men's health initiatives. So welcome John.
First Assistant Secretary, Digital ID and Data Policy Division, John Shepherd: Thanks, Sally, great to be here.
Rob Hotchin: Movember. What sort of style you rocking? You going kind of simple? Are we going outlandish? Are we going to go full handlebars?
John Shepherd: Probably surprise you and say it's a full handlebar. So really, yeah, absolutely, something I've been doing for 16 years. Yeah, leading teams at Finance and previously at the ATO and ABS, so raising lots of money for a good cause.
Rob Hotchin: 2012 I worked for a company called Rackspace, who adopted the Movember piece. I didn't know it was kind of started in Australia at that point in time, but it was one of my favourite things to get part of. The moustache is about the only thing I can grow on my face. So it made me feel good about myself.
John Shepherd: You and me both.
Rob Hotchin: Can you give us a little context as to why now? the main objectives are of what we're trying to achieve by putting this in place.
John Shepherd: Absolutely so why now? It's not something that's just kind of been recent times. It's been Digital ID has been around in Australia as a concept for over eight years. It's been consulted on extensively to get legislation in place it’s build on something called the TDIF, which is the Trusted Digital Identity Framework, which has been operating as an accreditation framework for quite a period of time, really.
Now, I think what's really brought this on is some of the recent data breaches, with big companies. We've all heard the stories about some of those hacks and people have lost identity information, and it's really hard to resurrect. So really that's brought it on to say we need more people to adopt Digital ID, but we need to do it in a way that's trusted, secure, convenient, and, importantly, inclusive. And the last one is voluntary, so people can really opt into this. And really it's about getting the message out to people that there got to be a way they can stop handing over their identity docs.
I'll give you the legal definition in the Act, which is a distinct electronic representation of the individual that enables the individual to be sufficiently distinguished when interacting online with services. So that's probably resonates a little bit. I like to talk about it as the modern 100 point check. Everyone in Australia is familiar with the 100 point check when dealing with banks, etc, going back to 1988. Would you believe ID in Australia is quite unique It's not one ID card. It's not one number. We do build off using multiple identity documents to actually verify yourself, and people are quite used to that. So it's quite a different thing, but lots of consultation, and we're fortunate to see the passage of the Digital ID Act in May this year, royal ascent of that. There's a lot of work going at the moment to consult on the rules and the standards that will sit underneath that.
Sally MacKenzie: I think you're right in saying Digital ID is not new. So I think something like 12 million Aussies already have Digital ID. So it's been around for a while, but the new Digital ID that has passed Parliament a few months ago and will achieve Royal Ascent later this year. What are the key changes, and what does it mean for the average consumer or for businesses?
John Shepherd: Firstly, you're right. It has been around and people are using Digital IDs. People might not equate when they use myGov ID as a Digital ID, that's a Digital ID. so that's the one provided by the Commonwealth. At the moment, some people may be using myGov ID when they interact with the Commonwealth Government or their state and territory government, for example, that you can use it to sign on to myGov. Again, the bit of confusion between myGovID and myGov. But myGovID is the Digital ID that allows you to securely verify that you are who you say you are when you log in online. In terms of the Act and what it brings, again, it builds on that voluntary accreditation scheme, which I mentioned earlier, TDIF. Essentially it does three key things. It brings that accreditation scheme into law and will enable things like a trustmark, so the accredited Digital ID providers in the system will be able to display a trustmark. Which therefore consumers can look forward to know that they're dealing with someone who's got high levels of security.
There's high levels of oversight over those Digital ID providers, and they're required to follow a whole lot of things that are actually in those rules if they're going to be accredited. Secondly, it provides for the Australian Government Digital ID System that has additional protections in it for what we call relying parties, or essentially businesses and government who rely and use a Digital ID as their ID verification part.
Importantly, it brings things into the law there around voluntariness. I know that sounds like a made up word, but in essence, it means that it's voluntary, that there's got to be always alternate channels. And there's certainly a clear intent of this system is that it's not forced on people. It's something that people, hopefully will understand the benefits of an opt into over time. The legislation also enables something called interoperability, which means that over time, as we go and see more ID providers, more than just myGovID, come into that Australian government system, the relying party has to offer a choice of the IDs that are in there, because we often hear people like to use, potentially a government ID when they're dealing with government, but for some of their business interactions, they might want to use a private sector provided ID. There's some of those already out there that have been accredited. Australia Post is one of those. There are others there as well. There's about four or five accredited Digital IDs that people can use now in their interactions. The third bit of the legislative framework is the regulators. So it actually brings strong regulatory oversight, and so the ACCC will be the main regulator for the Digital ID Act. They have a strong focus that people trust. The ACCC is a regulator. They have a strong focus on consumers.
Importantly, they will be the ones that take on the accreditation scheme and also the oversight and enforcement to make sure that the ID providers are following the Act and the rules and the standards that they need to. The other regulator that's put in place by the law is the Office of Australian Information Commissioner. There's additional privacy protections that go above and beyond the Privacy Act, including things like the prevention of the banning of profiling, so that the actual Digital ID servers can't follow what you're doing online and what services you're accessing in order to market to you, for example, that's specifically banned in the legislation. So OAIC will provide that important oversight and make sure they're keeping an eye on the providers and that they're all doing the right thing.
Rob Hotchin: Big Brother.
John Shepherd: Absolutely. And that is a fear that is certainly has been a concern, that someone's going to track what I'm doing. That is not the case with this, because it is specifically banned, and it's actually binded from the Digital ID provider.
Rob Hotchin: I think that which is absolutely the right position to take, even if you didn't have that piece in there, I'd still rather someone tracked me and did big brother in the light, opposed to in the dark web, which is probably happening today, and we're just unaware of it.
John Shepherd: You touched on earlier, the pain of having to draw out your individual identity docs and find your bank statement, whatever you're using to verify yourself with Digital ID, you obviously do an initial verification of your core documents, and then that ability to reuse that over and over. My biggest bugbear is trying to drag the birth certificate for myself or one of my kids out of the filing cabinet that my wife keeps them in. And every time I have to do that, I'm just like, Ah, god, that's a pain. Plus, who's getting it and how many people has it been passed on to as well. So I think people will adopt this, particularly if they find it easy to use, but also, obviously, if they have confidence in the system that it's not going to be passed on, that I'm actually verifying myself once, and then I'm able to reuse that over and over.
Rob Hotchin: I got my Australian citizenship last year, and I had to get my mum to post my birth certificate from the UK out to here, so then we can I can apply for my citizenship.
The point I was going to make around my mum having to post is the global interoperability. Now I'm getting ahead of myself, but Aussies are famous for traveling the world and your ability to go to somewhere and rent a car in France, or check into a hotel in Hong Kong, or whatever that looks like. I think powers is built to help us, from a global perspective, plug into all those other systems around the world.
John Shepherd: Certainly it starts in the Australian context and really making sure that our interactions in Australia, for people who have to operate in Australia, work across those businesses, that's a huge challenge in itself, but we have certainly got an eye to just about everyone around the world's doing something around Digital ID and credentials. So very much got an eye to that. And there's a flexibility here, that through the rules and standards, that these things can be accommodated over time, particularly as technology evolves. And you know, I've got the same hope you do around being able to use this worldwide. We make the passport work worldwide, which is obviously a fundamental identity piece of this puzzle here. I can't talk specifically about what we're doing on that yet, but it's one of those things you've got to kind of take those foundational steps first and put in place a legislative system that can then build out. But we're very keen, particularly with our close neighbours like New Zealand, to actually see interoperability with the amount of people that travel between those two countries.
Sally MacKenzie: And I think one of the good things about the Digital ID is that it really prioritizes choice, so consumers will have a choice of ID providers. So I think what you'll see as you get global players like Privy, for example, you'll start to see innovation and be able to have that ability to use your ID in different circumstances globally, which I think will be a really great development.
Rob Hotchin: Where we are with current ID system, and the passport is great at the airport, not so great at the real estate agent. And building that Digital ID for the digital world. At the moment, we've got a physical ID for the digital world and how that works. How I see adoption working in the sense of we can encourage systems to use Digital ID, such as banking, because they're already doing identification. This is a safer, easier, more secure, more digital way of doing it. Digital ID doesn't succeed until it's used across everything. The second time you use your ID is when it becomes valuable, right? The first time you do it, you fill out your 100 points, or whatever that looks like. And that can be laborious. But whenever you apply for anything else after then, with that ID, system becomes much easier. Do you have an idea around how adoption might look, or how might work in a sense of, okay, well, these systems will have to use it, and then we expect it to knock on effect, to be XYZ.
John Shepherd: Two ways of answering that question. I think one is private sector ID providers and exchanges, etc. are there now and they’re increasingly starting to provide Digital ID services. Some of those are accredited. Some are not accredited, but they're happening. So those Digital ID transactions. We've also got Digital ID I think it's now 13million myGov ID users that have been used to access a whole lot of Commonwealth services. So that's also been utilized. There's a valuable new use case around stat decs. So you can use a myGovID to do a stat dec, instead of finding one of those kind of people on the list who can witness one of a stat dec, incredibly convenient for people.
Sally MacKenzie: I’ve done it, John, and I can verify it is so much easier than the old system. You can do it at home in your uggies and your trackies.
John Shepherd: You need to tell lots of people that story, because that's part of how adoption comes from people learning from other people as well, that these things are easy to use and there already.
Secondly, once the legislation is implemented from 1 December this year, we will start to see things like pilots in various industries. You mentioned banking is an interesting one. There are currently some requirements in the banking sector called anti money laundering, counter terrorism finance laws that AML, CTF, people refer to that. And there's some requirements that have been around again for a long time to make sure that banks verify who's setting up an account, to stop things like false bank accounts and things and they also exist in things like telecommunications, so people can't get burner phones and do crime stuff, etc.
So, some of those laws specifically require the collection and verification of your identity document, so they're driving that proliferation of ID documents being collected and stored etc. So those things will need to be considered. How do we adapt some of those laws to make sure that digital ID can be used in that'll take time. It takes time to change regulatory requirements. But importantly, I think the other thing about adoption is, and I suspect we've all had this experience of going to a hotel and being asked to sign in, and not only do you get the potentially an annoying clipboard experience if you haven't signed in online, but you get asked for your driver's license.
Rob Hotchin: And what’s your passport? On my passport, I've put it away because I lose everything. Once I got through the airport, I tuck it away in the suitcase where I can't lose it. Yeah, and then they go -
John Shepherd: Overseas, overseas passport is the thing, right? In Australia, it's often a driver's license. Even if you have a driver's license, they take a copy of it, and you kind of go, why do you need my driver's license?
Rob Hotchin: Being from New South Wales, I haven't carried my driving license in a couple of years, right? It's all digital now.
John Shepherd: This is where I'm getting at in terms of some of the things that may not be required by L-A-W law that are required by L-O-R-E, because it's the way things have always happened. And this is how this person's been trained, that you need to verify who this person is. You need to collect their driver's license, take a photocopy of it, in some cases, whether I don't know if it goes in a filing cabinet, I don't know where it goes. So a lot of those things have got to change.
So that will be an important role for things like pilots and things to really flush out. How do these things work. Because Digital ID is fantastic, but unless businesses can easily accept it, know what to do with it, we're going to just drive frustration for people who go, hey, I've got my Digital ID and go to present it. And the person goes, What's that? And that would happen now to people. If you walk in with a Digital ID, the Australia Post Digital ID and you're going to Australia Post outlet, they're known what it is, because you can go and pick up your parcel, but everywhere else you go and show you Australia Post Digital ID, what are they going to say?
Sally MacKenzie: They’re going to go; you want your mail? We don’t have your mail here.
John Shepherd: Where's your driver's license? Can be your driver's license. So I think that's important. I think the other point I want to pick up here is not everyone can get a Digital ID. And this is partly goes to the voluntariness, but it partly goes to we need to find ways to make this more inclusive for people. Because it's a real frustration for people who can't get 100 points. Surprisingly, in Australia, there's still lots of people that can't make 100 points of ID. They don't have access to their birth certificate for some reason. You had to get yours mailed out from the UK. Lots of our First Nations, people we know don't have a birth certificate that they can put their hand on. For migrants, they don't have a lot of these documents when they first come to Australia.
Rob Hotchin: My brother-in-law, he's 22 and he came out on a working holiday, and he had to get the 100 point system to get a phone contract. But the utility bill's not in his name, the lease isn't in his name. There's nothing in his name. And he all had with his British passport, yes.
John Shepherd: And these things are incredibly frustrating and circular, because you need one thing to get the other thing, and so you can't establish yourself with kind of a strong set of identity documents unless you can kind of get it put in the door. So we've got some work to do, collectively across states and Commonwealth Government to resolve this, to find some alternative ways that for those people to identify themselves, but importantly, in a way that doesn't make them then a target for identity fraud. So they need to be secure too. And that system I mentioned, of 100 points, goes back to 1988 so we've been doing this, this way for a very long time. We are going to need to find some other ways so that importantly, our First Nations, our older people, our homeless people as well, who don't have potentially a device, Digital ID often comes on a mobile device. They don't have a mobile device. They might not have an internet plan that's ongoing, they might be using prepaid because they can't afford an ongoing plan. What happens when that shuts off? So there's quite a few challenges there we've got to look to resolve as well as we work through the implementation of this. And again, that's why it's important. Another reason it's important that this is voluntary, because not everyone can participate.
Rob Hotchin: I think you mentioned the pilot programs. I think there's such a critical piece in being the first domino, because I'm a such a big believer in this, is that what we'll create, quite quickly, is consumer demand. So once I've done my bank with Digital ID or whatever, and then when I go to the next thing and it's asking me to sign up again, I'm going to be demanding. Why don't you have this is an ID provider. Why aren't you plugged into myGov? And I can just click the button, and consumer demand will drive that adoption fast, but you need that first domino to fall. And I think there's some key kind of battlegrounds. One is FSI and financial services industry. Employment, I think is interesting. Like, if you look at construction, and I'm a contractor, and I might work on I know 10 different sites in a year, and each time, I must verify an ID myself, if I do that once, and then I can just go be straight all into the next one. I don't have to do that again and again. And not only my ID credentials, but also kind of my I have this certificate to be able to drive cranes or do this or this, and having that in a way where it's reusable, and I think reusable is the key part is interesting.
And if I look at every user online, right? So whether you're just joining the local council, whether you're joining a retail, wherever you're joining the bank, the reason that everyone doesn't ask or doesn't ID you is because two things, one, the cost is high to ID you, and two, the friction is high. So if you remove the cost and the friction, suddenly we can ID so much more. And there's so many knock-on benefits to that, if I look at counter terrorism, right, we've got the Olympics. So like ticketing systems. So in Indonesia, Privy have got ID associated to buying a ticket. So you call it scalping. In Australia, we call it touting. In the UK, right? So Taylor Swift came the other day. I go and buy eight tickets. I only want two, and I'll sell the other six and cover my two, right? That's not ideally how people want that to work. So in a Digital ID world, you can buy as many tickets if I have a Digital ID for so my Digital ID number is 1234, and buy all those tickets assigned to a digital ID. Therefore the ticket for Taylor Swift is under your name John, or under your name Sally. So you can't sell that on, because when you go into the stadium, you're going to face ID and you're going to go in.
That means that we can get rid of the scalping. So if you want to sell a ticket, you can do it on the main platform for the same retail cost, so we can control that, but also we can look at counter terrorism stuff. So do you have any kind of things that the police should be aware of or want to avoid you coming in? And in the UK, there's a big football hooligan thing. People go and start fights and then they're banned from the stadium, but they can pretend they'll get their friend to buy them a ticket and. And they go, but if it's Digital ID tied to tickets, suddenly can stop that happening. And the people you don't want, you know, trying not to get big brother-y, but you know where everyone is in the stadium and who's safe and who's not so and I think all of those sorts of use cases are really interesting as well.
John Shepherd: Important distinction you make on that one is certainly in Australia. That one to many, matching is prohibited under the Act that sits underneath the Digital ID Act called IVS identity verification services bill that one to one with consent so I can actually verify myself back to My Documents. I can do but there isn't one to many matching allowed. Don't disagree those different credentials. I love the building site. One things like white cards, and other things, people who work in bars who need a responsible service of alcohol, making it easy both for the individual to show that they've got an up to date responsible service of alcohol certificate, but the owner of the business, imagine, as each person comes on shift, if they can just scan to say actually, it just automatically checks as they come to check that that's in date and it doesn't need updating. They've got people on the bar that have up to date credentials, heaps of use cases. So employment one's a really good one. My major bugbear recently was helping my son, who's actually just got into a house here in Sydney, trying to rent a house. For those that have been through that experience, everyone knows. They just nod and go, Yes, I know what you mean, because I had to go guarantor for him on his rental application, through an app again and on and on.
Rob Hotchin: First of all, he's gone through the 400 people turning up to go and view that rental property, and he's been lucky enough to be selected.
John Shepherd: Well, no, no, not even selected. So everyone who applied had to go through this process, and it's a collection or and as guarantor for him, because his first full time job out of uni had to provide pay slips, three payslips. Oh, so he's not your bank statement hasn't even been chosen as the one that's right, everyone who goes through this process. So, bank statement with transactions and balances, and then 100 points of ID all uploaded into this app, not only incredibly inconvenient and annoying, but again, where's that data going? It's going into an app. It's going to the real estate agent who's potentially a small business trying to protect that data, potentially going to the owner of the property as well. So again, it's a real example at the moment, where you're not in control of your information, because it's potentially everywhere out there on the internet.
Rob Hotchin: The interesting thing is, it's a two-way struggle, because as a consumer, you look at that and go, A, it's a lot of work. B, I'm not comfortable giving you all this information, but I'll probably give the app's point of view. You’re going, I don't want to be collecting this. I feel like I have to. So both that tension is on both sides. So this is where, this is such a where I feel such an important place for us to be playing, in a sense of we're going to solve both. There's no winner and a loser. It's a win win scenario.
Sally MacKenzie: But there are real benefits for businesses here, right as well as consumers. So for the business, I think businesses are really aware post some of the big data breaches and hacks that we've had that they sometimes they're obliged by legislation. So, for example, in financial services, some of the ‘Know your customer’ requirements under law mean that they do have to collect and hold pieces of data for a period of time. There are businesses that are holding all of this data, which, despite their best intentions or best efforts might not always be secure, and they're nervous about what happens if the wrong people get into that data. So I think businesses will be increasingly if they're not already thinking about, how do we have alternatives to collecting and storing this data? And Digital ID is such a great solution.
Rob Hotchin: That’s the biggest challenge I think we have in front of us to push this forward, which is our Youtube description is sometimes feels like I've got a car and I'm selling to someone with a horse. A lot of the time, the roads aren't there. So even if they conceptually understand that a car is better than a horse, if the road and the petrol stations aren't there, the infrastructure isn't there, then it doesn't work anyway. And I think that people don't always realize there is a better solution.
John Shepherd: In Australia. You might liken that to EV cars and petrol cars. We're on a journey there, and we're getting there.
Rob Hotchin: We know it's there, but the infrastructure is not quite there. And I think that that's why the biggest next step for us in Australia was this bill and getting this through. And then we can go, Okay, what are the next kind of three or four pieces we have to go and knock off. But that's one of the biggest challenges, the education, right?
John Shepherd: Yeah, and just to pick up on something you said, Sally around the benefits for business, there's 140 million one-off checks a year on the DVS, on the document verification service at the moment. Or if you're buying something, or you're accessing a service and it asks you to put in your name, date of birth and driver's license, that's a clue that it's going to be verified back to that document verification service as a requirement on that business to know your customer or whatever. That's often what that's driven by. It might be leasing a car, renting a car, buying a house, renting a house, all those scenarios, they've all been verified each time back to those original and that's why that data has been collected.
So we want to kind of cut into that with the one off verification up front, and then the reuse of that with a credit to Digital ID provider enables us to really cut into the happening every single transaction. You do it at the start, you set it up, and then you reuse it over and over, that trusted and essentially if you look at myGovID, for example, on your phone, there's not a lot of information there. It's your name, date of birth, email address, and a verification as to how strong your ID has been verified. That's it. That's what we're kind of talking about. That's the shift.
Rob Hotchin: And what percentage of verification use DVS do you think?
John Shepherd: At the moment, all of that 140 [million].
Rob Hotchin: do you think there is more outside of that 140 [million] verifying other things and it’s not hitting DVS?
John Shepherd: Potentially, but that’s the main source that people access.
Sally MacKenzie: Collecting ID without verification, right?
John Shepherd: Yes, and the hotel scenario. The hotel desk is not verifying your ID back to the document verification.
Rob Hotchin: Theres a cost to DVS, right?
John Shepherd: Yes, there is a charge for each transaction for a business as well. I think the time it takes to do the verification and security that businesses put together. Small or large business, they have to sort if protect that information otherwise they’re going to be breached.
Rob Hotchin: Well, you look at the whole cyber space. That’s one of the fastest growing industries in the world. Trying to protect this data, because data is not there, it’s just a tick. And there’s not just the checking part, it’s all the cyber stuff you can save along as well.
Sally MacKenzie: I think that’s something with people, that I talk to often don’t understand about Digital ID, it’s not just a digital drivers licence, right. Which people, particularly in New South Wales, are familiar in. And people really love it, right? It really annoys me –
John Shepherd: The ACT doesn’t have one yet.
Sally MacKenzie: John, you just took the words out of my mouth. I was going to say people in the ACT are really jealous of people in the New South Wales with their digital drivers licence. But Digital ID is not the same as a digital drivers licence. So, Digital ID, I think you mentioned, is like a ‘tick’. You’re not actually necessarily handing over your date of birth or your driver’s licence number to whoever needs to check these pieces of information. It’s actually just saying, yes this person is over 18.
Rob Hotchin: It’s like the Twitter or X piece, right. It’s like how do you know whose got that account. If you had that blue tick, I knew that it was Kim Kardashian’s account, right. So, it’s the same way. You get that verified tick and I don’t need to question anything else around it. I don’t need to look at any other data points. That ticks that, I’m comfortable.
John Shepherd: You’re right there, Sally. Just to clarify, you do when you go in and set up your Digital ID, you do provide your drivers licence, ID number, name, date of birth etc. But you do that just the first time. And then, when you do to use your Digital ID with a business, in essence, you provide – what tends to happen, I should explain this. So most of the use cases are online for Digital ID, you put in the email address you’ve associated with your Digital ID and it needs to be unique to you. What you’ll get back, is a one-time pin which you can then put into the service. That’s the interaction that we’re talking about. Once you’ve set it up. Because it will know that you’ve already verified yourself and that’s what enables you to go in and do what you need to do without providing all that data again.
Sally MacKenzie: For example, let’s look at leasing a car. Which is actually really annoying, cause you need your physical drivers licence.
Rob Hotchin: I had to get an uber home from a rental car place to go and get my drivers licence the other day.
Sally MacKenzie: Say in that instance, say I’ve got a privy Digital ID. I can rock up to the rental place and actually just confirm or even probably before I rock up to the rental place when I’m booking a car online, they can confirm through privy that I have a valid drivers licence. They don’t need any of the information that’s on the drivers licence. That’s an example of how Digital ID can be used.
John Shepherd: Absolutely. And with your consent importantly. Nothing goes without your consent. You’re in control of those. But what you’re touching on there is also where Digital ID in part touches something called Verifiable Credentials. Digital drivers licence enables those in New South Wales or Victoria or Queensland or the other states that have a digital licence. We say that it’s privacy preserving because you’re in control, even with what data you provide, even the classic use case is, If I wanted to go to the club. I may need to prove my age but I can just pass a field on there that I am over 18. So, I’m not giving my date of birth, I’m not giving my address importantly to the club or the pub. I’m saying that I’m John Shepherd and I’m over 18.
The other example is for clubs around Australia as well, you often need to be a member of the club to come in or be signed in by someone. Or say you’re out of town, you can provide a field that says I live 30kms away from this. And again, you’re not taking a copy. My Bugbear is walking into one of those clubs and theres a scanner and you pop in your drivers licence, off into who knows where. And we did see recently that breach, with Clubs New South Wales for example, off that sort of data sets as well. So that’s the sort of thing, with those credentials as well. So it’s not always that you have to provide a 100 point ID, sometimes its just that I’m 18 and I’m able to drive a car. Which is what the rental car company wants, they don’t need the rest of my licence. They don’t need my drivers licence number for example.
Rob Hotchin: A lot of it is, can you drive a car but also making sure they know who you are in case you drive off with the car.
John Shepherd: Yes, yes. And link it to an ID – and that’s the other important element of these things is that it’s actually anchored off a strong ID so that you’re not going around using my drivers licence to rent a whole lot of cars.
Rob Hotchin: What the next big milestone, key things that are happening over the next 6-12 months that we should to be aware of.
John Shepherd: Just completing an open consultation period on the rules. The legislative framework for Digital ID is the Act, which has just passed parliament. Theres two sets of rules, there’s a set of rules around the accreditation and a set of rules around the Australian Government Digital ID System and some of those initial protections I mentioned. And there are also sets of standards that sit underneath that. We’ve been consulting on those and we’re about to come out with a new final version with what we’ve taken into account through that consultation period. They need to go back into parliament. The rules do as digital instruments, it’s just a process of parliament there and we’re heading towards implementation of the Act from 1 December this year. That’s when the ACCC will take up it’s role and OAIC as well and that’s when we expect accreditation to recommence.
We paused accreditation while we were getting the Act rules sorted so that we weren’t accrediting people who then had to adjust what they were doing on the fly – yeah moving goal posts. So, that will reopen post 1 December and we will hopefully start to see more accreditors services in there. And then we will do things like pilots and proof of concepts and things as we talked earlier to really bring this to life and people. Particularly for people in those industries where ID is an important transaction part of the business where they are required to do ID. Where they shout this out for what the potential benefits are, how they do it.
In the background we are continuing to do work around inclusion as I mentioned earlier, and looking at how we can make this thing more inclusive. Solve some of those Bugbears for people. And then finally lots of communication, stuff like this to demystify and explain Digital ID for people and help people understand the benefits of taking this up and also things like the stat dec that you can be using now. They’re some of the things that we will be focused on in the next 12 months.
Sally MacKenzie: It’s such an exciting time, I think run, don’t walk. Go get a Digital ID.
Rob Hotchin: Yeah, it feels like it’s happening which is a good thing, right?
John Shepherd: Absolutely.
Rob Hotchin: Thank you so much for your time, it’s hugely appreciated. I know we’re certainly excited and aligned. We want to go and beat the drum as much as we can. Try and help educate as to why its beneficial. It just feels like such a win win for everyone and for people who are finding holes in it, just aren’t understanding it fully. I think the more that we can do to educate with podcasts, whatever it is. Is a push in the right direction. So, thank you so much.
Sally MacKenzie: Thank you John.
John Shepherd: Appreciate it. Thank you.
