Skip to main content

The Digital ID Act commenced on 1 December 2024,  please read our article on what's changing for more information.

Published Date Time

John Shepherd speaking at the 2024 Biometrics Institute Conference

I would like to start by acknowledging the traditional custodians of the land we meet on here today, the Gadigal people and pay my respects to their elders, past, present and emerging.

I would also like to thank the Biometrics Institute for inviting me to speak to you today, I look forward to catching up with many of you over the next two days.  

So let’s talk about Digital ID… it has been a hot topic of late and it’s important to get on the same page about Australia’s Digital ID System because we are a bit different…

We’re all used to proving who we are. 

From opening a bank account, buying a new mobile phone collecting a parcel, buying or renting a house, applying for a government grant, going to a club….the list goes on!

Sometimes its not even about proving who we are, but just proving we are over 18 or where we live.

To do this, we frequently share a lot of our ID documents, without always knowing where copies will be stored, how securely and for how long.

We’re also likely oversharing, why do you need a copy of my drivers licence when you only need to know I am 18? As if that wasn’t obvious…  

A couple of weeks ago my son was applying to rent an apartment here in Sydney with his partner and he needed me to be guarantor.  

I was sent a link to a rental app, and required to upload my last 3 payslips, a bank statement showing current balance and transactions, and images of 100 points worth of my personal identity.

My son and his partner and his partner’s Mum all had to provide the same amount of information and I suspect there were many other applicants who provided this level of information. For each applicant, they are also providing this amount of information for every property they apply for and this could be across multiple apps or even emailed.

All this into an app, that is not accredited or regulated. 

It made me feel incredibly uncomfortable and I actually considered not doing it or loading blank documents with a note asking them to call me.  But I felt I had no choice if I was to help my son get a place. 

The big data breaches and impacts of ID theft show we need a better, more secure way of verifying ourselves online.  

Australia’s Digital ID System is about making it easier and more secure to verify who we are, online or in person.

Digital ID has the potential to help millions of businesses overcome the worry of how they protect and store customer or employee ID data. This valuable data is what can make their computer systems prime targets for cyber criminals and data theft.

Digital ID allows you to verify that you are who you say you are by doing an initial verification of a number of your existing ID documents such as your driver’s licence, birth certificate and passport. Some of us have been doing the 100 point check in Australia for more than 35 years now and the benefit of Digital ID is that it allows you to do it online and re-use it over and over.

Digital ID is not a new thing. The Government’s Digital ID system, myGovID is already up and running and is well established within government services. 

More than 12 million myGovIDs have been created that can be used to access more than 140 government services across Commonwealth, states and territories. This includes almost 5 million strong myGovIDs which have been biometrically verified to passports. 

There are also a number of non-government Digital ID accredited providers such as IDVerse, RatifyID, Mastercard ID and EFTPOS’ Connect ID which are providing services to businesses. 

Over time, we’re expanding the existing system to mean that people could use the Digital ID of their choice, including myGovID, to apply for rentals, open a bank account, check in to a hotel, onboard for a new job, without providing copies or unnecessary information that can then be at risk. 

The vision is for individuals to have choice on whether they create a digital ID and who they use – whether that’s a government provider or a private provider – and to have more services and businesses offering digital ID as an option. This replaces traditional ID verification methods that are much less secure in the digital age. 

A national Digital ID system will put individuals and businesses at the centre, preserve privacy, improve security and resilience, promote efficient and inclusive service delivery and support innovation and competition within the economy. 

To enable a true economy-wide Digital ID system, legislation was needed, and I am very pleased to announce that the Digital ID Bill passed Parliament last week.  

This legislation will:

  • strengthen the voluntary Accreditation Scheme for digital ID providers that wish to demonstrate they meet best practice privacy, security, proofing and authentication standards
  • it will enable the expansion of the Australian Government Digital ID System
  • it will embed strong privacy and consumer safeguards, in addition to the Privacy Act, to ensure users are protected
  • and it will strengthen governance arrangements with a Digital ID Regulator and privacy regulator

The Bill is expected to receive Royal Assent in coming weeks with the Act expected to commence by November this year. 

It was a big week last week with the program also receiving funding in the 2024-25 Budget to support the expansion, improve the existing systems, and undertake a series of pilots to test use cases between government and the private sector including piloting digital wallets and verifiable credentials. 

As we expand the system to new uses and new use cases, inclusion is front of mind including how we ensure the system puts the user at the centre.

In fact, our commitment to inclusion was strengthened with amendments made to the Bill prior to passing the Senate.

One such amendment included strengthening the position and the requirements accredited entities must take to ensure Digital ID is inclusive for people who may face barriers to access.  

Another was to ensure that alternate ways to access services without a Digital ID are available, and that these are easy to use and don’t disadvantage those who do not want a digital ID.   

We aren’t stopping at inclusive legislation though. We know many people have insufficient ID documents to create a Digital ID or don’t have an individual mobile device or internet connectivity.  

We are keen to work with others and are looking to run pilots to find the best ways to address these barriers. 

With major data breaches and an increase in sophisticated fraud technology, the use of biometrics in ID verification for online transactions has become more important than ever as it provides an additional level of security to your personal information.

When accessing higher risk services online, such as applying for a Tax File Number or setting up a bank account, services need extra assurances that you are you. Importantly, I want those extra assurances to know that my money and information is safe.

We’re providing people with an option to verify themselves online using biometrics, instead of having to visit a shopfront. 

With a secure Digital ID strengthened with biometric matching, it is a lot harder for someone to defraud the system and pose as someone else. 

A secure digital ID should be an option available to everyone if they choose to get it.  

Right now, people can use their biometrics by taking a selfie to strengthen their digital ID. But there are limitations. 

In a submission from Blind Citizens Australia, we heard that while taking a selfie is a simple task for some people, it is very challenging for people who are blind or vision impaired. 

International biometric researchers have found that the selfies taken by people who are blind or vision impaired are often blurred, off centre, sometimes only partially visible, and obscured in some cases.

The requirement for a good quality facial image can exclude many people from being able to strengthen their Digital ID.

International researchers recommend providing explicit instructions, audio prompts or even vibrations which would allow more users to complete biometric matching to strengthen their Digital ID to access higher risk services. 

Additionally, a passport is currently the only document that can be used to biometrically match a person to their Digital ID through the government’s Face Verification Service however only half of all Australians have a passport.

With partnerships between Commonwealth and states and territories, work is progressing to make drivers licences and hopefully proof of age cards available to facially verify to get a strong digital ID.   

Although people have become more comfortable and familiar with using biometrics like face verification or fingerprint to unlock their computers and mobile devices, we need to continue to build trust in biometrics.

We know that there are concerns around some instances of biometrics use. People are wary of being matched in a crowd or that the technology will have biases and will be discriminatory. 

While biometrics can significantly strengthen ID verification, we need to make sure we have strong policy and regulation to protect individual’s privacy and the use of biometrics.  

The government’s policy and technical requirements that sit behind biometrically matching an individual, are designed to ensure that bias and discrimination are not present. 

To become accredited, Digital ID providers must demonstrate that their biometric matching technology and algorithm settings are appropriate for people who will use the service. 

Providers are also required to test their algorithm with a diverse range of people - including diverse age, gender and ethnicity demographics - and the algorithm then needs to be independently assessed to ensure the settings suit the Australian context.

Australia is a diverse and multicultural country and we all need work hard to ensure technology meets the needs of our community and to help reassure the community that they can trust that the technology will not work against them. The 

requirements set out in the Digital ID Bill allow individuals to trust that their security and privacy is protected when using an accredited provider or the government Digital ID system to access services.   

The key privacy features of biometric policy in the Digital ID Bill are:   

  • requiring express consent for the collection and use of an individual’s biometric information    
  • biometric information can only be collected for limited, specific purposes   
  • biometric data must be destroyed immediately once that purpose is achieved or an individual withdraws consent   
  • and only one-to-one matching can be done.   

The legislation is about protection, setting clear rules around the use of biometrics with Digital ID - making sure your biometrics are only being used to verify your identity.

Consultation on the legal framework for Digital ID goes back to 2017 and we continue to consult on the legislative Rules that are needed to support the Digital ID Bill as new issues emerge and technology evolves. 

A number of amendments have been made to the draft Digital ID Rules and Accreditation Rules since consultation in 2023. We will be releasing them again for further consultation next week.

For more info go to digitalidentity.gov.au or email digitalID@finance.gov.au and keep an eye out for consultation because we’d love to hear your feedback.

As mentioned members of my team and I will be here over the next two days and I look forward to the rest of the conference.