This statement was written by EFA’s chair John Pane.
Tuesday 13th August 2024, Minister for Government Services, Bill Shorten released details of the government’s new Trust Exchange system to extend the recently passed – and still flawed – Digital ID legislation. Little information outside the Minister’s speech is available. It remains unclear if this is part of the implementation of the new Digital ID initiative, or if it is a stand alone extension of this program as mentioned in the Minister’s statements (see here: National Press Club Address).
While some concerns of digital rights and civil society organisations have been ameliorated in the final form of the Digital ID legislation, EFA expresses its strong concerns that this Proof-of-Concept appears to be lacking necessary and essential detail in specific areas around privacy, equity, cyber risk during build and implementation phases. EFA is also concerned about the potential costs for consumers, especially vulnerable groups, when private sector organisations no doubt seek to recoup their costs by passing them back to their customers.
Specifically, the Minister neglected to highlight that the proposed TEx system would entail numerous levels of governmental surveillance of the population previously un-seen in the developed world – “Everytime we’re asking for verification from the government, we’re telling them where we go”, says Dr Erica Mealy, UniSC lecturer in Computer science and EFA board member on ABC National News Radio. “The Minister likened MyGov to a Ferrari in the garage we are not utilising. If my Ferrari were as fragile and hackable, I would also be leaving it in the garage and taking the bus,” she said.
Further, there is no information about whether the TEx would conform to the law enforcement data access restrictions as provided in the current Digital ID legislation, and this is particularly concerning in light of the UN’s just passed international cybercrime treaty that focuses on digital data sharing across jurisdictions with a very low bar set for both human and digital rights protections.
“It seems the government, or a party to be contracted by government, is about to build the ‘mother of all personal data honeypots’ and there is no assurance that our personal data will even be kept in Australia”, said John Pane, EFA Chair.
EFA’s Chair also noted, “The Australian public has suffered enough where government and organisations have failed in their duty to protect our personal data and provide trustworthy technology and digital services. Australians simply do not want another RoboDebt type failure or mammoth size data breach of the same ilk as Optus, MediBank, Latitude Finance and Medi Secure.”
“Our existing privacy laws are unfit for purpose and they substantially fail to promote best practice security and data protection practices. The ongoing government review of the Privacy Act is lamentable as similar reviews done by previous governments going back to 2000. The new Privacy Bill appears to have not only stalled, but is said to have strategically diluted digital rights protections and has willfully ignored the reasonable privacy and security protections demanded by digital rights and civil society organisations for all Australians.”
EFA asks the Minister to urgently prove to Australians how the so called “Trusted Exchange system” is actually trustworthy and why Australians should not avoid using it due to the privacy and security risks,” Pane said.
Public interests often take a backseat in government decisions. By donating to EFA, you support our genuine mission to prioritize the interests of the Australian people and their right to fair data privacy practices.
(Image credit: Unsplash/ Markus Spiske)
Related Items:
- EFA Weighs In on Privacy and Digital Rights News 6 August 2024
- EFA Calls On Australian Government To Trust… 17 April 2020
- Australians Speak Out on Privacy Concerns: OAIC Survey 9 August 2023
- Press Release: Major amendments to encryption laws… 6 December 2019
- EFA Joins Opposition To Australia's "Porn Passport" 8 May 2024