Think about this
(Pngtree, n.d.)
You are trying to open a bank account, update your driver’s license, Before that, you need to provide at least two documents to prove your identity, but now you can do this more easily with a digital identity. It can easily complete identity verification, and you will no longer lose login information or need to fill out countless forms. This will be a new digital era!
It sounds like a dream of convenience—and that’s exactly how it’s being sold.
In 2024, the Australian government launched this brand new personal information authentication platform – Digital ID, which is also considered a big deal for the Australian government in rolling out its national digital identity framework. The purpose is also to streamline the procedure of citizens proving their identity in various services, ranging from healthcare to banking services, from tax declarations to social security. Most identity information verifications can be accessed through a single, centralized identity, which is also the reason why the government wants to unify the platform.
But beyond the commitment to simplicity and efficiency, security issues such as personal data privacy are brewing.
(Pathum Tzoo, n.d.)
Who controls these personal data? Who can access the core of the platform? What would happen if the platform’s information is leaked, hacked, or reused? More importantly, as a national-level platform, do I have the right to refuse to use it if I do not want to?
Australia, as a country that has already gone through big privacy breaches—most notably the Optus and Medibank data breaches in 2022, which exposed the personal information of millions of people (OAIC, 2024a)—therefore, has also lost trust in centralized digital systems. Consequently, when the government proposes to centralize more personal information, the market and the public’s cautious attitude towards this platform is understandable.
For supporters of the platform application, digital identity is an important step in Australia’s digital transformation, but the opposing opponents comment: “This might create a surveillance infrastructure—a platform where logging in can rule everything and track everything, leading to the loss of privacy.” This debate is not just about technology, but also about people’s privacy and information autonomy, as well as the essence of citizenship in a data-driven society.
As we increasingly enter an informationized world managed by algorithms, digital convenience has become a new type of currency, and data has become the new capital of the digital age. However, introducing a national identity system not only requires an optimistic attitude towards technology but also public supervision, legal protection, and cultural reflection. This blog will mainly discuss the risks and practical issues behind Australia’s digital identity system. Because for the public, the issue is not just about how easy the process is to prove who you are, but also about how much of yourself you are required to give up in this process.
1. Is the Digital ID Just About Convenience?
At first glance, Australia’s digital identity system seems like the best pick for the rapidly advancing digital age. It provides a secure and verified way to prove one’s identity online, making it easy to no longer have to repeatedly upload documents. In simple terms, a centralized digital credential helps me quickly access everything from government services to banking, healthcare, and job applications. This also helps to make the proposal and establishment of this platform itself highly attractive: reducing friction and improving efficiency. While the The Digital Identity website promotes slogans such as “You have control” and “Design is privacy,” the government emphasizes that the system is voluntary, allowing users to freely choose when and how to connect their digital identity to participating services/other platforms.
But here’s where things get complex.
For the core of this issue, it does not lie in the intention of the statement itself, but rather in the underlying infrastructure and functions, as well as the assumptions that the platform relies on. In the construction, people can simplify the login process by using centralized identity recognition among multiple institutions, but this feature itself also accumulates the risk of leakage. Because if people often get used to using a unified password to access financial, health, and legal data, then a single leak may have catastrophic consequences. And such an event has already occurred: the 2022 data leak of Optus and Medibank affected the information of millions of people. (OAIC, 2024a).
(Designboom, n.d.)
What’s more, this “voluntary” situation is not always as it appears on the surface. As more and more services make digital identity the default option, the ability to opt out becomes increasingly impractical. When important public services become increasingly difficult to access without a digital identity, can you truly make a free choice? The slope from “choice to join” to “almost no choice” is steep, and often there is no real choice at all.
Of course, the more important issue is still the problem of data control. Although the platform claims to collect only a minimum amount of data, it still continuously collects your usage data during your use. This information is often the core of system operation and cannot be ignored. Therefore, the frequency of your use, the services you access, when and where you access them will all be recorded. Its own authentication function also represents that this information is associated with you, and using data can depict a detailed behavioral portrait. So who stores this information? How long is it stored? It may be required to be provided to law enforcement agencies or accessed by private contractors, which is crucial!
These doubts highlight a broader issue: as algorithms and AI rapidly transform society, the boundaries between identity and data profiles are blurring. Identity is no longer just about who you are; it also concerns how algorithms recognize you, how institutions verify you, and how systems categorize you. When your ability to participate in society depends on a digital identity, your identity becomes a product shaped by the infrastructure that manages it or a set of data available for assessment. Convenience is valuable, but autonomy is equally important. And when convenience takes the form of centralized infrastructure, the risks and personal security associated with it are worth considering.
2. The Cost of Convenience: Privacy Risks and Structural Issues
(Freepik, n.d.)
There is a reason cybersecurity experts wince when they hear the words “centralized data.” It is not paranoia but probability.
In just the first half of 2024, Australia recorded 527 reportable data breach incidents (OAIC, 2024a), which is the highest number in any reporting period since the beginning of reporting. Moreover, these breaches are not just small-scale; a single incident affected over 10 million people. When a single failure point results in the compromise of millions of people’s identities, health, or financial records, the centralized risk becomes unsettling to the public.
Digital ID, in terms of its designed functions, will focus on the centralization of personal information as its main core. Although supporters claim that data is “securely stored” and can only be accessed “with your consent,” in reality, the current situation of the digital infrastructure is far more chaotic. Each database is a separate target, and each node in the network is a potential vulnerability. In an era where cybercrime is increasingly complex, “security” is always a moving target, but non-compliance is not the only risk. Even without malicious actors, the unified management of information will bring deeper and more structural problems of higher risk to the event itself, beyond the scope of past firewalls and encryption.
- 1. The Surveillance Creep
Once a digital identity system is established, it can easily become a tool for behavior monitoring in either deliberate or unintentional contexts. The metadata (such as access time, location, device ID) may seem harmless on its own, but over time, when combined together, these data become a map of your digital life. - 2. The Problem of Digital Exclusion
Returning to the process of digitization itself, for many Australians, especially seniors, Indigenous communities, rural residents, and people with disabilities, digital systems are not just inconvenient; they are barriers in and of themselves. However, as Digital IDs become more widespread, the exclusion these groups face will only intensify. According to the Australian Digital Inclusion Index (Thomas et al., 2020), millions of Australians still lack reliable internet, digital literacy, or trust in digital systems. - 3. The Illusion of Efficiency
Efficiency is often touted as a value-neutral good. But “streamlining” isn’t always a win. What gets lost in the process? Human discretion? Context? Rights?
3. Who Owns Our Data by law? The Crisis of Public Trust.
Even the Consumer Data Right (CDR) plan, which is expected to give Australians more control over their financial, energy, and telecommunications data, is facing a slow implementation process. Moreover, the plan is currently not applicable to identity data held by the government (Greenleaf & Waters, 2021). At the same time, public-private data partnerships introduce a dangerous vacuum of responsibility, as the very planning of the system determines that it will inevitably interact with third-party institutions. When a system involves government agencies and third-party providers such as banks or telecommunications, it is a question worth defining before the system is operational as to who should be responsible if something goes wrong; otherwise, it will only be the users who suffer from the loss of rights.
Trust is the foundation of any identity system. Without it, even the safest, most efficient, and most meticulously designed systems will fail. Relatively speaking, the trust in the Digital ID at its inception relies on the government’s commitment and credibility, and this trust will strengthen or weaken over time. Although digital identity is technically voluntary, opting out is not always feasible, and with more and more services making it the default option, those who choose to opt out may face the risk of being excluded or severely delayed. This phenomenon is usually referred to as “soft coercion,” which weakens the concept of genuine consent. Moreover, due to the lack of a specialized and independent supervisory body to comprehensively supervise the digital identity system, insufficient transparency in data access, auditing, or cross-service linking may also lead to a lack of trust in the system over time, as well as in the government behind it.
A 2023 survey report by the Office of the Australian Information Commissioner (OAIC) shows that 62% of Australians are concerned about how various organizations handle their data. (OAIC, 2023). Therefore, digital citizenship does not just mean acquisition; it also means that the identity itself must and has already included rights, remedies, and genuine participation in digital life. (Hintz et al., 2018).
4. What Kind of Digital Identity System Do We Need?
(WIRED, n.d.)
Digital identity infrastructure is necessary (for example: Digital ID), but its existence itself should not and cannot be a tool to exclude or control people. A fair and trustworthy digital identity system must be based on transparency, accountability and participation.
And some elements should also be clarified:
– Rights-based legislation to ensure data sovereignty
– Independent data regulators with executive power
– Public consultation that really includes marginalized communities
Most of all, it must be built for the people—not just for the platforms.
So, we’re left with a question:
How much privacy are we willing to trade for convenience? And who gets to decide that trade-off on our behalf?
Reference List
Designboom. (n.d.). Ryoji Ikeda exhibits audio-visual trilogy ‘data-verse’ for Audemars Piguet at the Venice Biennale [Image]. Pinterest. https://pin.it/6dy8ZlKdD
Freepik. (n.d.). Big data visualization digital data threads plot network [Image]. Pinterest. https://pin.it/1QXBXv2mK
Greenleaf, G., & Waters, N. (2021). Global data privacy laws 2021: Despite COVID delays, 145 laws show GDPR dominance. Privacy Laws & Business International Report, (169), 10–13.
Hintz, A., Dencik, L., & Wahl-Jorgensen, K. (2018). Digital citizenship in a datafied society. Polity Press.
Lyon, D. (2007). Surveillance studies: An overview. Polity.
Office of the Australian Information Commissioner. (2023). Australian community attitudes to privacy survey. https://www.oaic.gov.au/privacy/australian-community-attitudes-to-privacy-survey-2023
Office of the Australian Information Commissioner. (2024a). Notifiable data breaches report: January–June 2024. https://www.oaic.gov.au
Pathum Tzoo. (n.d.). Dash_Tail UI Concept [Image]. Pinterest. https://pin.it/2odQgisK3
Pngtree. (n.d.). Profile icon silhouette PNG transparent, avatar icon profile icon member login vector isolated, login icons, profile icons, avatar icons PNG image for free download [Image]. Pinterest. https://pin.it/5LEjuzS3w
Thomas, J., Barraket, J., Wilson, C. K., Cook, K., Louie, Y. M., Ewing, S., & MacDonald, T. (2020). Measuring Australia’s digital divide: The Australian digital inclusion index 2020. RMIT University and Telstra.
WIRED. (n.d.). To Identify a Hacker, Treat Them Like a Burglar [Image]. Pinterest. https://pin.it/1d4coxlUH
Zuboff, S. (2019). The age of surveillance capitalism: The fight for a human future at the new frontier of power. PublicAffairs.
Be the first to comment