By John Wayne on Thursday, 15 August 2024
Category: Race, Culture, Nation

I Don’t Trust “Trust Exchange” Digital ID! By James Reed

Get ready for the next level of tyranny. The federal government has released details about its "Trust Exchange," a system which will use QR codes of the Covid plandemic to all aspects of identification, from submission of job applications to anything involving data in MyGov accounts. The pilot is set to be up and running us down by early next year. The system is said by the government not to be compulsory, but we can learn from the lessons over Covid, where businesses will force this upon people. Many businesses such as gyms, that went cashless for example, because of supposed germs on the money, still are cashless.

It is still worth expressing opposition to this. The scheme may get in, but when it proves to be a disaster, as all these digital ID things will become, the drive must be to repeal it.

https://www.abc.net.au/news/2024-08-13/trust-exchange-digital-identity-how-does-it-work/104218958

"The first details of a one-stop shop for Australians to prove their identity, check into hotels and even submit qualifications for job applications have been released by the federal government.

Its proposed "Trust Exchange" system would use QR codes made popular during the COVID-19 pandemic, or a "tap-to-pay" system to let people share information kept under their MyGov accounts.

It is hoped a pilot of "TEx" will be up and running from early next year.

The government hopes the system, which will not be compulsory, can stop businesses from having to hold people's sensitive documents, which can be targeted by cybercriminals.

A single access point for your digital identity could also make some cumbersome processes such as rental applications more convenient.

But at least one cyber expert has expressed concerns TEx could be a "honey pot" for cybercriminals, and could open the door for the federal government to collect even more information on Australians than it already does.

The government asserts, however, that will not be a concern because it is developing a "decentralised" model with more privacy and security settings.

How would Trust Exchange work?

Under the proposed system, someone checking into a hotel could scan a QR code and share their passport information through a centralised system.

A QR code set up at a pub could allow someone to prove their age or regular address without having to actually hand over those details.

Instead, a token — described by Government Services Minister Bill Shorten as a kind of digital "thumbs up" — would be provided and your details would be kept private.

Mr Shorten said the new system could also be used to take the hassle out of buying a mobile phone or setting up a bank account, or to simplify the process of applying for a job.

He told the National Press Club instead of having to hand over personal credentials such as qualifications, citizenship or visa status to an employer, under the new system people would be able to verify their identity through Trust Exchange.

A record of what had been shared would be kept inside your MyGov "wallet", and Mr Shorten said individuals would be able to control what details were exchanged.

It is designed to be an opt-in system for both consumers and businesses, so both would need to be set up with Trust Exchange to use it.

The federal government has labelled the system "brand new and world leading", saying it will allow people to verify their identity and credentials based on official information already held by the Australian government.

It has committed $11.4 million to establishing Trust Exchange, which builds on the government's wider national digital ID project.

Handing your data to fewer people

The government says anyone using the digital ID wallet would be able to see which organisations were keeping documents shared with them.

With Trust Exchange, instead of you handing over documents to be copied, it would digitally "shake hands" with your MyGov wallet, exchanging information with the business using a token.

A record of that would then be kept for users.

The hope is it can help reduce how much personal data businesses hold onto, and for how long, after several high-profile cyber breaches in which years-old data relating to former customers was caught up in data thefts.

Confirmation tokens — the so-called "digital thumbs up" — would not actually transfer any licence information or other personal details, so a business using them would not have your personal details.

Instead, the token would give a business confidence that your age, address or other necessary details are correct without having to actually see them.

But if you trashed your hotel room or did something that required a business to track down your details, the company would be able to request them from the government.

Government seeks de-centralised model to avoid "honey pot" fears

University of New South Wales professor of cybersecurity Richard Buckland said he could see why the federal government would want to reduce the amount of personal data businesses held, but described the project as "risky".

He said any project that tried to "centralise" data carried risk because it created a "honey pot" that was more attractive to people seeking to steal data.

"Once we collect that data, sure, if we've got a system that protects it, that's great, but I've never seen a perfect system," Professor Buckland said.

"I've never seen a system that's not hack-able."

The government says information will not be centralised in a single database that may pose that risk, and part of its ambition will be to create the first decentralised model of its kind.

It said, as an example, if someone added their state drivers licence to their digital wallet on their phone and then lost the phone, they would need to reinstall their digital wallet and request their credentials be restored.

The wallet would then need to re-request the licence from the original source, whichever state government issued it.

Professor Buckland said he was not aware of any other country that had taken on such an ambitious digital ID project, and so there were few other experiences for Australia to learn from.

"Other countries have experimented with it, but I'd say there's no track record or fully working system anywhere in the world that does this yet satisfactorily," he said.

"I'd rather us watch and learn. As they say, the second mouse gets the cheese."

But while the government's proposal is new, there are examples of digital identities overseas.

Estonia is seen as the country at the vanguard of this movement and it has even held elections digitally.

In the United Arab Emirates, Abu Dhabi's Zayed International Airport is vying to become the world's first document-free airport by placing biometric sensors in all of the ID checkpoints at the airport.

But not all countries are racing towards a digital future.

In the UK, the idea of digital ID cards for all citizens has been knocked back by the new Labor government.

And in Japan, Prime Minister Fumio Kishida has faced an uphill battle trying to convince people to take up a wide-reaching digital ID system.

Caution against government data creep

Throughout the pandemic, governments across Australia used QR codes for contact tracing, to try and track outbreaks of COVID-19 and stop the spread of the virus.

The information collected was governed by strict privacy protocols, but there were instances of unrelated government agencies attempting to access the data, such as WorkSafe Victoria seeking contact-tracing information as part of an investigation into the health department.

Professor Buckland said any time a government tried to increase the role it played in collecting and verifying information, there was some risk it would be used for a purpose different to what was intended.

"We just have to trust that it won't be used for other purposes," he said.

The government argues there will be no new centralised store of personal information that could be misused or compromised, and that the handshake system will help to prevent instances of misuse."

Leave Comments