Insights & Analyses

Australia builds selfie-powered identity verification system, resurrecting past privacy worries

April 5, 2017

Ten years after its last proposed national identity system was abandoned, the government of Australia is privately testing a new biometrics-based digital identity verification platform to streamline access to government services.

The project, dubbed Govpass, was announced earlier this month in a blog post from the country’s Digital Transformation Agency (DTA). Its goal is to provide a single, reliable identity authentication mechanism so that Australians will not be required to resubmit sensitive identity documentation each time they apply for a different public service.

Here’s how it works: Citizens looking to access a particular government program are given the option to create a GovPass account. After submitting their contact information, they then upload photos of three forms of government-issued identification, like a driver’s license or birth certificate, which are authenticated against the country’s existing Document Verification Service. When that’s complete, users upload a selfie to be checked against the recently created national Face Verification Service.

Notably, this step was not included in the DTA’s announcement – it only surfaced as part of a government-commissioned preliminary privacy assessment of the program published late last year.

“Facial recognition is, like many other aspects of the Govpass project, still being discussed with our government and non-government stakeholders,” a DTA spokesman told InnovationAus. “Users would be able to access more complex government services online if they choose.”

The privacy assessment noted that stakeholders had expressed concerns with the collection of biometric data as part of the project, despite the fact that Govpass was not designed to retain user selfies, but rather to destroy them immediately following verification.

“Stakeholders believed that ‘it was only a matter of time’ before the system was changed and photographs were retained and shared,” the report found.

This is not the first time Australia has attempted to institute a nation-wide identification mechanism in some form, and several previous initiatives have ultimately failed. In 2007, a plan for a smart ID card that would have been required for citizens to receive welfare and health benefits provoked a heated privacy debate before the proposal was finally dropped. Before that, efforts in the mid-2000s and the mid-1980s to institute other national identity programs were met with equal skepticism.

Though the GovPass platform differs from these previous attempts in several key ways – particularly in that it will not store personal information and sensitive data is concealed throughout the verification transaction – the privacy assessment found that many stakeholders believed this newest proposal to be a “throwback” to these failed programs.

Hoping to avoid a similar fate, DTA is proceeding very deliberately with GovPass implementation. The current test will be expanded later this year, with public beta launch at the beginning of 2018 and additional privacy assessments to follow.

“The DTA wants to make sure it gets this project right,” the GovPass announcement concludes.

Interested in learning more? Join us at the K(NO)W Identity Conference May 15-17 in Washington D.C. for a panel on “National Identity Schemes: Contrasting Different Approaches and Progress.”