Canberra goes for two-month identity information review

Review to focus on issuing, using, and managing identity information, documents, and credentials.

Former secretary of the Attorney-General's Department, Roger Wilkins, was tasked on Wednesday with heading a quick review of how identity information is handled in Australia. Wilkins will be supported by professor David Lacey, founder and managing director of Australia and New Zealand's national identity and cyber support service, iDcare.

The review will look at ways to strengthen arrangements for issuing, using, and managing identity information, documents, and credentials; how to protect citizens from identity theft or fraud, and help them recover from such events; provide better targeted government services; and "achieve these objectives in ways that respect and promote peoples' privacy", review's terms of reference state.

"The review will focus primarily, but not necessarily exclusively, on arrangements for issuing, using, and managing an individual's documents, credentials, and their related identity information that are most commonly relied upon as evidence of a person's identity by government and key sectors of the economy," the terms say.

"The review will focus on the identities of individuals and will not examine in any detailed arrangements for managing the identities of businesses, organisations, or other legal entities."

Recommendations from the review could be used within a new National Identity Security Strategy document.

"Each year, many Australians fall victim to identity crime, with an estimated cost of over AU$2 billion annually," Home Affairs Minister Peter Dutton said on Wednesday. "The effective management and sharing of identity information is also critical to maintaining public trust in the delivery of government services.

"Citizens want to know that their privacy is maintained and the services being provided are tailored to their needs and easy to use."

Submissions to the review are due by October 26, with the review slated to report by the end of November.

At the same time, a more consequential Bill is being rushed through the consultation stage, as Australia's encryption-busting legislation has been referred to the Parliamentary Joint Committee on Intelligence and Security (PJCIS), with the public given a mere three weeks to make a submission, before hearings are set to follow the week after.

Submissions must be made by Friday October 12, and a hearing is set for Friday October 19.

"In its inquiry, the committee will consider and review the provisions of the Bill. In addition the committee will examine safeguards and limitations in the Bill that are intended to ensure that communications providers cannot be compelled to build systemic weaknesses or vulnerabilities into their products that undermine the security of communications," committee chair Andrew Hastie said last week.

Communications Alliance CEO John Stanton said last week that a sign of how serious the government took the consultation process would be the time given to the committee to report back.

"If you see them refer it to the committee and say 'Come back to us in four weeks', you'll know that is one more chapter of a consultative and an inquiry process that is a sham," Stanton said.

Stanton said the encryption-busting legislation -- which would allow the nation's police and anti-corruption forces to ask, before forcing, internet companies, telcos, messaging providers, basically anyone deemed necessary, to break into whatever content they want to access to -- set a new benchmark for "outrageous and cheeky" legislation.

Related Coverage

Budget 2018: DHA given AU$130m for 'identity management' platform

DHA will upgrade its identity management and visa processing IT systems using AU$130 million allocated in the Budget, and has also been given AU$60 million to develop a National Criminal Intelligence System.

Australians to soon get myGovID single government identity

The first of several pilot programs using a beta version of a myGovID will begin in October, the federal government confirmed on Tuesday.

Privacy, identity 'impossible to protect' say 74% of security pros (TechRepublic)

New precautions and regulations like GDPR may not be able to help protect online identities, according to a Black Hat survey.

Most consumers believe that private browsing modes hide their identity (TechRepublic)

Private browsing mode won't hide your search history from advertisers, big data brokers, or your ISP says TechRepublic's Alison DeNisco Rayome.