2.8 KiB
Australia
Programs
- Your digital identity and credentials New South Wales
Help us make it easier for you to do things like open a bank account, buy a phone, start a new job, prove your age or enrol to study.
Policy
By reframing digital identity as a matter of data protection in more general terms, we would stay out of the risk management ploys and business affairs of others, preserve today’s many ways of credentialling and transacting, and be seen to focus on more objective security outcomes.
* Lockstep Submission – AU Digital Identity Legislation (1.0)
* Lockstep Submission – AU Digital Identity Legislation Phase 2 210714
* Lockstep Submission – Trusted Digital Identity Legislation Phase 3 211027
Government should adopt a simple, existing standard for its digital ID system, such as the public-key infrastructure (PKI)-based system in use within many European countries. PKI offers a number of security and privacy benefits that the TDIF aims to have; however, as no central authority is involved in authentication, no entity can meaningfully track user activity.
The NSW Government has established a Digital Identity Ministerial Advisory Council (DIMAC), that will advise on a strategic direction and roadmap for digital identity in the State.
Use Case
The technique for overcoming these safeguards is surprisingly simple. The key is the ability to brute-force the PIN that encrypts the data. Since it’s only four digits long, there are only 10,000 possible combinations. Using publicly available scripts and a commodity computer, someone can learn the correct combination in a matter of a few minutes, as this video, showing the process on an iPhone, demonstrates.