1
SENATOR THE HON GEORGE BRANDIS QC
ATTORNEY-GENERALMINISTER FOR THE ARTS
ADDRESS AT THE OPENING PLENARY OF THECeBIT AUSTRALIA 2014 CONFERENCE
SYDNEY – 5 FEBRUARY 2014
Introduction
I would like to begin by thanking the organisers of CeBIT Australia for the opportunity to
speak at what is one the pre-eminent events that brings together representatives from
business, government and the broader community to discuss developments in technology that
are central to Australia’s future.
It almost goes without saying to an audience like this that information technology is the key
enabler of just about all aspects of life in the 21st century. Unfortunately, it is also a key
enabler of crime and other security threats.
In today’s world, the protection of our IT systems and the information that they contain is an
important priority for all governments, as it is for the private sector and the broader
community at large.
As the minister in the Australian government responsible for national security, I am
committed to continuing to strengthen the government’s engagement with business to ensure
all Australians have trust and confidence when transacting online that their identities arwill
be secure.
One of the key elements of this work is the effort to combat cybercrime – which has been
estimated to cost Australia around $1 billion each year.
2
Delegates to CeBIT’s Cyber Security Conference will no doubt hear more about these issues
later today. I would like to focus on one aspect in particular, and that is the issue of digital
identity.
This is one of the best examples of an issue that is important both to law enforcement and
cyber security on the one hand, and privacy and digital productivity on the other.
The term ‘identity theft’ was first coined, apparently, in 1964, but the origins of identity
crime date back much further – in fact they are recorded in the Old Testament.
In the Book of Genesis Jacob assumes his brother’s identity, by providing false symbols of
his brother Esau’s character to their blind father Isaac, in order to receive a blessing that was
intended for Esau.
Fast forward from Biblical times to almost 10 years ago and identity security is
acknowledged as a priority by all Australian governments.
The National Identity Security Strategy
In September 2005 the COAG Special Meeting on Counter-Terrorism agreed to develop a
National Identity Security Strategy to combat identity crime and to better protect the
identities of Australians. This strategy was later formalised by an intergovernmental
agreement signed in April 2007.
The 2005 COAG decision also included the establishment of a national Document
Verification Service to combat the misuse of false and stolen identities. This service was first
funded by the then Government in the 2005-06 Budget and has since received a total of $30
million of Commonwealth funding.
The National Identity Security Strategy was established with a strong law enforcement and
national security focus. This is because identity crime can be used to facilitate all manner of
serious crimes such as money laundering, drug trafficking and even terrorism.
An example of identity theft is what is known as “tombstone fraud’. Those of you who are
familiar with The Day of the Jackal may recall how the terrorist ‘the Jackal’ assumed the
identity of a dead person to evade detection by authorities.
3
Despite greater use of technologies such as biometrics and other improvements in our identity
security arrangements, the methods used by ‘the Jackal’ are still available to criminals today.
The growth of online genealogy research services can make it even easier to obtain the
information needed to commit ‘tombstone fraud’, without actually needing to visit a
cemetery.
In 2011 a Sydney man was convicted of a range of offences in which he used fraudulent
identities - obtained through tombstone fraud - not only to facilitate drug trafficking, but also
to sell to his criminal associates who were involved in an outlaw motor cycle gang.
Identity crime is rated by the Australian Crime Commission as a key enabler of serious and
organised crime – which in turn costs Australia an estimated $15 billion annually.
In terms of broader impacts on the community, identity crime is also now one of the most
prevalent crime types in Australia.
Today I can announce the results of an identity crime survey conducted last year by the
Australian Institute of Criminology.
This survey asked 5,000 people about their experiences of identity crime and misuse. It
disclosed a number of important findings:
9.4 per cent of respondents suffered the theft or misuse of their personal information in
the previous 12 months.
o 1 in 5 people reported misuse of their personal information at some time during
their life.
5 per cent of respondents suffered financial losses as a result of identity crime.
o The average loss was over $4,000 per incident; ranging from $1 to over $300,000
in the most serious case.
Victims also suffered significant non-financial impacts:
o Victims spent an average of 18 hours dealing with the consequences of identity
crime and more than 200 hours for victims of a total ‘identity hijack’
4
o 11 per cent of victims experienced mental or physical health problems requiring
counselling or other treatment, and
o 6 per cent of victims said they were wrongly accused of a crime.
These findings should be a call to action for us all – and not just to redouble our efforts to
combat identity crime.
They are also a reminder of the importance of maintaining appropriate security in the online
world in which Australians are spending increasing amounts of their time – whether this be
working, studying, shopping, socialising or any of the myriad other things that we can now
do online.
Verified Online Identities
Aside from the direct impacts on victims of identity crime, traditional approaches to
managing identity crime risks can create unnecessary burdens on business and citizens more
broadly.
This is particularly the case when transacting online. The question of identity is now central
to establishing the confidence that is needed to facilitate a range of on-line transactions.
But it’s becoming increasingly accepted that traditional approaches to managing identities
online are, to put it bluntly, broken.
Many of us know the joys of having to remember multiple passwords.
Recent research by the Australian Communications and Media Authority from 2013 indicates
that the average Australian maintains between 5 and 50 different login and password
combinations to manage their online lives.
Not only are passwords open to exploitation by criminals, they are increasingly inefficient.
It’s been estimated that password problems take up between 20 and 30 per cent of all IT
service desk calls.
And that the annual cost of password resets alone is around $1 billion globally.
5
So there is significant scope for savings – for business, government and our customers - if we
can improve our management of online identities.
A recent study by the Secure Identity Alliance and Boston Consulting Group estimated that e-Government services, enabled by trusted digital identities, are set to yield an estimated $50 billion in annual global savings by 2020.
Many governments around the world have recognised that establishing a system of trusted
digital identities can not only help stimulate the digital economy, but also help to prevent
identity related crime.
New Zealand has established its RealMe service in which citizens can use a trusted
government-issued identity credential to access a range of government and private sector
services.
Other governments are engaging the private sector even more closely in these efforts. For
example, under the UK’s Identity Assurance Programme accredited private sector identity
providers offer citizens a choice of digital identity credentials that they can use to access
government online services.
At the last election the Coalition committed, in its E-Government and Digital Economy
Policy, to working with the private sector in developing a national approach to verifying
identities online.
And earlier this year the Prime Minister jointly agreed with the New Zealand Prime Minister
to investigate the mutual recognition of trusted online identities.
The Document Verification Service (DVS)
Australia’s Document Verification Service, or DVS, was originally conceived in 2005 as a
tool to support law enforcement and national security outcomes; however it is fast becoming
a vital enabler of the digital economy.
The DVS enables organisations to verify information on government identity documents such
as driver licences, passports and Medicare cards back to the issuing agency.
DVS checks are conducted via a secure online system, providing a Yes/No response in 1-2
seconds.
6
Privacy considerations are at the forefront of the DVS design. The system is not a database; it
does not store any personal information. All DVS checks must be done with the informed
consent of the person involved.
There are 20 or so government agencies that issue and manage the 50 million or more
government-issued documents that are the foundations of our national ‘identity
infrastructure’.
The DVS is used by an increasing number of these agencies.
I’d like to acknowledge the role of the NSW Government as being a leader in DVS use among state and territory jurisdictions. But government agencies are only part of our national identity infrastructure.
The private sector issues a greater number of identity documents, such as credit and debit
cards, which are often used to prove identity.
Business also performs a range of other important identity security functions, such as the
work of the banks in the prevention of money laundering.
DVS private sector access
The government is working closely with the states and territories and the business community
to expand DVS access amongst Australia’s private sector - the engine room of our digital
economy.
I’m pleased to announce that the DVS commercial service is now operational.
While still early days, there has been strong interest in the service:
over 160 private sector applications have been approved
the service now has 23 active private sector users
the first few thousand private sector transactions have been completed.
Private sector use of the DVS is largely focused on companies in the financial and
telecommunications sectors.
The DVS makes it easier for banks to detect money laundering using fake identities.
7
It makes it easier for mobile phone providers to check the identities of people purchasing
pre-paid SIM cards – to help prevent criminals using these phones to mask their activities.
And it also helps ensure the accuracy of telephone account information used for important
public functions like emergency warnings.
The DVS is also an important part of the Government’s efforts to reduce the red tape burden
on business – by minimising compliance costs that can flow from these important regulatory
obligations.
DVS use for pre-paid mobiles has been estimated to achieve time and cost savings of well
over 50 per cent, compared to other manual processes for verifying customer identities.
Future directions
The Government is working with the states and territories to further expand DVS access
amongst the private sector. This includes businesses with identity verification requirements
under state and territory legislation, such as e-conveyancing, electricity distribution and
working with children checks.
There is also a broader range of businesses which may also find it reasonably necessary to
use the DVS, in accordance with the Privacy Act, to help verify identities of their staff or
customers.
Discussions with industry have already shown that DVS access is helping to drive innovative
new online business models and services, built around promoting trusted digital identities.
Having appropriate privacy safeguards is important for maintaining public trust and
confidence in the system.
The DVS is a clear demonstration that privacy and security need not be mutually exclusive in
the online environment: in many cases they can and should be mutually supportive.
The Australian Government looks forward to reaching agreement with the states and
territories over the coming months on new arrangements for expanding private sector access
to the DVS.
8
Conclusion
In highlighting the importance of identity security, let me conclude by emphasising that
Australians retain the right, enshrined in the Privacy Act, to act anonymously in a wide range
of situations.
Governments and business need to respect this right by only requesting the verification of a
person’s identity when they have a reasonable need to do so – and then only to the degree
required by the transaction.
Similarly, governments and business should be able to confirm a person’s identity when they
have a need to do so – to have confidence that the person is who they claim to be online.
As I said a moment ago, the need for identity security and the right of privacy are not
mutually exclusive, and are indeed complimentary objectives.
Tools like the DVS are important enablers of the digital economy, and are also a key part of
national efforts to combat identity crime – one of the most prevalent crime types in Australia.
During the course of your conference, I encourage you to reflect on the importance of trusted
digital identities over what promises to be a series of stimulating discussions on cyber
security, e-government, digital economy and related issues over the coming days.
And I wish you well with what I’m sure will be a successful, stimulating and consequential
conference.
ENDS
Recommended
