Authorities plan to introduce online identity checks using smartphones

Australia's tax office plans to invest in 'selfie' authentication software

The Australian Tax Office (ATO) expects to add electronic identity verification, based on a combination of user-submitted selfies and documents, to Australia’s myGovID system by mid-2021.

An ATO spokesperson said the programme is “the next step in developing a digital identity solution for accessing government services”. The agency plans to use liveness technology so that Australian citizens can prove their identities remotely.

“The implementation of liveness technology within the myGovID app will enable the user to take an image of themselves, or take a ‘selfie’, and use the liveness software within the app,” an ATO spokesperson told The Daily Swig.

“Liveness software provides the ability to determine that the photo is of a true and live person.”

Image conscious

The app will capture the person’s image and, with their consent, compare it to a photo already held within government records, such as on a passport or driver’s licence.

The technology uses the Australian government’s Facial Verification Service. The system will work alongside existing document checks and make use of security features within the user’s smart device, including fingerprint or face recognition, or a password.

The ATO will impose limits on how data is stored or moved – once a user passes the ID checks, the myGovID app will delete images used for verification. The agency will also carry out a presentation attack detection (PAD), and other security tests, before deployment.

“Verification, and the use of non-paper passed, physical face to face identification is definitely growing,” Philip Black, commercial director at identity systems vendor Nomidio, told The Daily Swig.

Liveness verification has become increasingly important recently. This is both due to the Covid pandemic, which makes in-person checking more difficult, and because of the growth in e-commerce and online public services.

Regulations in sectors such as banking are also requiring organizations to carry out more ID checks, which often represent a time-consuming and expensive process, according to Black.

Without liveness checks, however, there is a risk that fraudsters and other criminal groups could use photos or even computer-generated images to bypass security measures as part of attempts to steal or spoof identities.

Identity check

Liveness checks work by asking the user to read out text, respond with facial gestures, or even move closer to the camera.

“If you turn up at an office with your passport and driver’s licence and a utility bill, you’ll verify my face and that the ID document doesn’t have a picture pasted on it,” said Black.

A liveness check tries to replicate that human verification electronically. According to Black, electronic ID checks are significantly quicker than manual checks, and potentially, more secure.

Nonetheless, privacy advocates say the plan is controversial.

Read more of the latest security news from Australia

“The images have been purloined from multiple existing sources that were established for specific purposes, particularly driver licensing and passports, expropriated with the intention of applying them to a never-ending series of quite different purposes,” Roger Clarke, an IT consultant and secretary of the Australian Privacy Foundation, told The Daily Swig.

“But it’s highly error-prone, and false positives will be commonplace. And to the extent that it doesn’t work, yet is relied upon, it will cause all manner of problems.

“The negative impacts will be borne by people, not by powerful agencies and corporations that can and do ignore complaints and protect their own interests, not those of the public.”

The Australian government, however, maintains that the system offers benefits, and recently invited tenders for its upgrade.

“Liveness software will provide an even greater level of identity verification and enhanced user experience for clients using myGovID to access Government Online Services,” the ATO spokesperson said.

The ATO is leading the process on behalf of the Australian government, although the country’s Digital Transformation Agency and Department of Defence and Services Australia are also involved.

READ MORE Australian Cyber Collaboration Centre set to open with focus on security testing, training