Digital identity use, inclusion, and resilience dependencies

There are a growing number of digital identity providers across the public and private sectors. Digital identities typically rely on analogue or physical credential enrolment and verification combined with biometric capture. The general intention is that once enrolled, the owner ofthe digital identity is able to access service providers that are connected with the digital identity provider without having to re-enrol their identity as a new customer.

Often, digital identities are lauded for their ability to conceal attributes during transactions that may heighten identity theft risks and ease of use. Some schemes have incentivised community enrolment by promoting access to entitlements or denying certain access without possessing a digital identity.

Various security features operate across the different digital identity issuers. Many do not have clear response processes in the event that a digital identity has been obtained by an impersonator, has been abused by an impersonator, has been compromised on the end-user device, or anindividual has been deceived into enrolling and/or using their digital identity by scammers. All of these risks are real and have been captured injurisdictions offshore, and some in Australia, where digital identity systemsare in use. There is a risk without adequate attention to the response needs to these threats that the same friction community members experience in the non-digital identity world could be amplified in a digital identity context,undermining community trust in their operation.

A further consideration in the design and deployment ofdigital identity systems is their accessibility to vulnerable groups andcommunities. Typically a key requirement of such systems includes reliableinternet connectivity, updated and functional mobile devices, the alreadyacquired physical credentials and the acquisition of such credentials in amanner where an individual’s identity is represented consistently across issuedcredentials, an understanding of in-language terms and conditions and privacypolicies to achieve genuine consent.

This research priority encourages proposals that focus workin examining one or more of the following questions:

RP1.1 How accessible are digital identities, what are the use and inclusion risks, and how vulnerable are digital identities to the exploitation by scammers and cybercriminals?

RP1.2 Are vulnerabilities in analogue or physical identity credential systems transferrable to a digital identity operating environment?

RP1.3 What relationship exists between digital identity frameworks and consumer rights? What are international comparative law examples of these connections and are there risks that digital identity usage shifts from the issuer to the consuming or relying organisations and their abrogation or upholding of such rights?

RP1.4 What behavioural trends of consumers lends itself to amplifying digital identity usage risks and how are these evolving across other contexts that can inform response system frameworks and standards?

‍