Digital ID and the need for open platforms

Published on
Updated on

The Digital ID Bill 2023 sits before the Australian Senate to establish a Digital ID scheme in Australia.

Digital IT has the opportunity to empower people and organisations in Australia. However it needs to come with the right safeguards and implementations to make this happen.

The implementation of Digital ID in Australia comes as the myGovID app. Currently the myGovID app requires users to have an account with Apple or Google as it is exclusively distributed via the Apple App Store and Google Play Store. This creates digital lock-in to these providers and thwarts competition in the mobile OS space.

Screenshot of myGovID website showing Google and Apple-exclusive download methods
Recent screenshot of myGovID website which only supports Apple and Google users

To the best of my knowledge Google and Apple are not parties to the Digital ID regulation and not subject to the additional safeguards of the other Digital ID players. If Google and Apple did become accredited entities I would have serious concerns about privacy of users in the Digital ID system.

The myGovID app is not currently free and open source software (FOSS). This means that software developers, researchers and tinkerers are unable to see how the app works, suggest changes, make their own local changes or build a community around myGovID. By keeping the app proprietary it could in fact be less secure than an open one.

Lack of openness and interoperability increases inaccessibility risks as a single provider may not reach all accessibility needs.

Lack of openness increases sovereign risk with the government relying on individual providers.

By making the myGovID app exclusive to Apple and Google app stores, Apple and Google receive favourable treatment from the Australian government. This comes at the same time that the European Union's Digital Markets Act (DMA) is being used to regulate large tech companies, change business practices, prevent anti-competitive practices that are rife and open up the market to competition.

Making myGovID exclusive to Apple and Google means that Australians have a choice of convenience or digital rights, but not both. It is easy to imagine how lacking a Digital ID would lead to manual processes, delays and perhaps a requirement to visit the relevant agency in-person.

Neither Google nor Apple have users' best interests at heart. Both Apple and Google have a bad track record on digital rights of the general populace, with Google's anti-privacy stance and Apple's various digital lock-in mechanisms. Google was recently compelled to delete user data which it had unlawfully collected in the United States. Apple has long banned alternative app stores and prevents users from installing unapproved software on their devices.

To make Digital ID in Australia more open, I suggest the following:

  1. The myGovID app be made available as FOSS, just like the Middleware eID software in Belgium.
  2. Digital ID and myGovID mandated to use interoperable and open digital standards where possible and a roadmap to new standards as they arise.
  3. Develop a strategy to supporting open platforms in myGovID, instead of exclusively targeting closed platforms like Google and Apple.

I also support making Digital ID optional and preventing disadvantage to people without Digital ID to the highest possible degree.

Open Platforms

LineageOS, GrapheneOS, Ubuntu Touch and their corresponding app stores F-Droid (LineageOS and GrapheneOS) and OpenStore (Ubuntu Touch) are open platforms for smartphones. Flathub is an open app platform for Linux.

LineageOS and GrapheneOS have their roots as an open source project from 2009, based on AOSP from 2003. There are estimates that 1.5 million people are running LineageOS alone, despite the pervasiveness of Google and Apple's walled gardens.

Open platforms like LineageOS and Linux are especially popular because they often extend the useful life out of computer and mobile hardware, compared to Apple and Android phones which are often built for obsolescence.

PWAs are another way to deploy application software to a wide range of platforms.

Many companies of varying sizes are built around open platforms, like Canonical, PINE64, Purism and Murena, to name a few.

In an era of walled gardens it may be difficult to imagine any alternative. TCP/IP, World Wide Web, Universal Serial Bus and email protocols are some of the many examples of interoperable standards that have greatly improved access to information and improved connectivity. Government must continue to pursue standard and interoperability, protect digital rights and promote competition.