State and territory governments are sharply increasing pressure on Optus to carry the can for renewing identity credentials compromised through a data breach, though it remains deeply unclear how many high-value documents are caught up in the fiasco, or how old or current they are.
With the federal government now in full public attack mode against the privately held, Singaporean-owed carrier, state registries are bracing for an onslaught of various licence renewals prompted by the breach that appears to have topped out at around 10 million affected users.
The cost of re-issuing credentials varies widely from state to state, with NSW citing an indicative cost of around $30 for a digital rollover, while VicRoads starts at $85 for three years and tops out at $292 for 10 years.
However, those numbers are the retail prices charged by many registries who take a fat clip on the transactions as part of state revenue raising, with the wholesale cost likely to be far lower.
Ironically, because licence issuance is a generally profit centre for government, registries could make more money out of credential rollovers than usual with Optus footing the bill.
Conservatively assuming one million licences need to be reissued, and state governments take a profit of $50 per licence, the windfall for state registries would be around $50 million.
Resentment is also quietly starting in state transport agencies over the way politicians in Canberra have continued to escalate their rhetoric against Optus, when it is largely federal anti-money laundering and counter-terrorism requirements for regulated services and transactions that create the massive data harvesting impost.
Credential hoarding is a known privacy and information security issue, however, there has been little progress in streamlining documents required for Know Your Customer checks.
States including Queensland and NSW have been trialling various digital identity pilots, ranging from trade licences and safety certificates to working with children checks and online alcohol sales.
At the federal level, there is also the myGovID credential and the Trust Digital Identity Framework, which aims to gradually create a nationally interoperable digital identity ecosystem.
However, Labor has not yet publicly backed the project, keeping its powder dry during the election to potentially shoot it down as another attempt to create the Hawke-era Australia Card, as it did with Joe Hockey’s smartcard-based Access Card.
The entire myGov endeavour is now the subject of a special audit commissioned by government services minister Bill Shorten and led by serial reviewer and former Telstra and IBM Australia boss David Thodey.
It is still unclear which minister has custody of the federal digital identity policy agenda, if there even is one.
Federal health minister Mark Butler on Wednesday again attacked Optus and claimed the telco had failed to disclose to authorities Medicare card numbers were swept up in the breach.
In the event there is an order for affected Medicare numbers to be rolled, the consequences would flow right through the primary care system, where patient administration and practice-management software systems have now largely automated transactions and payments like refunds.
A serious issue now arising from feverish criticism emanating from politicians in Canberra over the incident is the creation of mixed messages and widespread confusion over how people will know they are affected and whether they need to get their documents reissued.
NSW customer service minister Victor Dominello appears to have had the most success, getting on the front foot to triage a potential avalanche of licence renewal requests, while again citing the need for better digital-authentication mechanisms.
“I can confirm Optus will contact customers in coming days to confirm whether or not they need to apply for a replacement driver licence,” Dominello said on LinkedIn.
“People in NSW with a digital driver licence will have an interim card number issued instantaneously via the Service NSW app. A new plastic licence card will be issued within 10 business days.
“The cost to replace your driver licence is $29 and will be charged by Service NSW at the time of application — reimbursement advice will be issued by Optus to customers in the coming days.”
:
Dominello slams driver’s licence data harvesting, opens door to Optus paying for replacements
Any feedback or news tips? Here’s where to contact the relevant team.