See the "Australia Card"[1] for why the Federal government probably couldn't provide central identification/auth services. It is politically very challenging...despite the obvious benefits it would provide.
[1] https://en.wikipedia.org/wiki/Australia_Card -- Regards, Nick Adams On Tue, 27 Sep 2022, at 12:39 PM, Michael Kahl wrote: > Is there any legal obligation to store sensitive ID information in its > original form? Storing a hashed version only would be sufficient to prove the > details had been collected and verify any future ID verification requirements > without actually retaining the sensitive data. > > Separately, should the government provide an opt in two factor ID > verification service for critical services such as telco, utilities, banking, > etc? There are privacy concerns, however if implemented correctly they > wouldn't be collecting any further information than what they legally have > access to now. > > On Tue, Sep 27, 2022 at 11:12 AM Nathan Brookfield > <[email protected]> wrote: >> They’re legally obligated to retain it but why it’s on the API and why it’s >> not encrypted. >> >> Looking at the data some fields are hashed and then repeated in the bloody >> clear :( >> >> On 27 Sep 2022, at 11:02, [email protected] wrote: >> >> My understanding was that the data included the 100 points of ID info. Why >> are they retaining this? Surely after confirming the 100 points there only >> needs to be a record "100 points provided"=true and not retain the actual >> details. This goes back to only keeping the private data you need. >> >> regards, >> Glenn >> >> On 2022-09-27 10:49, Damien Gardner Jnr wrote: >> > Personally, I find putting Authentication on my API endpoints to be a >> > FANTASTIC first step towards API security. And then not even using >> > public IP addresses in test environments is a pretty good second >> > step.. </onlyhalfsarcasticherewhydoesthiskeephappening> >> > On Tue, 27 Sept 2022 at 10:46, Bevan Slattery <[email protected]> >> > wrote: >> >> Hi everyone, >> >> Obviously a big week in telco and cybersecurity. As part of my work >> >> I am on the Australian Cyber Security Industry Advisory Committee as >> >> an industry representative. >> >> I am keen to look at opening up a dialogue with more and more telco, >> >> DC and Cloud CISO’s on what they are doing around this issue and >> >> looking to take a proactive step towards best practice on customer >> >> data and system security. >> >> There will be some pretty serious consequences of this hack on the >> >> industry and importantly we need to make sure we are as best placed >> >> to help each other continually increase in security posture through >> >> best practice, but also working with each other as an industry. >> >> Are people keen on having a online/VC session sometime in the next >> >> few weeks where like-minded industry participants get together and >> >> discuss security, retention, encryption, threat detection etc.? If >> >> so, just ping me directly and if there is enough interest I will >> >> send out an invitation to the list for a call. >> >> Cheers >> >> [b] >> >> _______________________________________________ >> >> AusNOG mailing list >> >> [email protected] >> >> https://lists.ausnog.net/mailman/listinfo/ausnog >> > -- >> > Damien Gardner Jnr >> > VK2TDG. Dip EE. GradIEAust >> > [email protected] - http://www.rendrag.net/ >> > -- >> > We rode on the winds of the rising storm, >> > We ran to the sounds of thunder. >> > We danced among the lightning bolts, >> > and tore the world asunder >> > _______________________________________________ >> > AusNOG mailing list >> > [email protected] >> > https://lists.ausnog.net/mailman/listinfo/ausnog >> _______________________________________________ >> AusNOG mailing list >> [email protected] >> https://lists.ausnog.net/mailman/listinfo/ausnog >> _______________________________________________ >> AusNOG mailing list >> [email protected] >> https://lists.ausnog.net/mailman/listinfo/ausnog > _______________________________________________ > AusNOG mailing list > [email protected] > https://lists.ausnog.net/mailman/listinfo/ausnog >
_______________________________________________ AusNOG mailing list [email protected] https://lists.ausnog.net/mailman/listinfo/ausnog
