The Australian government’s decision to institute a pilot program testing an online age verification system digital ID system was overshadowed by a privacy scandal concerning a legal requirement for bars and clubs in the region.
The wrinkle juxtaposed these two narratives in a glaring light and shows how the push for digital ID raises privacy concerns that transcend the initial point-of-sale or point-of-access and becomes an ongoing data-invasive system that makes surveillance much easier.
In New South Wales (NSW), clubs must legally collate personal information from patrons upon entry under the state’s registered clubs legislation, a mandate echoing the proposed age verification and digital ID requirement for websites. The data gathered, meant to be safeguarded under federal privacy laws, has become the heart of recent concerns on privacy and data risks surrounding age verification as it has ended up getting leaked.
However, following hard on the heels of the government’s announcement of an online age verification system, the privacy of club-goers and bar attendees was threatened in a substantial data privacy issue.
There are now suspicions of a considerable data violation, involving personal data collected under law by these venues. An unauthorized platform has purportedly made accessible the personal data of over a million customers from at least 16 licensed NSW clubs, forcing cybercrime detectives into action.
The alleged data spill includes records and personal data of high-level government officials. Outabox, an IT service provider, stated it had been notified about the potential data breach involving a sign-in system used by its clients by an “unrestricted” third party.
Government representatives, in the face of this serious data breach, attempted to understate the magnitude of the incident. The Gaming Minister David Harris, in response to the crisis, clarified the incident wasn’t a hack as it stemmed from a data breach of a third-party vendor.
“We know that this is an alleged data breach of a third-party vendor, so it wasn’t a hack,” he said.
“There was a high-level meeting yesterday and the authorities, cybersecurity and police organizations are currently investigating that and when we get authorization we can give more information.”
But such an incident underscores precisely the apprehensions articulated about online age verification and digital ID mandates. It’s also underscored by the fact that the government wants to backdoor encrypted messaging, ending privacy for all. But as with all of this data surveillance, you can’t control who ultimately gets their hands on that data.
