Amidst an environment of great concern around just why companies are asking for our ID then storing our ID documents or document numbers, our biggest Telco Telstra has explained just why it happens and paints a vision for the future.
While Optus remain curled up in the fetal position in the corner not talking to anyone, not explaining their position on ID documents and frankly, still not contacting all their customers – Telstra has taken the opportunity to express some simple views and explanations that will help us all, including Optus customers.
New to the CEO’s office, Vicki Brady has put her name to a blog post on Telstra Exchange which I think answers the questions many Australians have been asking.
Firstly, why does a Telco need our ID?
“In short, to set up a new account with us, we’re required to verify your identity by checking and confirming at least one form of primary ID plus one or two forms of secondary ID, or two primary IDs.”
The bigger question, why do telcos retain our ID document numbers?
“At the moment a range of laws and codes are geared towards us retaining our customers’ ID data, and as a result our systems are set up to do so.
For example, to help law enforcement agencies combat fraud and other criminal activity, telecommunications service providers are required to retain data used for identification purposes while an account is active, and for two years after it is closed. Importantly, the retained data must be encrypted and protected from unauthorised interference and access. This is the law and we comply with it as a necessary part of doing business.”
What Telstra doesn’t mention, and a question Optus must answer and all other Telcos best be checking and sorting out right now is – why do you retain ID data after a customer has left you – or after the 2 years of mandatory Telco data retention? We’ll wait till Optus wakes from their slumber to work that out, or when the Office of the Information Comissioner presents their findings.
Importantly – how can we do better?
Now this is where Telstra sets a line in the sand, and seeks to ensure the conversation moves to how we can use our advanced digital nature to find a better way.
Telstra CEO Vicki Brady says “The Federal Government has indicated it is looking at changes in this space and we’re supportive of a review. We understand there’s a fine balance between retaining data to help combat crime and protecting our customers’ privacy.
“The requirements to retain this data made sense at the time they were created, and have helped combat fraud and help other law enforcement activities. With more recent advances in multi-factor authentication for ID purposes, and initiatives like the Trusted Digital Identity Framework on the horizon, we absolutely agree it’s time these rules were looked at.
Here’s where it gets really fascinating, Ms Brady says “We want to make our principles on retaining customer ID data clear: once we know who you are, and we have an ongoing way of verifying who are you are (eg through biometrics like face ID or fingerprints that you control), there should be very few reasons to retain your ID data. We will be guided by the outcomes of the Government’s reforms and developments under the Trusted Identity Framework, but that is our starting point.
Now that’s exciting.
I use MyGovID – have done a few times, it’s a great system which sits on my phone, uses FaceID on my phone to validate, but within the app an extensive check of my ID Documents (in my case I chose Passport and Drivers Licence) ensures the app knows who I am, so hey, next time we sign up for a mobile plan – why not use a one-time code generated in the MyGovID app to validate who I am with the Telco? It’s not rocket science at all – and I’m here for it.
Onward Federal Government, let’s get this happening.
