Friday August 2 2019, Security and Privacy Track, Cockle Bay, 10:30 AEST

When proving somebody’s identity, it’s usually an important matter and critical to get right. With digital licences springing up around the globe, including here in New South Wales, how can we be sure that the computer is telling the truth? Does digitising the process actually improve it?

In 2015, the NSW Government announced a commitment to providing digital licences so that people can identify themselves using their smartphones. After a limited trial in 2018 and early 2019, the system is supposed to go live to users across the state some time soon. Other countries are trialling similar systems, and South Australia already has one.

The way this is presented it is largely as a black box, where ˚✧₊⁎ magic happens ⁎⁺˳✧༚ and your identity is somehow proven. For many people, particularly tech-savvy folk, magic is not a sufficient explanation, nor a basis for trust.

Using the NSW digital licence system and associated app, this talk will show you how to poke holes in different types of trust relationships. In this talk, we will:

  • have a look at authentication, authorisation and identity in the physical realm
  • investigate differences between real-world identity and digital identities
  • explore the inner workings of the New South Wales digital driver’s licence system, based upon reverse-engineering
  • discuss why you should - or shouldn’t - trust digital licensing systems, and how it impacts identity verification in your own lives

Watch 'New Phone, Who Dis?: Human Authentication in the Digital Age' on PyCon AU's YouTube account

Yaakov Smith

Yaakov Smith

Yaakov is a Senior Developer at WiseTech Global, and has an unfortunate habit of sticking his nose in all the wrong places. He has been writing and breaking code for many years, and has reverse-engineered everything from mobile apps to the Steam client. In his spare time he can often be observed roving around Sydney trying to catch Pokémon.