Snakeoil AcademyAttend PyCon AU 2021

New Phone, Who Dis?: Human Authentication in the Digital Age

Yaakov Smith


Yaakov is a Senior Developer at WiseTech Global, and has an unfortunate habit of sticking his nose in all the wrong places. He has been writing and breaking code for many years, and has reverse-engineered everything from mobile apps to the Steam client. In his spare time he can often be observed ~roving around Sydney trying to catch Pokémon~ staying at home.

New Phone, Who Dis?: Human Authentication in the Digital Age

In 2015, the NSW Government announced a commitment to providing digital licences so that people can identify themselves using their smartphones. After a limited trial in 2018 and early 2019, the system is supposed to go live to users across the state some time soon. Other countries are trialling similar systems, and South Australia already has one.

The way this is presented it is largely as a black box, where ˚✧₊⁎ magic happens ⁎⁺˳✧༚ and your identity is somehow proven. For many people, particularly tech-savvy folk, magic is not a sufficient explanation, nor a basis for trust.

Using the NSW digital licence system and associated app, this talk will show you how to poke holes in different types of trust relationships. In this talk, we will:

  • have a look at authentication, authorisation and identity in the physical realm
  • investigate differences between real-world identity and digital identities
  • explore the inner workings of the New South Wales digital driver’s licence system, based upon reverse-engineering
  • discuss why you should - or shouldn’t - trust digital licensing systems, and how it impacts identity verification in your own lives
Conference schedule listing