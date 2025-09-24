Earlier this week some of you may have seen my latest two-part article on Digital ID published by the wonderful folks at The Conservative Woman (here and here - thanks again go to Kathy and her amazing copy editor, Margaret). While you can read the better, copy-edited version over at TCW, here I will reproduce the original long-form version of my Digital ID article for my readers.

Over the last few days we have seen headlines proclaiming the implementation of Digital Biometric ID in Vietnam led to 86 million bank accounts being closed (here and here) where the owners of those accounts, and any money in them, had not established and verified their semi-voluntary but nationally mandated Digital Biometric ID. In Part 1 I reflect on the flawed global push for Digital ID and how what happened in Vietnam may be by intention. In Part 2, I use myself as a Guinea Pig to remotely test the current state of Digital Identification currently being implemented in Australia.

The Flawed Push for Digital ID

I have written previously about State-sponsored electronic surveillance the shift towards Digital ID and Digital Driver’s Licenses. I described the flawed push towards digital ID from the prospective of the three fallacies of security. First, the fallacy that a device, software application or smart technology can ever be totally secure. Second, the fallacy that governments and law enforcement will act in our digital best interests and maintain our right to digital privacy and security. And third, the fallacy that digital integration is always nett beneficial and safe.

In my work I describe how legislation in countries like the UK, New Zealand and Australia has been gradually manipulated to allow warrantless searches and, where they find digital devices, make specious or vaguely plausible excuses to compel first passwords and, more recently, encryption keys. When courts in countries like the United States ruled against compelling passwords and passcodes on grounds of self-incrimination, but started allowing police to force suspects to provide biometric identifiers like fingerprints or facial images to unlock devices, I predicted that biometrics would become the go-to method globalists and governments would want to use for identification and social control. While the US Supreme Court this year in U.S. v Brown ruled forcing a suspect to unlock a phone with a fingerprint did, in fact, violate protections against self-incrimination, the push towards using biometrics tied to Digital ID has continued unabated.

I predicted that with digital driver’s licenses would come the potential for abuses by police when Digital ID verification systems are unavailable, and even when they are. In order to show an officer your digital driver’s license you are required to unlock your phone and then unlock either your digital wallet or a state-provided digital ID app. While the public is repeatedly told officers are not allowed to handle your smart device during this process, how much faith do you have in the average law enforcement officer during an often-unwitnessed roadside or pretext-stop to not demand or seize your device? After all, it’s not like law enforcement officers haven’t ever violated rules like this to access information and pictures inside smart devices before (see: here, here, here and here). Police in some jurisdictions have even begun using obscure regulations to fine thousands of drivers whose only crime is forgetting or being unable to charge the smart device on which their digital wallet, Digital ID and hence, Digital Driver’s License, is stored.

We now have laptop computers, smart device operating systems, and banking and social media apps with nag screens pushing you towards using your face or finger instead of passwords - because, they say, it’s incredibly quick and easy and significantly harder to replicate or steal. However, companies like Microsoft, Apple and Google leave the most important fact unsaid - that like those 2FA codes and RSA tokens, biometrics are not a foolproof solution and anyone intent on hacking your device or Digital Identity will still get in. At the simple end of the spectrum there are examples all over the internet of children being able to use their own fingerprints to unlock a parent’s fingerprint-secured device (see: here, here, here and here). Others got around the more recent government requirements for age verification using biometric facial scans in the UK and Australia by holding devices up to scan images of characters from computer games and freeze frame images of US President Donald Trump (here and here). And while we are told that Digital Wallets are safe and effective (that sounds familiar), their use has simply socially engineered into a lot of people to keep all their eggs (credit cards, user accounts, digital identification and even digital car keys) in one digital smartphone basket. This has resulted in a new type of fraud known as Digital Wallet Fraud. It was incredibly quick and easy (there’s that term again, too!) for fraudsters to evolve and this il-considered digital consolidation simply offered a new and, some say, easier attack vector where a link in a text message or near-field over-the-air malware attack can expose all of your account, card and payment details in seconds.

I also predicted that the ubiquitously voluntary Digital IDs (here, here, here and here) would quietly become mandatory for accessing social welfare payments and other government or public services. While they have denied it for years we are already starting to see politicians and public services acknowledge their intention towards or requirement for mandatory Digital ID (here and here) - and this is where we return to the rollout in Vietnam. I have mentioned online that I believe one of the key issues with implementing Digital ID is that it is a pro-business move that creates two classes of people - those who can afford or who have sufficient income or credit to keep moving with technology, because just like the Covid track and trace apps users of older smartphones or non-smartphone devices that are unable to run the most recent versions of Apple’s IOS or Google’s Android operating systems and Digital ID apps get intentionally left behind in the rollout of this Digital ID infrastructure. I suspect this might explain many of Vietnam’s 86 million closed bank accounts - that some large percentage of these accounts belong to farmers or other remote, country-dwelling and non-tech savvy citizens. Many of them may be nothing more than collateral damage in the globalist push to make us all digital, trackable, predictable and controllable.

Consider... If, on average, each closed Vietnamese account only held the equivalent of £1 Great British Pound (₫35,500 Viet Dong), that’s £86 million that effectively just disappeared from the Vietnamese economy. Who gets to keep the funds in those 86 million bank accounts? Do the funds simply disappear? Get absorbed by the banks? Or is there other legislation at play that incredibly renders them bona vacantia and, thereafter, property of the State? My bet is on the latter. And this may have been by intention for several reasons. First, it gets a lot of poor and country people out of the country’s economy - without the VNeID these country and farming people can no longer access government services to receive low-income benefits and age-related pensions, apply for driver’s and other forms of licenses, sign rental agreements, pay their taxes, educate their children at university, get a passport or participate in much of Vietnam’s cashless digital economy. Second, it reduced the burden for the State Bank of Vietnam who, prior to the VNeID, were operating around 200 million personal bank accounts for the 101 million strong population. Third, it potentially allowed politicians, on behalf of the State and under the self-imposed colour of right, to seize the funds in those accounts.

However, and aside from a couple of preprints on arXiv and Researchgate (for example: here and here), you won’t find my research on these issues published in the ‘accepted’ academic literature. You won’t easily find this work because I was rebuked several times by senior academics at the University I was working for at that time; a university with many senior academics who were members of or funded by organisations pushing Digital ID such as the World Economic Forum (WEF), Turing Institute, United Nations, and the Bill and Melinda Gates Foundation (BMGF). I was also unequivocally reproached by the editors of several academic journals, many of whom have similar financial conflicts of interest and whose desk rejections of my research work came and still come with uncompromising rapidity. I was ostracised because I dared to point out the problems and potential pitfalls of adopting these globalist-promoted WEF, Gates and Tony Blairite unsafe digital control measures. You see, the adoption of Digital ID infrastructures has little to do with their claims about protecting you from hackers or identity theft (here, here and here), and even less to do with protecting our borders from illegal boat people who are known to toss identity documents and devices overboard before making landfall. Digital ID infrastructures are about governments, police and globalists being able to track your every movement, your every word, your every purchase, your every click on the internet, your every phone call and your every association (here and here). Digital ID are about creating a complex and complete picture of you in order to implement other even more draconian technologies like Chinese-style Social Credit systems. These technocrats openly admit their intention to use all the data they collect from your use of Digital ID infrastructures to create a blended reality where your real interactions and transactions are used to compute a digital twin of you, aka your Social Credit Score, that incorporates your present and future economic, social and environmental sustainability.

I do wonder what they will do with the vast numbers of us their algorithm deems to be unsustainable.

I also wonder, if one of them decides they don’t like the inference they draw from your most recent social media post or unguarded comment at that dinner party last week, whether they will have some sort of virtual switches and levers to capriciously deplete even an otherwise respectable person’s social credit score.

Only time will tell.

Assuming you all continue to let them go ahead with this draconian Orwellian nightmare.

My Experiment

I decided to conduct a test of Australia’s currently highly integrated digital identity platform in order to discuss why the move to integrate even access to the internet into the government’s Digital ID platform could enable even easier digital fraud and identity theft.

Let me start out by saying that for the purposes of this experiment I used myself, and only information about myself. No other individual was contemplated or harmed, and no fraud was committed. Using myself may have made it easier for me to surface the flaws in the system but, I would argue, if the flaws exist, they exist for everyone.

Step 1: Open a Bank Account

The first step in my experiment was to see if I could get access to a bank account. I went to the website of one of the well-known but second tier banks in Australia. The bank I chose operates as one of several subsidiaries of the much larger Westpac Bank. I started to go through the process of establishing a new everyday transaction (i.e. non-savings) account but found myself stymied not by the Digital ID requirements. Rather, I was caught short by the need for a local mobile phone number to receive the incredibly annoying and often insecure 2FA 6-digit codes. This led me to undertake Step 2 at this point, in which I got an Australian eSIM and mobile phone number before continuing.

With a working Australian mobile phone number, I only needed to call this particular bank’s customer service number, give then the Access number their website had issued to me, and have them add the phone number to that account. The young and naïve sounding girl who answered did little more than verify the account and access numbers the website had issued me only minutes before, before adding the mobile number to the account. Simple, efficient, and scarily easy.

I then continued the process on the website to open the first bank account. Establishing Digital ID for the account was as simply as typing in a physical driver’s license number and a passport number and typing in the 6-digit 2FA code that was sent to the mobile phone number. As a test, the passport I used was well out of date and expired and had already been replaced by a new one some time ago. Incredibly, the Australian Digital ID verification system API accepted and verified it as a current identity document. No taking a photo. No biometrics. And nothing beyond the couple of 10-12 digit numbers and the 2FA code and I had an open, working bank account. The website even claims to have posted out a debit Mastercard to the family member’s physical address I entered into the website. In their banking app on one of my smartphones it showed me the card numbers and pin that had been generated for the card, even though the card probably won’t arrive for several days.

Step 2: Get a local eSIM

The lesson from this experiment is that getting the eSIM and local phone number should have been Step 1. Never mind. Lesson learned. Getting an eSIM was equally easy. I opened a user account on one of the three Tier-1 mobile service providers with the same physical ID numbers, and signed up for a month-to-month mobile service using my UK credit card. Within five minutes I had a working phone service that my brother in Australia verified by sending me a rather humorous text message:

Step 3: Open a second bank account

I decided at this point that it must have just been blind luck. That surely a Tier 1 mainstream bank would not make it so easy to open an account using Australia’s digital identity verification system. I went to the website of one of the largest and most well-known banks in the country. Their process was the only one of the three to use live camera to ‘scan’ the ID documents and was also the only one to recognise that the expired passport was... expired. Their process sent a link to my then unverified email account that allowed me to open up their website on my smartphone directly into the current step in the account process. It required me to take pictures of the front and back of the physical driver’s license and expired passport but, after identifying that the passport was expired, it accepted a photo of a print from my HP printer of a photo of my current passport in place of the real passport. The other difference in the second bank’s process was that it wanted a picture of me that matched the photo on the identity documents. Similar to the kids who recently showed that age verification tools were susceptible to images of game characters and stills of Donald Trump, I held the phone camera in front of a photo of me from about 15 years ago hanging on my office wall... and it worked. They asked for a third identity document and the list of options included details of the debit or credit card on an account with another Australian bank. If you’re thinking I used the debit Mastercard number from the first bank, a card that hadn’t even been posted out yet, then you’d be right. Incredibly, that worked too.

All of this means the third-party tool they integrated into their website to connect to the Australian Government digital identity verification API for Know Your Customer (KYC) checks lacked the ability to tell the difference between a real object and a low-resolution print of an object. Given that the debit Mastercard had only been made available on the first bank’s app about fifteen minutes before and it hadn’t been activated, had never been used or even stamped and posted out yet, their KYC process was simply collecting and storing rather than verifying this information. It couldn’t even tell if the person it was looking at was a living 3D human or a 2D photo behind glass on a wall.

Conclusion

You may be wondering why this is important, so I invite you to consider the following scenario.

You are on holiday overseas for two weeks. During your holiday someone breaks into your house and finds your old, expired passport and a letter to renew your driver’s license in a drawer. They take these, and snap a quick picture of you in your wedding portrait that’s on the wall in the hallway. With the information from these three things my experiment has shown they have every piece of information needed to use the Australian Government’s digital identity verification platform to open a new phone account in your name, and use that phone number for 2FA verification to identify as you to banks and other institutes. Once they have a new bank account in your name, they can easily seek credit cards and loans from that bank in your name. It really is that simple.

The old system that required you to go into the bank or other places and identify yourself with three pieces of ID (100 points) might have been time consuming and annoying, but it at least required considerable effort on the part of the fraudster to create fake but believable looking copies of your ID with their photo on it, if they wanted that ID to be accepted. This new digital identity verification API has made it considerably easier. They can do it from London. Or Toronto. Or Nigeria. Or just about anywhere with an internet connection.

Digital ID and digital identity verification isn’t making it safer and more secure for us. But it is doing two things. It’s making it easier for governments and police to capture every aspect of our lives - to track your every movement, your every word, your every purchase, your every click on the internet, your every phone call and your every association. It’s also making it far easier for fraudsters to hijack your identity while maintaining much more than arms distance.

*** *** ***

