I received a reply from the ATO. I've summarised my original email and its response, and included the full text of the response below. Koji Summary ======= My original email ----------------- Concerns: - myGovID should not require a recent smartphone. - myGovID should not require an Apple or Google account. - myGovID must be free software, not remain proprietary. Recommendations: - make myGovID binaries available for desktop operating systems. - make myGovID binaries available as a direct download and F-Droid. - publish checksums or cryptographic signatures of myGovID binaries. - release myGovID as free software. publish source code and documentation. - make the build of myGovID reproducible: https://reproducible-builds.org/ ATO's response -------------- Response: - the old AUSkey system was hardcoded to expire on 2020-03-27. - each AUSkey was assigned to a business, not an individual. - each myGovID is unique to an individual. - AUSkey credentials were forgotten or misused (eg: shared to others). - a recent smartphone is required for crypto and biometric capabilities. - the smartphone is required only for login; PCs can be used thereafter. - people who buy a smartphone just for myGovID may claim a tax deduction. - "The Australian Government is serious about safety and privacy online." - "myGovID is accredited under the Australian Trusted Digital Identity Framework ..." - ("source code" mentioned but no further comment) - people unable to use myGovID have options including paper lodgement. Full text ========= Thank you for letting us know about your concerns in regards to the transition from AUSkey to myGovID and Relationship Authorisation Manager. Providing us with your concerns gives us an opportunity to improve our services to you and the community. We would like to provide some information to provide clarity about the AUSkey transition and myGovID. The AUSkey system was built over 10 years ago and each AUSkey today has a hard coded expiry date which cannot be extended beyond the 27th March 2020. The system has not kept pace with modern advances in technology or expectations of the community, and there are a number of issues, including: - not compatible with most modern internet browsers, - needing a separate AUSkey for every business a person acts on behalf of, - it is locked down to a PC, not available on mobile devices, and - is difficult to install and recover when a password is forgotten. In addition to user irritants there are significant issues with the AUSkey system, including misuse such as sharing credentials and passwords which compromises the integrity of the ATO’s online environment. As a result, the ATO are moving away from desktop and/or browser authentication and all users will need their own compatible smart device to use myGovID. Accessing myGovID via a smart device allows use of the identification and security features provided by the smart device - like fingerprint and face verification. The myGovID app allows a user to logon to, and transact from any device and commonly supported browser. myGovID is only required for the logon step and a user can continue to use their PC or laptop when accessing online services. A compatible smart device is required to use myGovID (an iOS or Android based mobile phone or tablet) and we recognise that some users may need to upgrade their device. The cost of purchasing a new device starts at less than $100. Please note if an individual is required to obtain a new smart device and use it for work purposes, they may be able to claim a deduction if they: - Pay for these costs themselves, are not reimbursed and - Have records to support their claims. The amount and type of deduction they can make will depend on what they use their smart device for. If they have bought a smart device and they use it for work, they can claim a deduction for a percentage of its cost. If they use their smartphone for private use and work related activities, they will need to determine the percentage of use related to their business to calculate any claim for allowable deductions. They can locate further information about ‘Claiming mobile phone, internet and home phone expenses’ on the ATO website by entering QC 46119 into the search bar at www.ato.gov.au <http://www.ato.gov.au> The Australian Government is serious about safety and privacy online. As part of the ongoing commitment to security in a constantly evolving digital economy, AUSkey and Manage ABN Connections (MAC) will officially be decommissioned end of March 2020. myGovID is a digital identity credential that is unique to an individual. Individuals will access their myGovID via their smart device when logging into online government services for both personal and business/work purposes. The app is designed to run on modern and secure operating systems, we use secure cryptographic credentials to authenticate our users and these credentials are further protected by their device biometric or password. myGovID is accredited under the Australian Trusted Digital Identity Framework which strictly controls how identity data is collected, stored and used. When using government online services, personal information won’t be shared without permission. Thank you for your feedback regarding our source code. We’re continually looking to improve the myGovID app with feedback like yours. For users who are unable to transition to myGovID and RAM, options to fulfil tax obligations include: - lodgment through third party cloud-based business software, - the use of a tax or BAS agent, - phone lodgment (not available for all lodgment types), and - paper lodgment (not available for all lodgment types). (omitted statements about COVID-19 and ending greeting)